1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 41% Domains (41%)
  • 26% Cloud Services (26%)
  • 17% Hosting (17%)
  • 11% Web Tools (11%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Noida Hosting 7 days ago
Jewar E-mail 8 days ago
Braga Web Tools 8 days ago
Noida Cloud Services 9 days ago
Paris Cloud Services 9 days ago
Prievidza Domains 10 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • elz0xn
    Elson (@elz0xn) reported

    @CloudflareDev @thomasgauvin @Cloudflare damn i hope i can wrangler some of these.

  • GoralKubo
    KuboSK (@GoralKubo) reported

    🚨 HOLY CRAP, THE INTERNET JUST CHANGED FOREVER! 😱🤯 For the FIRST time in history… AI bots and autonomous agents are now flooding the web MORE than actual HUMAN BEINGS! Cloudflare CEO @eastdakota just dropped the bomb: “Welp, that happened faster than I predicted.” (He said late 2027… it’s already here!!) The machines have officially taken over the internet. We’re not just using AI anymore… We’re living in the AI internet. Buckle up. The future is HERE. And the acceleration just begins!!🔥🤖🌐 #MindBlown #AI #InternetRevolution

  • ClaziteAlt
    Clazite (@ClaziteAlt) reported

    @HelloItsVG well i could just bypass it using cloudflare still working fine tho... until its not working any more then i will switch to Unity or Godot

  • NILMANIPRASHANT
    Nilmani Prashant (@NILMANIPRASHANT) reported

    Rate limiting isn't about blocking requests. It's about **protecting system invariants under adversarial load** — including your own code doing something stupid at 2am. --- **The precise definition most people skip:** A rate limiter is a policy enforcement mechanism that maps an identity (user, IP, API key, service) × resource (endpoint, DB, queue) × time window to an allowed request budget. Miss any of those three dimensions and your limiter is incomplete. --- **The five algorithms — and what they actually trade:** **Fixed Window** — simplest. Bucket resets on clock boundary. Problem: 2x burst at the seam. If your limit is 100 req/min, a client sends 100 at :59 and 100 at :01. You've served 200 in 2 seconds. This is how Cloudflare's early DDoS protection got punched through. **Sliding Window Log** — stores each request timestamp. Exact, no burst artifact. Cost: O(n) memory per user. At Stripe's API scale (~500M requests/day), storing per-request timestamps across even 1% of users is untenable without aggressive TTL management. **Sliding Window Counter** — approximation using two fixed windows weighted by overlap. Formula: `current_count + previous_count × ((window_size - elapsed) / window_size)`. Stripe uses this. ~0.003% error rate in practice. Memory: O(1) per user. **Token Bucket** — refill at constant rate, allow burst up to capacity. AWS API Gateway uses this. 10,000 req/s steady-state, 5,000 burst above that. Requests consume tokens; tokens refill at rate R. Good for bursty-but-average-bounded traffic. **Leaky Bucket** — requests queue, drain at fixed rate. Smooths output regardless of input shape. Netflix uses this on their Zuul edge layer to protect downstream microservices from thundering herd. Queue depth becomes your config ****. --- **Where this actually lives in distributed systems:** Local in-process: fast (~1μs), but worthless in a multi-node fleet. Node A doesn't know what Node B allowed. Centralized Redis: ~1-3ms round trip. Use Lua scripts for atomicity — `INCR` + `EXPIRE` in a single script. Redis's single-threaded command execution gives you linearizability for free. This is what most Stripe, GitHub, and Twilio rate limiters use at the storage layer. Gossip/eventually consistent: each node tracks local counts, syncs async. Allows ~N× over-serving where N = node count before sync. Acceptable for soft limits (analytics APIs), not for billing or security enforcement. --- **The senior engineer gotcha:** You set a 1000 req/min limit. Load test passes. You ship. Three months later, you get paged. Latency on your downstream DB is 40× normal. Your rate limiter is working perfectly — 1000 req/min per user, 10,000 users, that's 166 req/s aggregate, which was fine in testing with 100 users. **You rate-limited per identity but never modeled aggregate load.** The limiter protected individual users from themselves but said nothing about what your system can actually handle. You needed a global ceiling, not just per-user quotas. Google's SRE book calls this the difference between *demand-side limiting* (per user) and *supply-side limiting* (per resource). You need both. Stripe enforces per-API-key limits AND global concurrency limits per endpoint via a token bucket at the load balancer level. --- **When NOT to rate limit at the application layer:** If your bottleneck is CPU-bound work (ML inference, crypto ops), rate limiting requests doesn't help — you need a work queue with backpressure. If you rate limit, you'll drop valid requests while the remaining 10% still saturate your CPU. This is why Google's Bard/Gemini API uses quota + async job queues for expensive inference calls, not synchronous rate limiting alone. --- **Numbers worth memorizing:** Redis INCR throughput: ~100K ops/sec single node, ~1M/sec with clustering. Lua atomic script overhead: ~15% vs raw INCR. P99 latency on Redis rate-check in same-region AWS: 800μs–2ms. Sliding window counter error

