1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 43% Domains (43%)
  • 28% Cloud Services (28%)
  • 17% Hosting (17%)
  • 9% Web Tools (9%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Farmers Branch Web Tools 2 days ago
Helsinki Cloud Services 4 days ago
Crisfield Domains 6 days ago
Nanaimo Web Tools 7 days ago
New York City Web Tools 7 days ago
Istanbul Domains 10 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • NacioFelix
    Nacio-Felix Laubressac - desolation (@NacioFelix) reported

    Cloudflare is broken or is it just me ? #again

  • _ChrisCovington
    Chris Covington (@_ChrisCovington) reported

    @AlanNeveu @vpetryniak @Cloudflare yup most have them builtin, they are basically the same thing from the managers pov. also yes the platform issues with these are 99% of the headache, not the tech itself lol

  • ervis_trupja
    Ervis Trupja (@ervis_trupja) reported

    2/ Cloudflare for SaaS handles this commercially but the per-hostname pricing adds up. So I run Caddy on a Hetzner box instead. Caddy's on-demand TLS issues Let's Encrypt certs the first time a hostname is requested, on the condition that my API authorizes it.

  • allartclassics
    Allartclassic (@allartclassics) reported

    Stopping the bad guys with Cloudflare: 841 malicious requests blocked or challenged in the last month #cloudflare

  • XCSme
    Cristian (@XCSme) reported

    @Cloudflare How do I login if the passkey was created on Apple and I want to login on a PC?

  • IntentSim
    marcelo mezquia (@IntentSim) reported

    Stopping the bad guys with Cloudflare: 8,429 malicious requests blocked or challenged in the last month #cloudflare #intentsim #mezquiaphysics

  • TheFlagen430297
    Flagen (@TheFlagen430297) reported

    Why is all these top companies going down over the past few weeks? First @Spotify , Now @Cloudflare ?? Bruhh

  • prasanjitdatta
    Prasanjit Datta (@prasanjitdatta) reported

    Cloudflare blocks or challenges bad requests from hitting my website. #cloudflare

  • cometkim
    🦋 hyeseong.kim (@cometkim) reported

    @Cloudflare Still holding onto my password manager because YOU don't support passkey

  • crepesupreme
    Crepe Supreme (@crepesupreme) reported

    Stainless turned API specs into production SDKs across Python, TS, Go, Java, Kotlin. Customers: OpenAI, Google, Cloudflare, Runway, Replicate. Anthropic is winding down the hosted product, so the other customers need a plan. Press framing has been 'lockout move on OpenAI.'

  • 0x_joat
    JOAT (@0x_joat) reported

    Cloudflare seems to be down

  • GerardHough
    Gerard Hough (@GerardHough) reported

    @Cloudflare Why employ clowns to mess up Cloudflare? Is your business model to... pissoff people visiting your customer's sites? How many times must Cloudflare bring up the same stupid popup asking if we're robots? Any decent robot will be laughing at Cloudflare's stupidity and time wasting.

  • tebayoso
    Jorge (@tebayoso) reported

    @Cloudflare Then add a button to login with Passkey, it's used only as 2fa.

  • FootiememeTv
    FootiememeTV (@FootiememeTv) reported

    @inference_labs inference changes the economics of AI. But once outputs start driving real systems, verification becomes the bottleneck. Cloudflare leaning into AI reviews at scale is another signal that the next infrastructure layer won’t just generate intelligence it’ll prove it.

  • bodhi3attva
    Bodhisattva🍁 (@bodhi3attva) reported

    Government block claim is misleading. Technical checks show: > Domain is on clientHold status > Public DNS resolvers like Google (8.8.8.8) and Cloudflare (1.1.1.1) now return NXDOMAIN > Website earlier resolved and returned HTTP 403 from active Hostinger infrastructure This usually indicates registrar/hosting-side restriction, suspension, or intentional access denial not a typical ISP/government block. If the government had blocked it directly, public DNS would usually still resolve the domain while access would fail at the ISP/network level through DNS poisoning, connection resets, or filtering. The owner most likely did it himself.

  • mikotre
    miko (@mikotre) reported

    @TKtamilarasan2 @jackfriks I can try... If you use supabase storage and its db you can connect data easily. But this has huge egress costs like jack has. If you rather use R2 or any other storage like cloudflare which doesnt have egress costs then the data inside R2 and the document isnt easily connected. The "base" way to do so is to store storage path in supabase and each time you want to download/view you try to get a presigned url so you dont touch any sensitive data (done with edge function). A small problem is that if you delete stuff in supabase db then it DOESNT automatically delete the r2 storage object; so you keep paying for storing that file as its still in the r2 but its deleted from your own db. So i solved this that i have a trigger that when a row is deleted in my db; before it deletes it it creates a queue which has that delete objects path; and another edge function that then simply calls the r2 and deletes the file at that path. Then files are deleted both places. You can dm me and ill send my source code of you want.

