Finding Repl from link

This only doesn’t work when the Repl is private for the time I’ve used it (lol)

No, because using as an example, it’s still able to be accessed even on a custom domain. Which kinda sucks for businesses and stuff, but it’s not like people will know you can go to /__repl if the URL doesn’t say repl anywhere (unlike the free domains).

You can tell if a website uses Replit if it sends the Replit-Cluster header. (If it’s “global”, the user is on the free plan. If it’s “hacker”, then they’re on either hacker or pro)

that’s part of the “if /__repl somehow doesn’t work” step

1 Like

You can check if a custom domain is using Replit (using the native custom domain linking) by checking the TXT records for replit-verify (assuming they didn’t delete it after linking). If they don’t use Cloudflare as a proxy, then they might have the CNAME or IPs.


That’s actually way faster than making an HTTP request. Here’s the output of dig TXT:


;; ANSWER SECTION:		300	IN	TXT	"replit-verify=a8e4fffe-33fb-4a0e-abdf-b391cd6f3c0d"		300	IN	TXT	"v=spf1 ~all"

;; Query time: 36 msec

Founder of the company behind Memblu here, I actually didn’t even know I could delete it without unlinking the domain! I’ll be doing that soon.

That header is overwritable by Cloudflare (I think)

True. (You can also likely block requests to /__repl)

As long as you have cloudflare proxying enabled then the A/CNAME record won’t even point to replit

This is especially easy when you use Cloudflare’s built-in reverse proxy. You just need to configure the rule in the domain settings and it should work like magic.

1 Like