  • ArtiChmaro
    Artur Chmaro ⛛ (@ArtiChmaro) reported

    Does anyone run Railway on production? It’s perfect for poc, demos but running production app on it is damn expensive (especially memory usage). After many attempts to optimize memory usage with cache, cloudflare etc I just decided to move into self-hosted VPS with Coolify and Hermes for management. VPS is already cheaper and still have capacity to serve more apps. I hope this would be my final setup. Don't want to move it again 🥲

  • Pabblothedev
    Paul the Dev (@Pabblothedev) reported

    @Prodigers @DanielSmidstrup If you have static pages which do “nothing” yes it’s cheaper :) In general. Workers are cheaper but limited to 128mb and cool they don’t have cold starts. But queus are super expensive on Cloudflare. D1 also super expensive. I don’t recall know what issue I had with workers sth relates to pkgs but not sure now. Lambda is microvm at the end.

  • YourPrivateProx
    Your Private Proxy (@YourPrivateProx) reported

    @PrateekKataree Layer 4 missing: IP reputation. Jina and microlink egress from datacenter ASNs — Cloudflare flags that before the page loads. Residential per session is the fix when layer 3 starts returning empty on sites it should handle.

  • LayoffAI
    Official Layoff (@LayoffAI) reported

    ORACLE LAYOFFS OFFICIALLY BEGIN AMID COMPLAINTS OF TERRIBLE SEVERANCE TERMS The 60 days of notice is up, and the first of the 30,000 are hitting the door. All will be out by June 15. As per Time Magazine, one long-tenured employee lost approximately $1 million in restricted stock units (RSUs) that were just four months from vesting. Oracle did not accelerate unvested RSUs for any departing worker; any shares that had not cleared their vesting date by the termination date were forfeited permanently, even when those grants had been issued as retention incentives or in lieu of salary increases. Stock compensation made up roughly 70% of that employee's total pay. At least 90 laid-off employees organized and signed a public petition asking Oracle to match the terms of comparable layoffs at Meta, Microsoft, and Cloudflare. Meta's package began at 16 weeks of base pay plus two weeks per year of service. Microsoft's voluntary retirement program, offered to eligible long-tenured employees, provided stock vesting for six months post-termination, a minimum of eight weeks' pay, and additional weeks based on seniority. Cloudflare, which cut more than 1,100 employees globally at roughly the same time, offered base pay through the end of 2026 plus full healthcare coverage and equity vesting through August 15. Oracle responded by email: the terms were final. Four weeks of base pay for the first year of service, plus one additional week per year of tenure, capped at 26 weeks. All unvested options forfeited.

  • codingstark
    Himanshu (@codingstark) reported

    @schanuelmiller i thought next.js was so mature, so I should switch to next.js and server action. but, after realizing the performance and cloudflare deployment issue, I was like, “I really got stuck here.” so I just moved back again and revamped my whole codebase to tanstack.

  • Bicepmonkey
    📈📉💸 (@Bicepmonkey) reported

    Good day, Money Market! GitLab $GTLB released its earnings report for the first quarter of fiscal year 2027. The stock has gotten volatile since the numbers dropped. Full-year revenue guidance remained about the same overall, though they raised the lower end of the outlook by a small amount. The main item that stirred things up was the plan to replace around 14% of the workforce with artificial intelligence. Cloudflare $NET went down a similar path not long ago. The market has pushed back because this could make it harder for the company to scale its operations in the future. Companies trying to grow usually hire more salespeople and developers to grab market share and keep up with customer needs. GitLab $GTLB has put its money into buying back shares instead. That choice often leaves investors worried that growth is drying up. I have not changed my view on GitLab $GTLB and see this as mostly noise around the stock. The company is working to restart stronger revenue growth. It plans to bring on additional salespeople. These new roles probably do not overlap with the positions AI will handle. The approach also calls for more upfront selling to new customers along with more detailed pricing tiers. I will check in on the progress early in 2027. Shares currently trade at a price-to-sales ratio below 5. That level sits below the average across my coverage list and below the trailing four-quarter average that GitLab $GTLB has posted. Both of those averages come in near 8. The valuation does not look expensive when stacked against the 17% revenue growth projected for this year.

  • MadMikeyB
    Mikey (@MadMikeyB) reported

    @iBotPeaches Sorry to hear about this, we've had to do similar with CloudFlare WAF and Rate Limits because of the same issue.