  • cjsneo
    Neo (@cjsneo) reported

    cloudflare do such a good job on their services, but their actual interface is a total crock of ****. cant even log in half the time

  • trydotworks
    erik@try.works (@trydotworks) reported

    @threepointone Oh my bad. I'm still learning cloudflare and didn't get to Think yet

  • momondic
    Hadrian Augastine Goyper (@momondic) reported

    @KiwiFarmsDotNet @Cloudflare Well what has Cloudflare done for jews lately. You can never do enough.

  • denihil2
    5555555555555555555555555555555555555555555555 555 (@denihil2) reported

    @KiwiFarmsDotNet @Cloudflare it is never enough for them. they will never rest until the internet is pg-13. don't let them take a inch, **** everything about the @ADL

  • CliffDoesAI
    CliffDoesAI (@CliffDoesAI) reported

    Anthropic just confirmed something that should change how every builder ships code. Claude Mythos Preview — their unreleased frontier model — found over 10,000 high- or critical-severity vulnerabilities in production software in one month. Cloudflare alone found 2,000 bugs across their critical-path systems. The false positive rate was lower than human testers. Read that again. A model that isn't even publicly available yet is outperforming security teams on bug discovery. But here's what nobody's talking about: the bottleneck moved. Finding bugs used to be the hard part. Now AI is finding them faster than humans can patch them. Anthropic said it directly: "Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it's limited by how quickly we can verify, disclose, and patch." The numbers back this up. 530 high- or critical-severity bugs disclosed to maintainers. Only 75 patched so far. The average patch time is two weeks. Some open-source maintainers asked Anthropic to slow down the disclosures because they physically can't keep up. This is the real AI adoption pattern nobody talks about: the tool works great at step one, and immediately overloads step two. You don't have a finding-vulnerabilities problem anymore. You have a triage-and-fix problem. I see the same thing with AI coding agents. Claude Code and Codex can generate PRs faster than I can review them. The bottleneck shifts from "write the code" to "decide if the code is right." If you're building with AI agents right now, here's what the Glasswing pattern teaches: First, invest in your review infrastructure before you invest in more agent capability. The model that generates 10 PRs an hour is useless if you can only review 2. Second, automated triage matters more than automated creation. Anthropic is now shipping skills, a subagent harness, and a threat model builder to their enterprise customers — not to find more bugs, but to handle the flood of findings they already have. Third, the companies that win will be the ones with the cleanest approval gates, not the biggest compute budgets. Anthropic is also making real moves here — Claude Security is in public beta, they've launched a Cyber Verification Program for security pros, and they're shipping the actual tools their partners used with Mythos. Skills, automated triage, threat model building. The AI security arms race is already asymmetric. Defenders who adopt these tools now get months or years of advantage before attackers catch up. What's your patch cycle look like when AI finds 100 bugs a day in your codebase?

  • OopsPlanFailed
    Plan B (@OopsPlanFailed) reported

    Hey @ZohoMail For the last hour I've been trying to verify my Cloudflare email on Zoho Mail, but the verification emails are never arriving. Checked inbox, spam, all folders... nothing. Retried so many times that Cloudflare now says I have to wait 1 hour due to too many attempts What’s happening with Zoho mail delivery today? Can you help?

  • ElvenHuang9
    Elven Huang (@ElvenHuang9) reported

    May 18: Acquires Stainless — the SDK engine behind OpenAI, Google, and Cloudflare APIs. Shuts down hosted services immediately. 970M+ monthly MCP SDK downloads. 10,000+ public servers. Competitors just lost their API plumbing.

  • PickleNik0864
    PickleNik (@PickleNik0864) reported

    @developedbyed @Cloudflare damn I needed this like 3 months ago but unded up going with Mux cuz I couldn't be bothered to figure this out on top of other things. Thankfully my usage isn't high enough to hit free limits so far

  • MinBringham
    Thatweb3guy (@MinBringham) reported

    @inference_labs Cloudflare pushing AI reviews at scale says a lot about where things are heading. Running inference is getting easier, but proving outputs can be trusted still feels like the harder problem. That gap is probably where a lot of important infrastructure gets built.

