HN Reader

Locked-up merchandise is driving customers away (ktla.com)

1 points by Bender 2m ago 0 comments

Am I the only one who is affected by dark themes? (fastly.com)

1 points by FortuneIIIPick 2m ago 1 comments

PyPI mirror proxy that injects code and bypasses pip hash verification (github.com)

1 points by gzer0 2m ago 0 comments

Quill: Asynchronous Low Latency C++ Logging Library (github.com)

1 points by klaussilveira 4m ago 0 comments

MariaDB 11.8's zero-configuration TLS requires no manual setup (optimizedbyotto.com)

1 points by ottoke 6m ago 1 comments

Metrics-cpp: High-performance metrics library for C++ (github.com)

1 points by klaussilveira 9m ago 0 comments

Show HN: TNX API – Natural Language Interaction with Databases, Now Open Source (github.com)

1 points by Marten42 10m ago 0 comments

A deep dive into Cloudflare's September 12, 2025 dashboard and API outage (blog.cloudflare.com)

1 points by gpi 11m ago 0 comments

Writing an operating system kernel from scratch (popovicu.com)

5 points by Bogdanp 16m ago 0 comments

An Afternoon at the Recursive Café: Two Threads Interleaving (ipfs.io)

1 points by robertothais 16m ago 0 comments

Show HN: Didit – Identity Verification Platform (Unlimited Free KYC) (didit.me)

1 points by rosasalberto 19m ago 0 comments

The Computational Foundations of Collective Intelligence (arxiv.org)

1 points by mazsa 22m ago 0 comments

WorldCat Editions and Holdings Release (annas-archive.org)

2 points by the-mitr 22m ago 0 comments

Octopuses use all their arms for different tasks (discoverwildlife.com)

1 points by gmays 22m ago 0 comments

State of the art for reducing executable size with optimized program (discourse.llvm.org)

1 points by PaulHoule 23m ago 0 comments

We're Walling Off the Open Internet to Stop AI (techdirt.com)

2 points by doener 25m ago 0 comments

World's 1000 Largest Banks Ranked by Assets Under Management (tabinsights.com)

1 points by JumpinJack_Cash 28m ago 0 comments

The Spine Model (spinemodel.info)

1 points by mooreds 28m ago 0 comments

A Short History of the Business Card (themalin.co)

1 points by HR01 30m ago 0 comments

Delivering Parcels in Beijing (thedial.world)

1 points by bookofjoe 31m ago 0 comments

Child's Death Shows How Measles in the Brain Can Kill Years After an Infection (scientificamerican.com)

4 points by rolph 32m ago 0 comments

Insurance company repeatedly denied medical claim, then AI delivered victory (mercurynews.com)

2 points by CharlesW 32m ago 0 comments

Fine-grained HTTP filtering for Claude Code (ammar.io)

1 points by archb 33m ago 0 comments

TX-10k Salvage Ship

1 points by Ziggy_Zaggy 42m ago 0 comments

Show HN: ForkLaunch framework: Upgrading Express with a fully typed DSL (github.com)

3 points by rohinbharg 45m ago 1 comments

Gemini tops App Store; Grok 4 Fast ships; ChatGPT gets harder to trick (lightcapai.medium.com)

1 points by WASDAai 47m ago 1 comments

Romania Says Russian Drone Entered Its Airspace (nytimes.com)

4 points by JumpCrisscross 47m ago 1 comments

Website Is Just an SVG (svg.nicubunu.ro)

48 points by caminanteblanco 47m ago 12 comments

Payment System Vendor Took Year+ to Patch Infinite Card Top-Up Hack (securityweek.com)

1 points by Bender 48m ago 0 comments

Get Out of Technology (geohot.github.io)

5 points by seafoam 48m ago 2 comments

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend (theregister.com)

3 points by Bender 49m ago 0 comments

Show HN: I Built a Free Site for Students to Test Their Knowledge on Their Notes (pdftoquiz.com)

1 points by PictureRank 50m ago 1 comments

Show HN: Probably the simplest Reddit-style site you'll ever use (nooki.me)

2 points by lakshikag 50m ago 0 comments

I'm out, says OpenSUSE: We're dropping bcachefs support from next kernel version (theregister.com)

1 points by Bender 50m ago 0 comments

Is This the End of the Dictionary? (theatlantic.com)

5 points by JumpCrisscross 51m ago 1 comments

Show HN: TabTabTab – Cursor for Google Sheets (tabtabtab.ai)

5 points by break_the_bank 52m ago 0 comments

Data Act Explained (digital-strategy.ec.europa.eu)

1 points by hheikinh 52m ago 0 comments

Wallet Voting – Doctorow (pluralistic.net)

4 points by abawany 53m ago 0 comments

Stoop (the newsletter app) is shutting down

2 points by DataDaemon 55m ago 0 comments

Bank of Thailand Freezes 3M Accounts, Sets Daily Transfer Limits (thaienquirer.com)

43 points by walterbell 56m ago 12 comments

Show HN: Supakey – let users bring their own Supabase to your app (supakey.app)

1 points by akanthi 56m ago 0 comments

Show HN: Train – AI Workout App for Smarter, Adaptive Fitness (play.google.com)

2 points by sumit-paul 57m ago 0 comments

Google co-founder Sergey Brin and ex-wife visited Epstein's `pedophile island' (2024) (nypost.com)

4 points by 1vuio0pswjnm7 57m ago 0 comments

The second wave of MCP: Building for LLMs, not developers (vercel.com)

2 points by jeremy_k 57m ago 0 comments

The Security Challenges of HTTP/3 and QUIC – What You Need to Know (medium.com)

3 points by nabla9 59m ago 0 comments

Universal Deep Research: Bring Your Own Model and Strategy (arxiv.org)

1 points by PaulHoule 59m ago 0 comments

Nvidia Discrete GPU Market Share Dominance Expands to 94% (techpowerup.com)

3 points by haunter 59m ago 0 comments

The AI-Scraping Free-for-All Is Coming to an End (nymag.com)

12 points by geox 1h ago 7 comments

American Museum of Natural History Announces "A Night at the Museum" Sleepover (cbsnews.com)

2 points by Brajeshwar 1h ago 0 comments

Things to build with Google's new Nano Banana image editing and generation model (medium.com)

2 points by logankilpatrick 1h ago 1 comments

Show HN: Detect paid Cloudflare plans on any website via ECH

1 rapawel 5 9/14/2025, 2:59:05 PM experiments.pawelpokrywka.com ↗
A tool that checks if any website uses a paid Cloudflare subscription by examining their public /cdn-cgi/trace endpoint. Cloudflare only allows disabling Encrypted Client Hello (ECH) in paid plans, so sni=plaintext indicates a paid subscription. Works on any Cloudflare-proxied site.

Comments (5)

rapawel · 1h ago
Example website with paid subscription: Substack https://experiments.pawelpokrywka.com/cloudflare-subscriptio...
wordglyph · 35m ago
My site https://wordglyph.xyz came back undetermined
rapawel · 23m ago
The tool only detects a subset of paid Cloudflare users - specifically those with the default ECH settings. If your site shows as undetermined, it likely means you're on a free plan or a paid plan with ECH enabled.

From what I've observed:

- Free plans: ECH is forcefully enabled (sni=encrypted)

- Paid plans: ECH is disabled by default (sni=plaintext), but can be manually enabled

The tool can only definitively distinguish between free plans and paid plans that use the default ECH settings.

phillipseamore · 49m ago
Seems like this might a wrong assumption (or CF changed something). Just tested one of my own sites that's on the free plan and it has "sni=plaintext".
rapawel · 31m ago
There are occasional false positives, but querying different Cloudflare data centers usually resolves this. I've found that switching VPN servers (which routes through different CF edge locations) eventually gives the correct result.