Cloudflare status: hosting issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Cloud Services (32%)
- Domains (32%)
- Web Tools (14%)
- Hosting (14%)
- E-mail (7%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Cloud Services | 17 hours ago |
|
|
Hosting | 3 days ago |
|
|
Domains | 24 days ago |
|
|
Cloud Services | 1 month ago |
|
|
Domains | 1 month ago |
|
|
Hosting | 2 months ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Porkbun (@Porkbun) reported@liltechnomancer @joshmanders That looks like something Cloudflare requires, not us. They appear to have a transfer process that includes extra steps because they require the domain to be using their DNS. It looks like the actual transfer was never submitted to Cloudflare because they were / are waiting on this step. If you changed your name servers after expiration, 10 days after expiration we disrupt DNS as required by ICANN and that would have prevented what Cloudflare seems to be waiting for. It's honestly best to renew / transfer before expiration to prevent wonkiness like this.
-
U N C L E BIGBAY โจ (@unclebigbay143) reportedToday's Engineering Concept: '๐ฅ๐ฎ๐๐ฒ ๐๐ถ๐บ๐ถ๐๐ถ๐ป๐ด' ๐ช๐ต๐ฎ๐ ๐ถ๐ ๐ฅ๐ฎ๐๐ฒ ๐๐ถ๐บ๐ถ๐๐ถ๐ป๐ด? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. ๐ช๐ต๐ ๐ฑ๐ผ๐ฒ๐ ๐ถ๐ ๐บ๐ฎ๐๐๐ฒ๐ฟ? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. ๐ฅ๐ฒ๐ฎ๐น-๐๐ผ๐ฟ๐น๐ฑ ๐ฒ๐ ๐ฎ๐บ๐ฝ๐น๐ฒ Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. ๐๐ผ๐ ๐ถ๐ ๐ถ๐ ๐ถ๐บ๐ฝ๐น๐ฒ๐บ๐ฒ๐ป๐๐ฒ๐ฑ? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. ๐ช๐ต๐ฒ๐ฟ๐ฒ ๐ถ๐ ๐ถ๐ ๐๐๐ฒ๐ฑ? โข ๐๐ถ๐๐๐๐ฏ: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. โข ๐ฆ๐๐ฟ๐ถ๐ฝ๐ฒ: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. โข ๐ข๐ฝ๐ฒ๐ป๐๐: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. โข ๐ซ (๐ณ๐ผ๐ฟ๐บ๐ฒ๐ฟ๐น๐ ๐ง๐๐ถ๐๐๐ฒ๐ฟ): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. โข ๐๐น๐ผ๐๐ฑ๐ณ๐น๐ฎ๐ฟ๐ฒ: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. ๐ง๐ต๐ฒ ๐๐ฎ๐ธ๐ฒ๐ฎ๐๐ฎ๐ A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."
-
Eiji Murasaki (@next20220424) reportedAgain. Web server is returning an unknown error There is an unknown connection issue between Cloudflare and the origin web server. As a result, the web page can not be displayed. Error reference number: 520 Cloudflare Location: Osaka
-
DFIR Radar (@DFIR_Radar) reportedClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar
-
Will Stewart (@NorthflankWill) reported@AjaySohmshetty @Cloudflare @andrewk17 always a poor experience with Cloudflare. dw they'll spend all the time tweeting in their echo chamber instead
-
abir (@abiryanii) reported@AjaySohmshetty @Cloudflare @andrewk17 ngl, not the worst for 174tb
-
Pinzari Andrei (@PinzariAndrej) reported@Cloudflare Making the exception machine-readable is a meaningful improvement over silently weakening validation. Will Cloudflare publish telemetry on how often EDE 33 is returned and how long exceptions remain active? That would help quantify both operational value and the risk of temporary bypasses becoming sticky.
-
Emiliano Blasco (FLG) (@Blascotico) reported@OnceHuman_ @GearUP_Global It's free, secure, speedy, and backed by a huge company. I'd rather use Cloudflare than pay for the same thing with no real company or support behind it.
-
sunil pai (@threepointone) reportedlol I hear people on bsky are trying to cancel cloudflare for sponsoring localfirstconf?
