Scan for PCI compliance
PCI scanners are tools used to identify security weaknesses. When a business undergoes a compliance audit, PCI scan results are used for compliance verification.
-
Identify which server your scan should target. Are you scanning against your origin server, where your applications are hosted, or at a proxy server sitting in front of your origin, such as Cloudflare?
-
On your scanner tool, enter a public URL or an IP address. If you enter a public website URL, the scanner will resolve the hostname and scan the resulting the IP address. To scan your origin server, be sure to enter your origin server's IP address or a hostname that resolves to the origin server's IP, not a proxy server.
-
Start the scan and analyze the results.
-
(Optional) Run another scan for a different origin server.
Cloudflare's anycast network operates in a way that keeps ports other than 80 and 443 open, allowing it to serve traffic for other customers on these ports.
However, customers can easily block all unwanted traffic to these ports by using Cloudflare WAF Managed Rules or custom rules. The PCI scan will show the ports being open, but the traffic will not reach your origin server. This concern is often misunderstood.
You can find all our public compliance resources in the following pages:
You can access Compliance documents in the Cloudflare dashboard by selecting your account where you are a Super Administrator and then navigating to Support > Compliance Documents.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark