Cloudflare status: hosting issues and outage reports
Problems detected
Users are reporting problems related to: domains, cloud services and web tools.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
July 16: Problems at Cloudflare
Cloudflare is having issues since 01:00 PM EST. Are you also affected? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Domains (34%)
- Cloud Services (31%)
- Web Tools (14%)
- Hosting (14%)
- E-mail (7%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Cloud Services | 4 hours ago |
|
|
Hosting | 3 days ago |
|
|
Domains | 23 days ago |
|
|
Cloud Services | 1 month ago |
|
|
Domains | 1 month ago |
|
|
Hosting | 2 months ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
justinmiller's cat (@___727__) reportedCloudflare blocks or challenges bad requests from hitting my website. #cloudflare
-
Anto (@anto_edd) reportedPrompt "You are a Senior Application Security Engineer specializing in Supabase Authentication. Review my Login & Signup implementation like a real attacker. Ignore code quality. Ignore styling. Ignore performance. Focus only on security. Check for: • User enumeration • Generic authentication errors • Missing email verification • Weak password policy • Brute-force protection • Missing rate limiting • Missing Cloudflare Turnstile • Disposable email abuse • Password reset vulnerabilities • Session fixation • Session revocation • Secure cookie configuration • OAuth misconfigurations • Missing Row Level Security (RLS) • Service Role Key exposure • Trusting frontend data • Missing server-side authorization • Privilege escalation • OWASP Top 10 authentication risks For every issue provide: 1. Severity 2. Exploitation scenario 3. Recommended fix 4. Production-ready implementation Do not approve the authentication flow until every High and Critical issue has been resolved."
-
Wizeman 🐂🀄 (@wizeman_AI) reportedNoxa made $12M and disappeared, the trenches barely noticed Noxa was the biggest token launchpad on Robinhood Chain. In about a week they pulled an estimated $12M in fees. Then they just... shut down. July 11: Noxa said they’d stop accepting new token launches, right when CASHCAT was hitting peak volume 2 days later: Website went dark. Team blamed "Cloudflare issue" . July 14: Said domain would redirect to ENS and creator earnings could be withdrawn Late Tuesday: Posted they’d stop collecting fees entirely. 100% of revenue now goes to creators. Why they quit: They cited "concerns about low-quality tokens flooding the platform" Crypto Twitter was split: Half called it "based" for pushing back against spam. The other half called it a "generational fumble" and said they "killed the golden goose while making $3M a day" Meanwhile CASHCAT, the chain's breakout memecoin, dropped 33%+ in 24 hours. Even trader 0xAvast who rode it from $10k to $230M called it "irrelevant FUD"
-
Marco Scata (@marcoscata) reportedCloudflare outage 2020: Erroneous BGP route advertisement from a small ISP made Cloudflare unreachable. Evidence of insufficient routing security validation. #CompliantDeliveries #ProofDrivenDeliveries
-
大黑郭 (@brucewok88) reportedI spent hours trying to fix a Cloudflare Worker routing and caching issue with Claude Code and kept going in circles. I switched to GPT-5.6 Sol in Codex, and it found the root cause, updated the right code, and got everything working in minutes. Fast, simple, and impressive.
-
Ramon 🎹 (@ramonpiano_) reportedthe apple signing stuff worked, so i guess lumakeys is an official app now :) well - i still gotta test it on my other mac tomorrow when im back home, but since earlier tests didnt make any problems i expect it to instantly work now i'm trying to finalize some simple onboarding and add update functionality + cloudflare r2 to host the updates i will send out some beta versions to test tomorrow, i already wrote some of you down, but please let me know if you wanna beta test. would love to hear your thoughts and feedback! and then, i guess from tomorrow things are getting real :)
-
Marc Seitz — oss/acc (@mfts0) reported@jarekceborski @LocalCanApp I remember you use Cloudflare under the hood for the published urls. So generate the localcan domains locally so it’s accessible from same network. Optionally make it publishable so outside of network clients can access. That part is Cloudflare? Does it restrict you in any way like certain headers or cookies or storage cannot be sent on these domains?
-
Pirahtays (@Pirahtays) reportedI feel like there is some rampant misunderstandings on what this site is / isn't doing. People are calling this an AI tool - this code does not seem to use any generative AI to do the image effects. The tool also does not seem to transmit or retain any of your image data. It states at the bottom "Images, area data, and recordings are processed only in your browser. They are neither sent to nor stored on a server." Code analysis seems to support this, only some CloudFlare metrics tracking which is pretty standard for most websites. At most it looks like AI coding tools were used to code it. But this does not make this an AI tool. I'm not a huge fan of Generative AI being used for media generation, but that doesn't necessarily seem to be the case here. Generative AI is prevalent and a pain - but please make sure to not spread misinformation on things.
-
shams (@AMR_SHAMS07) reported@KhafraDev @Cloudflare They do have this, we had backups for R2 but the recovery path was not working at somepoint of failure, that we had to move into garage(self hosted they don’t have object locking yet) but will do the trick
-
Brais Calvo (@braiscv) reported@antonosika On Cloudflare, mainly for Zero Trust. And honestly, the switch to token based billing for the Cloud features has been pretty terrible. Another reason for hosting it externally is to have more control and transparency over the stack.
-
Jarrett (@JarrettLusso) reported@Cloudflare how do we get someone to fix image transformations randomly 404ing? Support is telling me it's our origin, but that is R2. Doesn't seem like anyone cares to actually fix it cause it's been broken for days.
-
TSAIBEE (@tsaibee15) reportedThank you for using CHUNILIB. Cloudflare is currently experiencing service issues, which may cause some features of the website to be temporarily unavailable. We apologize for the inconvenience. #chunilib
-
Katewerk (@katewerk) reportedStay clear of @Cloudflare. Even their AI support bot cannot delete my credit card info from their database. It then provides a non-existent path to billing support that loops back to the start page. This is a purported tech company. JFC.
-
Saifuddin Amri (@SaifuddinAmri__) reported@o7laurence @ProtonMail Do you work for Proton? What TOS did violate? I’m not stupid enough to post this using my real account if I had actually broken the ToS or doing illegal things I’ve been using Proton since 2018 and never had a single issue. And why ******** was my Proton Pass suspended too? This is a ******* nightmare. I’m using a custom domain, and now I can’t even log in to Cloudflare to change my MX records because both my email and password manager are with Proton. Yeah, I was stupid for putting everything , my email and password manager with Proton.
-
satchmo (@satchmorg) reported@DC_Thomson I am a subscriber to the Courier on line. I have just tried to access my account and it is blocked by CLOUDFLARE. Help please
-
Anicet (@AniC_dev) reportedI was curious about this graph because we ourselves at @asciidotdev got a massive R2 bill for our snapshots recently because we did something stupid. thankfully we fixed it it's now 15x less open computer folks use cloudflare for the DB, using a managed service for your DB is always a sound idea so I won't say it's dumb, it's actually best practice but I was curious, how much I'd pay if our own postgres master DB, currently sitting alone in a $54/month (yes) bare metal instance on OVH in Europe was on cloudflare D1 well that'd be 4k per month on queries alone. and believe me we really optimized it down to the ground as to not need to upgrade our bare metal instance (we hate paying more money I guess) I think that's part of the reason why we can make box sandboxes and snapshots so absurdly cheap and generous, we just don't compromise on anything performance or price related
-
Carqui 🐐 (@carquinyolis) reported@thecybersecguru @elhackernet In Spain whole cloudflare proxy IPs get banned with thousand of legitimate and corporate websites because just one seems to stream illegal sports. This is normal for non-technical government judicial powers..... Bad management
-
DeepakNess (@DeepakNesss) reportedI started using SQLite for @SharePDFapp from the start and have never been happier. It's hosted on a $10 Hetzner VPS and been running smooth for months. And the SQLite DB is backed up to Cloudflare R2 via Litestream with WAL sync, hourly snapshots, and 60-day retention.
-
W. Rix Victory II (@Wrix2) reported@nikitabier My visibility is near zero and I joined around 16 years ago. Spent 6+ months with cloudflare screwing me up horribly. Stripe rejected my CashApp, but it handshakes with it elsewhere. On top of recovering from being run over by a truck, these issues have been very painful.
-
Delali (@delali) reported@DanielSmidstrup Even Vercel, Cloudflare, et al have challenges. For us founders, it never ceases. But I get your point. Let's keep pushing…
-
Godeltrabuco69 🧲 (@GodelTrabuco69) reportedSo I built a service on it: 11 pay-per-call endpoints for web + business intelligence. • page → clean markdown • tech-stack fingerprinting • EU company enrichment (VAT, registry, contacts) • an AI company assessment On Cloudflare Workers. Cost per call ≈ nothing.
-
Bold Fugu 🇮🇱 (@bold_fugu) reported@PanBall343548 There is a similar option with NetBird, but the setup would be a bit finicky. Basically, it is the same as Tailscale with your own control plane on Headscale. However, you will need to expose Headscale to the internet, and you might run into problems exposing it via Cloudflare.
-
Saint John: Evernode 1:1 Freedom (@AverageJohnEVR) reported@BitcoinBombadil It has nothing to do with payments x) It actually originate from the creator of BitcoinJS and its purpose is to allow decentralized executions on-chain (multisign) Back in the days people wanted to automate functions, so for example, if you wanted to send fiat to a paypal account and get bitcoin automatically on your bitcoin wallet, then you would need a way to make that into an automated thing. This method would also allow to replace human beings and the human factor from standing in the way. A lot about Bitcoin originates to payments, when it came people wanted to use it for purchases and automated operations. Evernode solves these challenges without interfering with the original technology, it just executes whatever you want, based on whatever you chose. It also replaces traditional hosting with decentralized hosting (instead of having **** behind cloudflare and on jeff bezos servers, you spread it across the globe)
-
Amanda Scott (@IleanaOlym75391) reported@its_ronc I had the same issue with Cloudflare. Switched to Qoest Proxy's residential proxies, and the challenge pages stopped being a problem.
-
Piyush (@PyDataWizard) reportedTotal monthly cost to run a startup: ~$20 - Claude ($20/mo) = coding - AWS Free Tier = hosting & DB - Vercel = frontend (free) - Stripe = payments (2.9%/txn) - GitHub, Clerk, Cloudflare, Sentry = all free Never been a better time to ship. What’s stopping you? 🚀
-
evan mercer (@EMercerCap) reportedI’ll say this once: These 8 stocks could create a $3 million opportunity before 2027. $TSLA (Tesla) — Don’t buy $AAPL (Apple) — Don’t buy $CRM (Salesforce) — Buy at $158–$166 $CRWD (CrowdStrike) — Buy at $190–$200 $NOW (ServiceNow) — Buy at $100–$105 $NET (Cloudflare) — Buy at $265–$275 $FTNT (Fortinet) — Buy at $156–$163 $ZS (Zscaler) — Buy at $140–$148 Strong companies can still be bad buys at the wrong valuation. Which pullback would you buy?
-
Tai Groot 🐧 (@taigrr) reported@corrieuys @vercel @Cloudflare I actually think workers might be the worst paradigm for htmx But they are worth it for those sweet, sweet durable objects 🤤
-
DFIR Radar (@DFIR_Radar) reportedClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar
-
inder (@InderpreetSingh) reportedI still think about this a lot. So many websites are struggling with Identity management. Standards are in shambles and enforcement is non existence. What that means is folks like Cloudflare and Vercel are shutting down all AI bots and smaller teams have no fine grained control.
-
Nick Dodd (@nickdodd) reported@CherryJimbo @Cloudflare @CloudflareDev Pretty terrible looking. Super bland, way too much whitespace (or black space)