-
Ice_Cre4m_Arteeeee (@Ice_Cre4m_Art) reported@V1kov_ I assume the problem is with the Internet service provider/router but not sure I have problems with ds too (vc didnt work and other) on my wifi at home but i use cloudflare WARP or any other VPN and that kinda help
-
naps62.eth (@naps62) reported@oleg_fem Seems I had an issue with the "http -> redirect, and safari was smart enough to still redirect. a toggle missing on cloudflare should be fixed now!
-
Null Meridian (@null_meridian) reported@ProMint_X @Noxa_Fi They can implement cloudflare basically by few clicks and it will never go down due to DDOS (just basic stuff for overall understanding)
-
Hermann (@dhlotter) reportedA red X sat in my CI all morning. Four deploys trying to make it pass. The test was never broken, it just can't run in CI at all. Cloudflare blocks the headless browser from GitHub's IPs. Four deploys to add one line that skips it. #buildinpublic
-
Pedro Guitian (@PedroGuiti) reportedif you're building a startup. pause for a second. You should stop overpaying for your stack. this is enough to launch: claude - coding supabase - backend vercel - deploys GoDaddy - domain stripe - payments github - version control resend - emails clerk - auth cloudflare - dns posthog - analytics sentry - errors upstash - redis most of this is free. The real cost is time, so ship fast, and optimize later
-
JUJU โ๏ธยท (@the_jujukey) reported@fr1ko_eth They didnโt rug โฆit was a cloudflare issue โฆwhatโs Loshmi saying lmao
-
OnlyAWassie (@onlyawassie) reported@CryptoTomYT @vladtenev Lockin? builders getting Problems because of the copyrights from Rh cloudflare shutting them off if they get reported how you wanna Build something on this chain
-
Mohit (@mohitdotdev) reportedEncrypt docs & PII end-to-end on Cloudflare Workers: client wraps random DEK with your password key, server adds outer master-key wrap; share securely by re-wrapping the DEK for others, grant edit rights with consent - server never sees plaintext. This is my way forward to keep every bit of user data encrypted. Fully and provable.
-
DFIR Radar (@DFIR_Radar) reportedKratos PhaaS is a maturing Microsoft 365 credential-theft platform active since Sept 2025, with 1,484 previously unattributed sandbox sessions now linked to the family across 20+ countries. - Kratos runs three page generations (V0, V1, V2), each with distinct exfiltration endpoints: V0 POSTs to /PTT/SOft/mini.php, V1 to next.php/nex.php/n3xt.php, V2 to save.php. The kit chains legitimate platforms (SharePoint, Canva, DocuSign lures) through Cloudflare Turnstile anti-bot checks before serving a fake Microsoft 365 login. Browser tab title is nearly always "Authentication" and an animated envelope with "Loading in progress..." precedes the credential form. - The single best hunting fingerprint: HTTP requests to both /assets/img/barr.svg and /assets/img/lg.svg in the same session. That pair yields 90% recall with near-zero false positives. Key hashes: lg.svg = cd231b895bbcd7154b81df1e065bf02f1ec667b920c8b6d23308cd509833b5ea, styles.css = c447e75f1029ed7a5882add16bcd13ad44be3bd47c93c830ff39185e23d25ebb (connects 636 tasks across V1 and V2). - Notable defanged IOCs: razen[.]online, enerdizerandtron[.]de, jumpast[.]es, abal[.]my, dufllot[.]sbs, trisrnareprjdocz[.]com; operator IP 41.128.0[.]142. URL tokens factura, dgt, and abogados signal Spanish-language affiliates. - If WebSocket activity appears alongside credential POST, treat it as a possible AiTM indicator. #DFIR_Radar
-
Adam Kinney (@adkinn) reportedAnyone out there need a Cloudflare admin? I've automated basically everything else. Claude and I ship apps together all day โ it writes the code, wires the APIs, argues with me about naming. Genuinely a great colleague. But the second I open the Cloudflare dashboard, it goes quiet. DNS records, page rules, that one Worker route that's definitely correct and definitely not working โ and Claude's just like: "That's all you, man."