  • Not_Toa_Kraadak
    Vit (@Not_Toa_Kraadak) reported

    @Jerav2776 @schizothotep cloudflare warp should help

  • inlovewithgo
    Shubham (@inlovewithgo) reported

    Login with GitHub on cloudflare Login with Cloudflare on GitHub

  • codewith55
    Mohit (@codewith55) reported

    Total monthly cost to run a startup: $20 - Claude = coding ($20/mo)💲 - Supabase = backend (Free)✅ - Vercel = deploying (Free)✅ - Namecheap = domain ($12/yr)💲 - Stripe = payments.(2.9%/transaction)💲 - GitHub = version control (Free)✅ - Resend = emails (Free)✅ - Clerk = auth (Free)✅ - Cloudflare = DNS (Free)✅ - PostHog = analytics (Free)✅ - Sentry = error tracking (Free)✅ - Upstash = Redis (Free)✅ - Pinecone = vector DB (Free)✅ There has never been a cheaper time to build

  • Sarahi88727520
    Sarahi (@Sarahi88727520) reported

    This is honestly insane. Cloudflare just put out new radar data — bots and AI traffic now make up 57.5% of all HTML page requests on their network. Humans? Down to 42.5%. And Cloudflare handles like 20% of the whole internet, so this isn’t a tiny sample. Their CEO

  • NewsTongueX
    NewsTongue (@NewsTongueX) reported

    🔴 Source content blocked by security service — full article unavailable The source URL returned a Cloudflare security block rather than article content. The headline references Standard Chartered commentary on bitcoin's price floor, but the article body could not be accessed. No substantive data, quotes, or verifiable claims are available for publication.

  • ivanglpz
    Ivan Garcia (@ivanglpz) reported

    Good news for their founders. Bad news for the ecosystem. I will always say this: when a company buys something, it does not do it out of charity. It does it because it wants to capture its strategic benefits. Cloudflare wants that, and if achieving it means leaving others out, it probably will. I am becoming increasingly convinced that more agnostic frameworks and tools will emerge precisely to avoid being locked into a single provider.

  • MahdiEzz_code
    Mahdi Ezzeddine (@MahdiEzz_code) reported

    My domain has become too expensive I can't afford it (it wasn't that much when I bought it in 2023, it's getting expensive with each year) soo, I'm thinking of switching domains, and using cloudflare this time not namecheap but I'm gonna lose all my seo progress damn, idk what do you think guys?

  • saen_dev
    Saeed Anwar (@saen_dev) reported

    Cloudflare tunnels for mobile dev testing is genuinely underrated — it removes the whole "how do I hit localhost from my phone" headache. Once you set this up once you never go back to emulator-only testing.

  • advancedjd
    JD Advanced (@advancedjd) reported

    @LeoVasanko @MaxQBasedLord You do know network tunnels exist @grok explain how you can use cloudflare and open source solutions to fix this for free.

  • 0xprimex0
    Marquivion (Marq) Orr (@0xprimex0) reported

    Mature General-Purpose Libraries (PQC-Ready 2026) Battle-tested libraries with shipped NIST algorithms: • OpenSSL: Production-ready via oqs-provider or native 3.5+. Supports ML-KEM, ML-DSA, SLH-DSA & hybrids. Choose OpenSSL if you need maximum compatibility with existing infrastructure and web servers. It is the standard choice if you are already using OpenSSL and can integrate the oqs-provider module or upgrade to version 3.5+ for immediate ML-KEM/ML-DSA support without rewriting your application logic. • Botan: Full native C++ support. Most complete NIST suite (ML-KEM/DSA, SLH-DSA, FrodoKEM, Classic McEliece). Choose Botan if you are developing in C++ and want the most comprehensive algorithm coverage out-of-the-box. It is the best choice if you need immediate access to the full NIST suite (including alternative KEMs like FrodoKEM) with a modern, object-oriented API, rather than waiting for C libraries to catch up. • Bouncy Castle: Dominant in Java/.NET. v1.83+ supports ML-KEM/DSA, hybrid certs (RFC 9883), and composite signatures. Choose Bouncy Castle if your stack is Java, Kotlin, or .NET/C#. It is the undisputed leader for JVM and Microsoft ecosystems, offering the only mature, native implementation of hybrid certificates (RFC 9883) and composite signatures required for complex PKI migrations in enterprise environments. • Mbed TLS: Emerging support. ML-DSA prototype available; ML-KEM planned for late 2026. Best for constrained IoT soon. Choose Mbed TLS if you are targeting highly constrained embedded devices (low RAM/Flash) and can wait slightly for full ML-KEM stabilization (expected late 2026). It is ideal if you need a small footprint and are already using the ARM PSA Crypto architecture, provided your timeline allows for the final ML-KEM integration. • Google Tink: High-level API. Delegates PQC to backends (AWS-LC, BoringSSL, OpenSSL). Easy integration for apps. Choose Google Tink if you want a language-agnostic, high-level API that abstracts away the underlying crypto engine. It is the best choice for application developers who want to enable PQC (via a supported backend like AWS-LC or OpenSSL) with minimal code changes and without managing low-level cryptographic primitives directly. • CIRCL(@Cloudflare): Go-native. Focused on PQC research & hybrids (Kyber/X25519). Used in Cloudflare services. Choose CIRCL if you are building services in Go and need cutting-edge, research-grade implementations of hybrid schemes. It is the preferred choice for Go developers who want to leverage Cloudflare’s production-tested PQC research and need flexible, low-level control over key exchanges in network protocols.

