1. Home
  2. โฏ
  3. Companies
  4. โฏ
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 32% Cloud Services (32%)
  • 32% Domains (32%)
  • 14% Web Tools (14%)
  • 14% Hosting (14%)
  • 7% E-mail (7%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Paris Cloud Services 17 hours ago
New York City Hosting 3 days ago
Manchester Domains 24 days ago
Angers Cloud Services 1 month ago
London Domains 1 month ago
Noida Hosting 2 months ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • Porkbun
    Porkbun (@Porkbun) reported

    @liltechnomancer @joshmanders That looks like something Cloudflare requires, not us. They appear to have a transfer process that includes extra steps because they require the domain to be using their DNS. It looks like the actual transfer was never submitted to Cloudflare because they were / are waiting on this step. If you changed your name servers after expiration, 10 days after expiration we disrupt DNS as required by ICANN and that would have prevented what Cloudflare seems to be waiting for. It's honestly best to renew / transfer before expiration to prevent wonkiness like this.

  • unclebigbay143
    U N C L E BIGBAY โœจ (@unclebigbay143) reported

    Today's Engineering Concept: '๐—ฅ๐—ฎ๐˜๐—ฒ ๐—Ÿ๐—ถ๐—บ๐—ถ๐˜๐—ถ๐—ป๐—ด' ๐—ช๐—ต๐—ฎ๐˜ ๐—ถ๐˜€ ๐—ฅ๐—ฎ๐˜๐—ฒ ๐—Ÿ๐—ถ๐—บ๐—ถ๐˜๐—ถ๐—ป๐—ด? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. ๐—ช๐—ต๐˜† ๐—ฑ๐—ผ๐—ฒ๐˜€ ๐—ถ๐˜ ๐—บ๐—ฎ๐˜๐˜๐—ฒ๐—ฟ? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. ๐—ฅ๐—ฒ๐—ฎ๐—น-๐˜„๐—ผ๐—ฟ๐—น๐—ฑ ๐—ฒ๐˜…๐—ฎ๐—บ๐—ฝ๐—น๐—ฒ Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. ๐—›๐—ผ๐˜„ ๐—ถ๐˜€ ๐—ถ๐˜ ๐—ถ๐—บ๐—ฝ๐—น๐—ฒ๐—บ๐—ฒ๐—ป๐˜๐—ฒ๐—ฑ? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. ๐—ช๐—ต๐—ฒ๐—ฟ๐—ฒ ๐—ถ๐˜€ ๐—ถ๐˜ ๐˜‚๐˜€๐—ฒ๐—ฑ? โ€ข ๐—š๐—ถ๐˜๐—›๐˜‚๐—ฏ: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. โ€ข ๐—ฆ๐˜๐—ฟ๐—ถ๐—ฝ๐—ฒ: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. โ€ข ๐—ข๐—ฝ๐—ฒ๐—ป๐—”๐—œ: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. โ€ข ๐—ซ (๐—ณ๐—ผ๐—ฟ๐—บ๐—ฒ๐—ฟ๐—น๐˜† ๐—ง๐˜„๐—ถ๐˜๐˜๐—ฒ๐—ฟ): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. โ€ข ๐—–๐—น๐—ผ๐˜‚๐—ฑ๐—ณ๐—น๐—ฎ๐—ฟ๐—ฒ: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. ๐—ง๐—ต๐—ฒ ๐˜๐—ฎ๐—ธ๐—ฒ๐—ฎ๐˜„๐—ฎ๐˜† A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."

  • next20220424
    Eiji Murasaki (@next20220424) reported

    Again. Web server is returning an unknown error There is an unknown connection issue between Cloudflare and the origin web server. As a result, the web page can not be displayed. Error reference number: 520 Cloudflare Location: Osaka

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    ClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar

  • NorthflankWill
    Will Stewart (@NorthflankWill) reported

    @AjaySohmshetty @Cloudflare @andrewk17 always a poor experience with Cloudflare. dw they'll spend all the time tweeting in their echo chamber instead

  • abiryanii
    abir (@abiryanii) reported

    @AjaySohmshetty @Cloudflare @andrewk17 ngl, not the worst for 174tb

  • PinzariAndrej
    Pinzari Andrei (@PinzariAndrej) reported

    @Cloudflare Making the exception machine-readable is a meaningful improvement over silently weakening validation. Will Cloudflare publish telemetry on how often EDE 33 is returned and how long exceptions remain active? That would help quantify both operational value and the risk of temporary bypasses becoming sticky.

  • Blascotico
    Emiliano Blasco (FLG) (@Blascotico) reported

    @OnceHuman_ @GearUP_Global It's free, secure, speedy, and backed by a huge company. I'd rather use Cloudflare than pay for the same thing with no real company or support behind it.

  • threepointone
    sunil pai (@threepointone) reported

    lol I hear people on bsky are trying to cancel cloudflare for sponsoring localfirstconf?

  • Ice_Cre4m_Art
    Ice_Cre4m_Arteeeee (@Ice_Cre4m_Art) reported

    @V1kov_ I assume the problem is with the Internet service provider/router but not sure I have problems with ds too (vc didnt work and other) on my wifi at home but i use cloudflare WARP or any other VPN and that kinda help

  • naps62
    naps62.eth (@naps62) reported

    @oleg_fem Seems I had an issue with the "http -> redirect, and safari was smart enough to still redirect. a toggle missing on cloudflare should be fixed now!

  • null_meridian
    Null Meridian (@null_meridian) reported

    @ProMint_X @Noxa_Fi They can implement cloudflare basically by few clicks and it will never go down due to DDOS (just basic stuff for overall understanding)

  • dhlotter
    Hermann (@dhlotter) reported

    A red X sat in my CI all morning. Four deploys trying to make it pass. The test was never broken, it just can't run in CI at all. Cloudflare blocks the headless browser from GitHub's IPs. Four deploys to add one line that skips it. #buildinpublic

  • PedroGuiti
    Pedro Guitian (@PedroGuiti) reported

    if you're building a startup. pause for a second. You should stop overpaying for your stack. this is enough to launch: claude - coding supabase - backend vercel - deploys GoDaddy - domain stripe - payments github - version control resend - emails clerk - auth cloudflare - dns posthog - analytics sentry - errors upstash - redis most of this is free. The real cost is time, so ship fast, and optimize later

  • the_jujukey
    JUJU โ˜€๏ธยท (@the_jujukey) reported

    @fr1ko_eth They didnโ€™t rug โ€ฆit was a cloudflare issue โ€ฆwhatโ€™s Loshmi saying lmao

  • onlyawassie
    OnlyAWassie (@onlyawassie) reported

    @CryptoTomYT @vladtenev Lockin? builders getting Problems because of the copyrights from Rh cloudflare shutting them off if they get reported how you wanna Build something on this chain

  • mohitdotdev
    Mohit (@mohitdotdev) reported

    Encrypt docs & PII end-to-end on Cloudflare Workers: client wraps random DEK with your password key, server adds outer master-key wrap; share securely by re-wrapping the DEK for others, grant edit rights with consent - server never sees plaintext. This is my way forward to keep every bit of user data encrypted. Fully and provable.

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    Kratos PhaaS is a maturing Microsoft 365 credential-theft platform active since Sept 2025, with 1,484 previously unattributed sandbox sessions now linked to the family across 20+ countries. - Kratos runs three page generations (V0, V1, V2), each with distinct exfiltration endpoints: V0 POSTs to /PTT/SOft/mini.php, V1 to next.php/nex.php/n3xt.php, V2 to save.php. The kit chains legitimate platforms (SharePoint, Canva, DocuSign lures) through Cloudflare Turnstile anti-bot checks before serving a fake Microsoft 365 login. Browser tab title is nearly always "Authentication" and an animated envelope with "Loading in progress..." precedes the credential form. - The single best hunting fingerprint: HTTP requests to both /assets/img/barr.svg and /assets/img/lg.svg in the same session. That pair yields 90% recall with near-zero false positives. Key hashes: lg.svg = cd231b895bbcd7154b81df1e065bf02f1ec667b920c8b6d23308cd509833b5ea, styles.css = c447e75f1029ed7a5882add16bcd13ad44be3bd47c93c830ff39185e23d25ebb (connects 636 tasks across V1 and V2). - Notable defanged IOCs: razen[.]online, enerdizerandtron[.]de, jumpast[.]es, abal[.]my, dufllot[.]sbs, trisrnareprjdocz[.]com; operator IP 41.128.0[.]142. URL tokens factura, dgt, and abogados signal Spanish-language affiliates. - If WebSocket activity appears alongside credential POST, treat it as a possible AiTM indicator. #DFIR_Radar

  • adkinn
    Adam Kinney (@adkinn) reported

    Anyone out there need a Cloudflare admin? I've automated basically everything else. Claude and I ship apps together all day โ€” it writes the code, wires the APIs, argues with me about naming. Genuinely a great colleague. But the second I open the Cloudflare dashboard, it goes quiet. DNS records, page rules, that one Worker route that's definitely correct and definitely not working โ€” and Claude's just like: "That's all you, man."