  • MichaelGannotti
    Mike Gannotti (@MichaelGannotti) reported

    THE HOOK Anthropic's Project Glasswing just dropped its first update, and the headline number is staggering: Claude Mythos Preview has found more than 10,000 high- or critical-severity vulnerabilities in system-critical software — in one month. Cloudflare alone flagged 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities, 10x what the previous Claude model caught. This isn't a lab demo. This is production software that runs the internet. But the real story isn't the discovery rate. It's the patching rate. THE INTERPRETATION The data reveals something the headline misses: of the 23,019 total vulnerabilities Mythos found across 1,000+ open-source projects, only 97 have been patched. Not 97%. Ninety-seven total. Of 530 high/critical bugs disclosed to maintainers, only 75 are patched. Only 65 have public advisories. Let me put that in perspective: Anthropic's AI is uncovering vulnerabilities roughly 10x faster than the security ecosystem can fix them. The 90.6% true-positive rate is impressive — this isn't noise. But the funnel from discovery → triage → disclosure → patch is collapsing under volume. Several open-source maintainers have asked Anthropic to slow down disclosures because they can't keep up. Think about that: the defensive AI is outpacing the human defensive capacity, and the humans are asking it to stop telling them what's broken. THE IMPLICATION This is the most concrete example yet of what I'd call the "asymmetric capability gap" in AI. Finding bugs is an O(n) problem at the frontier — you throw more compute at scanning, you find more bugs. Fixing them is an O(n²) social coordination problem — every patch requires human review, architectural judgment, backward compatibility decisions, regression testing, and coordinated deployment across thousands of dependent systems. For business leaders building with AI, the implication is direct: your security posture can no longer assume that undiscovered vulnerabilities are your main risk. The risk is now *known but unpatched* vulnerabilities. The attack surface isn't shrinking — it's being illuminated faster than it's being contracted. Three concrete actions: 1. Shorten your patch cycles now. Microsoft and Palo Alto Networks are already shipping 5x more patches per release cycle. If your organization's patch SLA is 30 days, it needs to be 7. If it's 7, it needs to be 24 hours for criticals. 2. Invest in the boring fundamentals. Anthropic's own recommendation — MFA, hardened configurations, comprehensive logging — isn't new advice. But it hits differently when you realize that thousands of zero-days are being discovered monthly, and most won't have patches available before the 90-day disclosure window opens. 3. Audit your dependency tree ruthlessly. The open-source projects Mythos scanned underpin most enterprise stacks. If you're running unpatched versions of common libraries, you should assume the vulnerability is known to someone — it's just not known to you yet. THE COUNTERPOINT Here's what Anthropic's post carefully avoids saying: they're creating the problem and selling the solution. Mythos Preview isn't public — it's gated behind Project Glasswing partnerships. But Anthropic explicitly acknowledges that "models with similar cybersecurity skills will soon be more broadly available." GPT-5.5 already benchmarks close on ExploitBench. The defensive advantage of Glasswing is temporary by design. More importantly, the 90-day coordinated vulnerability disclosure window was designed for a world where vulnerabilities are rare and discovery is expensive. That model breaks when an AI can enumerate thousands of bugs in a month. The entire CVD framework — which balances disclosure timing between finders and vendors — assumes a trickle, not a firehose. Nobody has proposed a replacement framework that works at this volume. And there's an uncomfortable question Anthropic doesn't address: if Mythos-class capabilities will soon be available to attackers, is the net effect of publishing 10,000 vulnerability locations positive or negative during the window where only 97 are patched? Anthropic's answer is clearly "the knowledge helps defenders," but right now the ratio of discovered-to-patched vulnerabilities suggests defenders can't act on the knowledge fast enough. THE BOTTOM LINE AI has fundamentally broken the economics of vulnerability discovery. Finding bugs used to be the hard part; fixing them was routine. Now finding is cheap and fixing is the bottleneck. Every organization's security strategy needs to invert: stop optimizing for threat detection (the AI has that covered) and start optimizing for patch velocity and blast-radius reduction (the part humans still own). The companies that survive the next 18 months won't be the ones with the best threat intel — they'll be the ones with the fastest remediation cycles. #ProjectGlasswing #AICybersecurity #VulnerabilityManagement

  • davidthepurple
    David (@davidthepurple) reported

    Cloudflare seems to have some issues today. I simultaneously got 2 billing failed and 1 billing succeeded notifications all in the same minute. Plenty of money in the account... you guys ok @Cloudflare ??

  • mSanterre
    max (@mSanterre) reported

    @hussein_builder @AlexFengzh We use Cloudflare WARP and it's been a breeze to work with. No issues whatsoever.

  • hifischizo
    🕯️schizocat 🕯 alt: @lofischizo (@hifischizo) reported

    yo cloudflare needs to **** OFF I JUST WANNA LOOK AT STRATEGYWIKIIII I PRESSED VERIFY RAAAAA I CANT EVEN STUDY CUZ QUIZLET USES CLOUDFLARE

  • nonlinear_james
    Non-Linear (@nonlinear_james) reported

    @AniketVarshne @skcd42 Looks like the @Cloudflare captcha is broken?