  • DoNcHuiiiToX
    DoNcHuiiiTo X (@DoNcHuiiiToX) reported

    The risk of relying on one hosting provider. When they go down, everything goes down with you. The real fix here is having redundancy ideally a backup server on a different provider and some DDoS protection in front like Cloudflare. That way, if one host has issues, the site can switch over to the backup or stay partially online instead of going completely down. @MagneticXRPL

  • SchoolReading
    School Reading List (@SchoolReading) reported

    @Cloudflare @CloudflareHelp @awscloud We've also referred to the same issue in Case #02165422

  • GRRLmusic
    𝑮𝑹𝑹𝑳 (@GRRLmusic) reported

    @DominicEkom_ @David_Rudnick yeah looool people who would buy and wear cloudflare merch (especially **** that looks that bad) of their own volition definitely have questionable (******* horrendous) taste

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    New Gafgyt variant C0XMO exploits DD-WRT routers via CVE-2021-27137, features modular Python-based lateral movement and targets multiple Linux architectures. Advanced botnet shows operational evolution. Technical breakdown: • Exploits stack buffer overflow in DD-WRT UPnP service via malformed SSDP M-SEARCH requests on UDP 1900 • Multi-stage persistence: copies to /tmp/.sys, /var/tmp/.sys, /dev/shm/.sys with cron jobs every 15 minutes • Separates scanning into standalone Python script using paramiko, requests, beautifulsoup4 packages • C2 handshake uses magic string 669787761736865726500 + shared secret to 85[.]215[.]131[.]70 • Supports 19 DDoS attack methods including UDP bypass, TCP floods, NTP amplification, Cloudflare bypass Attack chain: • Initial access via CVE-2021-27137 buffer overflow targeting Japanese 🇯🇵 tech firm from Germany 🇩🇪 • Downloads architecture-specific binaries (ARM, MIPS, x86_64, PowerPC) to /tmp/.cache • Python scanner targets Telnet/SSH weak credentials + HTTP exploits (GLPI, AVTECH, Zyxel) • Terminates competing botnets and removes rival persistence mechanisms Hunt for hidden executables in /tmp/.sys, /var/tmp/.sys with 755 permissions and outbound connections to 85[.]215[.]131[.]70 or 217[.]160[.]125[.]125:15527. #DFIR_Radar

  • Rus_Khairullin
    Ruslan Khairullin (@Rus_Khairullin) reported

    AI and bots just officially passed humans in internet traffic volume. They now make up 57% of all online activity. Real users are down to just 43%, according to Cloudflare co-founder Matthew Prince. This kind of crossover wasn’t supposed to happen until the end of the year. AI is moving too fast for the original timeline. Dead internet theory is no longer a theory. 🫠

  • DanielSmithDev
    Daniel Smith | Building ClawQL Agents (@DanielSmithDev) reported

    @LowLevelTweets @kentcdodds It was mostly in context of them vs cli tools directly. Argument was MCP would bloat. So many bad engineers cried about it and gave up. Then @Cloudflare came along with code mode and now Claude and others have dynamic tool loading and there are several ways to solve the issues.

  • less_tx
    LeslieP (@less_tx) reported

    @jordanhenderson My low volume hobby websites are going down ALL THE TIME now - and I moved everything to Cloudflare and set it to stop the bots, works for a while, then there's a week or so of constant up/down notifications while the bots scrape my website data. I hate it.

  • stratospheriae
    dantsu 🎶 (@stratospheriae) reported

    i migrated my website to cloudflare the other week and i didn't realize that you had to set up your own www. redirects yourself. for a good 7 days straight a whole bunch of links across all of my socials were just broken and i didn't find out until someone literally told me

  • tdinh_me
    Tony Dinh (@tdinh_me) reported

    This project involves an iOS app, sign-in with apple, in-app purchase, revenue cat, api backend server, firecracker sandbox, AI gateway, database (postgresql), a blob storage, cloudflare R2, DNS for linking domains, a minimal harness to build a website, and a lot of prompts. Normally, this would take a team of 10 at least. Now I do it alone fully remote via telegram from my phone. I only looked at the code once (due to a potential security concern), but other than that I never read a line of code. I do most of my reviews via prototypes, diagrams, text, and, html reports. The future is going to be wild.