-
Tai Groot ๐ง (@taigrr) reported@corrieuys @vercel @Cloudflare I actually think workers might be the worst paradigm for htmx But they are worth it for those sweet, sweet durable objects ๐คค
-
C4 (@UncleCharles_) reported@PilotObi Unless the API service is integrated with its own firewall. From the initial diagram I would have assumed for example, Cloudflare firewall, then AWS gateway
-
Anicet (@AniC_dev) reportedlmao I just changed the logic for the snapshot restore on sandbox resume/fork, now most of our slow cases are 30x faster! so the bottleneck became the network ...and I've just benchmarked that if we ditch cloudflare and use Hetzner Object Storage it's 2x faster & 2.2x cheaper
-
Plaux AI (@plauxai) reportedbeen seeing everyone lock down their sites against AI bots this week. cloudflare rules, block lists, the whole crawler war and it hit me - there's literally nothing for those lists to catch in Plaux it's not a crawler hitting your site. not an api getting hammered. it just... uses the app. opens it, clicks around, types, reads what's on screen. the same boring stuff you do every day that's the part i keep coming back to. it's not sneaking past bot detection. it's not disguised as a human. it just does the work the way a human does, so there's no bot to catch in the first place kinda funny that while everyone builds bigger walls, the thing that walks through the front door never looked like a bot to begin with ๐
-
Chubbyโจ๏ธ (@kimmonismus) reportedEvery Sunday we publish an exclusive interview in the Superintelligence newsletter. The last few: - Ahmed Awadallah, Partner Research Manager at Microsoft Research AI Frontiers, on small on-device agents that go toe to toe with the giants. - Phil Gurbacki, VP of Product for Weights & Biases at CoreWeave, on a research agent that reads your experiments and launches the next training run itself. Akshay Kothari, Co-Founder and COO of Notion, on a million custom agents. - Coming up: Cloudflare, Google Cloud, and several more I can't announce yet. - The part I still find hard to believe is that I get to sit down with the people actually building this. Every week, someone new. Subscribe for free down below:
-
Nic Wienandt (@NicW_AI) reported๐ท A real agent browser, not a scraper. JavaScript sites, dashboards, web apps. The agent drives a genuine headless Chrome browser, reads what a human sees, and screenshots it into your workspace. AI constantly get held up by Cloudflare and robots.txt. Problem solved.
-
Rahul K (@rknkhanna) reportedyou mean 3 people are trying to cancel cloudflare?
-
ALEXYZ (@Alexvx_nft) reportedYOU'RE BURNING API DOLLARS ON TASKS THAT HAVE A FREE PATH. MOST BUILDERS USE EXACTLY ZERO OF THEM. โ Zefi mapped every major lab's free tier for a week (verified July 2026) most people pay before they even check what's unclaimed: > Google AI Studio ยท ~1,500 req/day ยท 1M tokens/min ยท no card > Groq ยท 14,400 req/day ยท 300+ tok/sec > OpenRouter ยท ~26 free models ยท one API key > OpenAI + Anthropic ยท $5 trial credits each > startup stack ยท $25K + $25K API ยท up to $350K Google Cloud > student stack ยท Cursor Pro + Perplexity + Copilot = $0 full dev setup โ the Claude Code hack is the part nobody bookmarks: point ANTHROPIC_BASE_URL at Groq / Cloudflare / OpenRouter agentic loop on free third-party inference not official. works anyway. โ same week GPT-5.6 tier routing went viral and loops guides hit 1.2M views CT still argues model scores while leaving $440+ in free access on the table the leak isn't which model you picked it's which free path you never claimed full map quoted below
-
Seda Marshal (@Marshal_Seda) reported@DanielNjorogee @truehostcloud I faced this challenge with about 15 domains I wanted to change their nameservers to point to cloudflare. @truehostcloud why did I have to call support to help me do this?
-
GuruVerseX (@GuruVerseX) reported@ProMint_X @Noxa_Fi Cloudflare would help lol
-
Joe Sadoski (@joesadoski) reported> I have a problem > Ask the agent > "Actually @Cloudflare has something for that" How does this keep happening??