What is __cf_chl_jschl_tk__ In My URL?

By James LePage
 on October 20, 2021
Last modified on January 7th, 2022

What is __cf_chl_jschl_tk__ In My URL?

By James LePage
 on October 20, 2021
Last modified on January 7th, 2022

When you are in charge of a website, you must be aware of and prepare for potential threats or attacks. Have you ever visited a website and noticed this parameter ,”__cf_chl_jschl_tk__" , attached to your url? It is not the prettiest looking string is it? While it may be a long attachment to a URL, this does signal that your browser has passed an Olympic challenge. 

Ryazan, Russia - May 27, 2018: Homepage of CloudFlare website on the display of PC, url -

So if you have ever asked yourself,  “What is __cf_chl_jschl_tk__"?, take a few minutes to learn about this parameter when you read this concise article.

What is “What is __cf_chl_jschl_tk__"?

The url addition “__cf_chl_jschl_tk__”  stands for (Cloudflare challenge/Javascript challenge token). You will see this added to a redirect location URL after you have successfully accessed a site currently dealing with a possible DDoS attack.

Since Cloudflare is a distributed reverse proxy, all web requests must pass through it in cleartext.

When “Under Attack Mode” is initiated, extra security checks are performed to stop Layer 7 DDoS attacks. This will block any suspicious traffic, check user browsers and initiate a challenge.

You will see “Checking your browser before accessing” on your screen for a few seconds. During this time, the proxy determines whether you will be allowed to continue on to the site or get blocked. When you see “ __cf_chl_jschl_tk__” , consider it a sign of relief since it means that your browser has passed the test and may continue on to the website.

However, website owners may not like an ugly URL, especially if they have taken the time to write clean redirects. At least they can rest assured  that a site visitor will get a stamp of safety approval.

What Is A Reverse Proxy?

Think of a reverse proxy as a traffic cop for your web network. It acts as a gateway between site visitors and your origin server. After receiving a connection request, a reverse proxy connects the request to the origin server.  Then the origin request gets forwarded. If certain challenges have been passed, you may see “ __cf_chl_jschl_tk__” attached at the end of the returned url.

What Is A Web Challenge?

A web challenge may involve an action a user has to do in order to prove you are human. Websites that are dealing with external DDOS threats use this as insurance against bots and further attacks. If you have ever had to use Captcha ( floating letters you must type into a box) or click on photos in response to a question, you have had to pass a web challenge. Clicking on five stop light photos might be annoying at first, but it is better for a website to be safe than sorry.

Final Thoughts About “__cf_chl_jschl_tk__"

As mentioned earlier, ugly URLs can be the bane of a web owner's existence. Many site owners take the time to write clean redirects.  However, if a website is under attack, certain procedures must be done to protect the website. If a user has passed a challenge from the reverse proxy, they will see “ __cf_chl_jschl_tk__" returned at the end of their URL.  Luckily, if your site is no longer under attack, you can always turn off the Cloudflare Under Attack Mode. That way, users will no longer see the above parameter.

Subscribe & Share
If you liked this content, subscribe for our monthly roundup of WordPress news, website inspiration, exclusive deals and interesting articles.
Unsubscribe at any time. We do not spam and will never sell or share your email.
Notify of
Inline Feedbacks
View all comments
Article By
James LePage
James LePage is the founder of Isotropic, a WordPress education company and digital agency. He is also the founder of, a venture backed startup bringing AI to WordPress creators.
We're looking for new authors. Explore Isotropic Jobs.
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram