Cloudflare security posture audits from a single desktop console.

CF Guard Desk is desktop security posture software for Cloudflare. It audits WAF coverage, DNS exposure, bot pressure, cache risk, and TLS or edge posture across your zones, then surfaces cross-signal findings with evidence, remediation guidance, and exportable reports for operators, consultants, and security-conscious teams.

Yes. CF Guard Desk is a desktop Cloudflare security audit console with structured scan profiles, cross-signal finding analysis, posture scoring, drift tracking, and exportable audit reports across Windows, macOS, and Linux.

The scan engine collects DNS records, WAF rulesets, managed and custom rules, rate limiting rules, cache rules, selected zone settings, and security events via GraphQL with REST fallback. It adds safe public-edge probes for HTTPS redirect, HSTS, cache headers, and common security headers. It classifies auth, admin, API, payment, upload, and search surfaces, then builds findings for WAF coverage, WAF rule quality, DNS and origin exposure, bot pressure, cache risk, TLS and header posture, visibility gaps, and compound cross-signal risk.

Cloudflare offers Security Center, Security Insights, Security Analytics, and Firewall Analytics as native dashboard tools for operators already inside the control plane. CF Guard Desk is a workflow and accountability layer on top of Cloudflare: repeatable scan profiles, cross-signal compound findings that Cloudflare does not surface as unified risks, posture scoring, drift tracking over time, and exportable audit reports for proving posture to clients, auditors, or leadership. It does not replace Cloudflare's control plane - it builds the review and reporting layer that Cloudflare does not ship.

Cross-signal findings combine evidence from multiple data sources into compound risk assessments. For example: origin-bypass risk combined with weak WAF coverage, or auth-path pressure without rate limiting. These are the findings that flat compliance checklists miss because they require correlating signals across DNS, WAF, traffic, and configuration state.

Yes. Every desktop build starts with 7 days of full Pro access free of charge. After the trial ends, a Lemon Squeezy subscription is required to continue using the product.

Yes. CF Guard Desk is built to audit Cloudflare WAF coverage across multiple zones and workspaces from one desktop console. It helps operators review WAF coverage, rule quality, rate-limiting posture, and correlated findings without jumping across each zone manually.

Yes. CF Guard Desk audits Cloudflare DNS exposure, origin bypass risk, and related edge posture signals. It combines DNS evidence, WAF state, and safe public-edge checks so operators can identify exposed origins, weak coverage, and visibility gaps that matter during a Cloudflare security review.

Yes. CF Guard Desk is designed for Cloudflare security posture reviews that include bot pressure, rate-limiting posture, cache risk, TLS or header posture, and other edge-facing controls. The goal is to turn those signals into one reviewable audit workflow instead of scattered dashboard checks.

Yes. CF Guard Desk exports Markdown and JSON audit reports so consultants, agencies, and internal operators can deliver Cloudflare security findings, remediation context, and posture evidence without depending on a SaaS reporting layer.

Paid variants are Indie Monthly at $15, Indie Yearly at $149, Pro Monthly at $39, Pro Yearly at $390, and Consultant Yearly at $990. Every installer starts with a free 7-day Pro trial. All pricing excludes local taxes.

Yes. CF Guard Desk uses hosted Lemon Squeezy checkout for monthly or annual licensing. Consultant is annual-only. All plans begin after the 7-day Pro trial if you decide to continue.

You download the app, accept the EULA on first launch, and get 7 days of full Pro access. If you want to continue after the trial, choose a plan from Lemon Squeezy and register the license key in the app. License state is verified locally with a 7-day offline grace window.

Yes. Secrets stay in the OS keychain, vault gating controls operational access, and backend-only request execution keeps credentials out of browser code paths. The desktop app ships with no in-app telemetry by default.

CF Guard Desk ships in Windows, macOS, and Linux variants. Windows requires WebView2, macOS support targets modern desktop releases, and Linux requires a graphical desktop environment with WebKitGTK and AppIndicator-compatible components.

CF Guard Desk is built for Cloudflare-heavy operators who need structured, repeatable security audits with exportable evidence: freelance consultants, agencies, fractional security operators, hosting and platform teams, and SMB infrastructure teams managing many zones. It is not yet shaped for collaborative enterprise SaaS workflows with SSO, RBAC, or shared dashboards.