← Integrations
Cloudflare logo

Cloudflare

See your site traffic, bandwidth, and security threats on your iPhone home screen, updated on demand from Cloudflare.

Traffic Metrics Without Opening a Dashboard

The Traffic module surfaces total requests, page views, unique visitors, bandwidth, cached requests, cache hit ratio, and HTTPS request counts for any Cloudflare zone. Each figure can appear as a widget tile on your iOS home screen, so you know your site's pulse without unlocking your phone and navigating to the Cloudflare dashboard. Metrics with chart support show a sparkline trend backed by up to seven days of retained history.

Security Signals in One View

The Security module tracks threats blocked by Cloudflare's Bot Fight Mode, WAF, rate limiting, and DDoS mitigation, alongside the threat percentage of total traffic. Two additional signals round out the picture: NXDOMAIN count, which tracks DNS queries returning no-such-domain and is a reliable indicator of subdomain probing or random-subdomain attacks, and 499 aborts, which are client-terminated connections that frequently signal slow scrapers or abandoned attack attempts. 403 forbidden responses complete the set, acting as a proxy for WAF and firewall block activity.

One Zone or Many

Both modules scope to a specific Cloudflare account and zone, so you can run separate widget configurations for separate domains. A staging environment and a production site can each have their own widget row. PulseKit fetches fresh data on demand and retains up to seven days of metric history per zone, giving you trend context alongside every current figure.

How to get your Cloudflare API key

Go to the Cloudflare dashboard, then My Profile, then API Tokens at dash.cloudflare.com/profile/api-tokens. Click Create Token. Use the Read all resources template, or create a custom token with Zone:Zone:Read, Zone:Analytics:Read, and Account:Account Settings:Read permissions. Create the token and paste it here.

Security

How we protect your credentials

Your Cloudflare API key is sealed on this device with AES-256-GCM before it ever leaves your iPhone. Only your device holds the unwrap secret, stored in the iOS Keychain. The PulseKit backend wraps that already-encrypted payload again with its STORAGE_SECRET and writes the double-envelope blob to Postgres, so the server never sees your plaintext key at rest. Each fetch request includes a one-time unwrap secret that decrypts the inner envelope only long enough to call Cloudflare. The key is scoped to this device, can be revoked from PulseKit at any time, and is never written to logs.

What you can track

Pick the metrics you care about and pin them as widgets.

Traffic

Requests, visitors, bandwidth, and cache performance

  • 90
    Total Requests
  • 15
    Page Views
  • 46
    Unique Visitors
  • 31
    Bandwidth
  • 56
    Cached Requests
  • 44
    Cache Hit Ratio
  • 83
    HTTPS Requests

Security

Threats blocked, response anomalies, and DNS probes

  • 51
    Threats Blocked
  • 45
    Threat %
  • 23
    NXDOMAIN Count
  • 81
    403 Responses
  • 17
    499 Aborts

Numbers shown are illustrative — your widgets show your live data.

Who uses this

  • Indie founders

    When a Product Hunt launch or Hacker News post goes live, you want to know immediately whether traffic is being absorbed by Cloudflare's cache or hitting your origin. The Traffic module shows total requests, unique visitors, bandwidth, and cache hit ratio from your lock screen, so you can tell at a glance whether your infrastructure is holding up.

  • DevOps engineers

    Security events do not announce themselves. The Security module exposes threats blocked by Cloudflare's WAF, Bot Fight Mode, and DDoS mitigation alongside NXDOMAIN spikes and 499 abort counts. Having those figures on a home screen widget means an unusual pattern is visible before you think to open a dashboard, giving you earlier awareness of probing or active attack activity.

  • Web developers

    Cache hit ratio is one of the fastest levers for reducing origin load, but it is easy to forget to check. Seeing the ratio as a persistent widget tile nudges you to investigate when it drops, whether after a deployment that accidentally broke cache headers or when a newly added content type is bypassing caching rules entirely.

  • Freelancers

    Managing multiple client domains means switching between accounts to check basic traffic health. Scoping separate Traffic module instances to different Cloudflare zones lets you give each client domain its own widget row, so a traffic anomaly on any site surfaces without logging in and pulling a manual report.

FAQs

How do I create a Cloudflare API token for PulseKit?

Open the Cloudflare dashboard, go to My Profile, then API Tokens, and click Create Token. Apply the Read all resources template, or create a custom token with Zone:Zone:Read, Zone:Analytics:Read, and Account:Account Settings:Read permissions. Copy the generated token and paste it into PulseKit during setup. You can revoke it from your Cloudflare profile at any time.

What Cloudflare metrics can I see on my iPhone home screen?

The Traffic module covers total requests, page views, unique visitors, bandwidth, cached requests, cache hit ratio, and HTTPS request counts. The Security module covers threats blocked, threat percentage of total traffic, NXDOMAIN count, 403 forbidden responses, and 499 client-abort counts. Most metrics include a trend chart backed by up to seven days of retained history.

Is my Cloudflare API key stored securely in PulseKit?

Your API key is encrypted with AES-256-GCM on your iPhone before it leaves the device. Only your device holds the unwrap secret, stored in the iOS Keychain. PulseKit's backend stores a double-encrypted envelope and never holds your plaintext key at rest or writes it to logs. The key is scoped to this device and can be revoked from PulseKit at any time.

Can I monitor multiple Cloudflare zones with PulseKit?

Yes. Each Traffic and Security module instance is scoped to a specific Cloudflare account and zone. Add separate configurations for each domain you want to track and arrange their widget tiles independently on your home screen or inside a widget stack.

How often does PulseKit refresh Cloudflare data?

PulseKit uses on-demand fetching, pulling fresh figures when you open the app or when iOS refreshes your widgets in the background. Metric history is retained for up to seven days per zone, so trend charts remain populated between refreshes.

What does the NXDOMAIN Count metric indicate?

NXDOMAIN Count tracks DNS queries that return a no-such-domain response for your zone. A spike typically signals random-subdomain attacks or automated probing, where scanners guess subdomains in bulk. Watching this metric alongside threats blocked gives you an early signal of reconnaissance activity targeting your domain before it escalates to direct request-level attacks.

What does the 499 Aborts metric mean in the Security module?

A 499 status is recorded when a client closes the connection before the server finishes responding. In a security context, elevated 499 counts often indicate slow-scanning tools or bots that abort once they collect enough probe data. A sudden spike alongside rising threat counts is a useful early indicator of coordinated scanning or a partially throttled attack.

Cloudflare logo

Add Cloudflare widgets to your iPhone

Install PulseKit, paste your credentials, pick a widget.

Download