  • taigrr
    Tai Groot ๐Ÿง (@taigrr) reported

    @corrieuys @vercel @Cloudflare I actually think workers might be the worst paradigm for htmx But they are worth it for those sweet, sweet durable objects ๐Ÿคค

  • UncleCharles_
    C4 (@UncleCharles_) reported

    @PilotObi Unless the API service is integrated with its own firewall. From the initial diagram I would have assumed for example, Cloudflare firewall, then AWS gateway

  • AniC_dev
    Anicet (@AniC_dev) reported

    lmao I just changed the logic for the snapshot restore on sandbox resume/fork, now most of our slow cases are 30x faster! so the bottleneck became the network ...and I've just benchmarked that if we ditch cloudflare and use Hetzner Object Storage it's 2x faster & 2.2x cheaper

  • plauxai
    Plaux AI (@plauxai) reported

    been seeing everyone lock down their sites against AI bots this week. cloudflare rules, block lists, the whole crawler war and it hit me - there's literally nothing for those lists to catch in Plaux it's not a crawler hitting your site. not an api getting hammered. it just... uses the app. opens it, clicks around, types, reads what's on screen. the same boring stuff you do every day that's the part i keep coming back to. it's not sneaking past bot detection. it's not disguised as a human. it just does the work the way a human does, so there's no bot to catch in the first place kinda funny that while everyone builds bigger walls, the thing that walks through the front door never looked like a bot to begin with ๐Ÿ–

  • kimmonismus
    Chubbyโ™จ๏ธ (@kimmonismus) reported

    Every Sunday we publish an exclusive interview in the Superintelligence newsletter. The last few: - Ahmed Awadallah, Partner Research Manager at Microsoft Research AI Frontiers, on small on-device agents that go toe to toe with the giants. - Phil Gurbacki, VP of Product for Weights & Biases at CoreWeave, on a research agent that reads your experiments and launches the next training run itself. Akshay Kothari, Co-Founder and COO of Notion, on a million custom agents. - Coming up: Cloudflare, Google Cloud, and several more I can't announce yet. - The part I still find hard to believe is that I get to sit down with the people actually building this. Every week, someone new. Subscribe for free down below:

  • NicW_AI
    Nic Wienandt (@NicW_AI) reported

    ๐Ÿ“ท A real agent browser, not a scraper. JavaScript sites, dashboards, web apps. The agent drives a genuine headless Chrome browser, reads what a human sees, and screenshots it into your workspace. AI constantly get held up by Cloudflare and robots.txt. Problem solved.

  • rknkhanna
    Rahul K (@rknkhanna) reported

    you mean 3 people are trying to cancel cloudflare?

  • Alexvx_nft
    ALEXYZ (@Alexvx_nft) reported

    YOU'RE BURNING API DOLLARS ON TASKS THAT HAVE A FREE PATH. MOST BUILDERS USE EXACTLY ZERO OF THEM. โ€” Zefi mapped every major lab's free tier for a week (verified July 2026) most people pay before they even check what's unclaimed: > Google AI Studio ยท ~1,500 req/day ยท 1M tokens/min ยท no card > Groq ยท 14,400 req/day ยท 300+ tok/sec > OpenRouter ยท ~26 free models ยท one API key > OpenAI + Anthropic ยท $5 trial credits each > startup stack ยท $25K + $25K API ยท up to $350K Google Cloud > student stack ยท Cursor Pro + Perplexity + Copilot = $0 full dev setup โ€” the Claude Code hack is the part nobody bookmarks: point ANTHROPIC_BASE_URL at Groq / Cloudflare / OpenRouter agentic loop on free third-party inference not official. works anyway. โ€” same week GPT-5.6 tier routing went viral and loops guides hit 1.2M views CT still argues model scores while leaving $440+ in free access on the table the leak isn't which model you picked it's which free path you never claimed full map quoted below

  • Marshal_Seda
    Seda Marshal (@Marshal_Seda) reported

    @DanielNjorogee @truehostcloud I faced this challenge with about 15 domains I wanted to change their nameservers to point to cloudflare. @truehostcloud why did I have to call support to help me do this?

  • GuruVerseX
    GuruVerseX (@GuruVerseX) reported

    @ProMint_X @Noxa_Fi Cloudflare would help lol

  • joesadoski
    Joe Sadoski (@joesadoski) reported

    > I have a problem > Ask the agent > "Actually @Cloudflare has something for that" How does this keep happening??