AWS WAF
AWS WAF is Amazon’s web application firewall, used to filter malicious requests before they reach an application. ScanMalware detects it from the aws-waf-token cookie and the challenge or block responses it returns.
Its presence shows a site applies request filtering at the edge, which can interrupt automated scans. As with any WAF, it protects the site but says nothing about whether the site’s own content is trustworthy.
Commonly deployed alongside AWS WAF
Of the 1,878 public scans where AWS WAF was detected, these are the technologies most often present on the same site. The share is the percentage of AWS WAF sites that also ran each one.
| Technology | Category | Share of AWS WAF sites |
|---|---|---|
| Amazon Web Services | wappalyzer | 61.13% |
| Amazon CloudFront | wappalyzer | 58.52% |
| HSTS | wappalyzer | 25.35% |
| HTTP/3 | wappalyzer | 12.41% |
| Envoy | wappalyzer | 8.57% |
| Cloudflare | wappalyzer | 5.59% |
| X-UA-Compatible | miscellaneous | 5.59% |
| Cloudflare Bot Management | wappalyzer | 5.01% |
| jQuery | wappalyzer | 4.74% |
| Open-Graph-Protocol | miscellaneous | 4.42% |
| JQuery | miscellaneous | 4.21% |
| Google Hosted Libraries | wappalyzer | 3.83% |
| Google Analytics | wappalyzer | 3.62% |
| PoweredBy | miscellaneous | 3.46% |
How ScanMalware detects AWS WAF
AWS WAF is detected by analysing the response headers, HTML markup, JavaScript runtime and asset URLs captured when ScanMalware loads the site in a real headless browser.
From any scan you can pivot into related signals — JARM TLS fingerprints, ASN ownership and BGP routing, certificate history, JavaScript analysis and the overall security verdict — to understand not just that AWS WAF is present, but how it is being used. Open the full search interface for AWS WAF →
Recent public scans featuring AWS WAF
A rolling sample of recent public scans where AWS WAF was detected. Listing a site here is not a safety judgement — open a scan to see its full verdict.
| Site | Scanned |
|---|---|
| https://live1708.delivery.roku.com | 2026-06-16 |
| Human Verification https://reitoria.ifpr.edu.br/ | 2026-06-16 |
| https://sso.railinc.com | 2026-06-16 |
| https://api.smartis.prosegur.cloud | 2026-06-16 |
| Weselmann - The Maritime Consultancy and Valuation Firm. https://weselmann.dk | 2026-06-16 |
| https://od2-content-api.abs-cbn.com | 2026-06-16 |
| Fully Managed Relational Database – Amazon RDS – AWS https://rds.ca-west-1.amazonaws.com | 2026-06-16 |
| En gave de aldri glemmer 🎁 https://mailchi.mp/b7a01ed095c9/en-gave-de-aldri-glemmer?e=e061ddc635 | 2026-06-16 |
Frequently asked questions about AWS WAF
- Does using AWS WAF mean a website is unsafe?
- No. AWS WAF is a stack component, not a verdict. ScanMalware scores the whole page — its scripts, redirects, certificates, threat-intelligence matches and behaviour — so a site using AWS WAF can be perfectly safe or actively malicious.
- How many sites using AWS WAF has ScanMalware scanned?
- AWS WAF has been detected in 1,878 public scans on ScanMalware.com. Each scan is a real headless-browser visit, and the figure updates as new URLs are submitted.
- What technologies are commonly used with AWS WAF?
- Across scanned sites, AWS WAF is most often seen alongside Amazon Web Services, Amazon CloudFront and HSTS. The full co-occurrence breakdown is listed on this page.
Browse all profiled technologies on the technology index, or scan a URL to see its full stack.