Cloudflare status: hosting issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Domains (41%)
- Cloud Services (26%)
- Hosting (17%)
- Web Tools (11%)
- E-mail (4%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Hosting | 7 days ago |
|
|
8 days ago | |
|
|
Web Tools | 8 days ago |
|
|
Cloud Services | 8 days ago |
|
|
Cloud Services | 8 days ago |
|
|
Domains | 9 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
๐ต๐๐๐ ๐ถ๐๐๐๐ (@stronkly_typed) reported@KuptoKosmos @Cloudflare wtf is this, be a serious company for once please
-
Jake ๐ (@jitl) reported@Cloudflare damn they couldnโt let vercel have that one lmao
-
Letra (@letra_ng) reportedHi guys, I'm the lead dev @shopnowngg and I have been shipping non-stop. This is a full ecommerce application built from scratch. Tech-stack: 1. Frontend React 19, Tailwindcss v4, lucide react for icons, Motion(formerly framer Motion) for animations 2. Backend & Serveless API Hono V4, Cloudflare workers, Zod, JWT for security and Auth, D1 Database (cloudflare D1) 3. Tooling & Environment Vite V6 for build system, Typescript, wrangler for local dev server. 4. Hosting Cloudflare's global edge network Ask me any questions about the setup.
-
Dmytro Shevchenko ๐บ๐ฆ (@dschewchenko) reported@m_zokov @CloudflareDev Some lock-in, yes. Workers/DO/D1 are Cloudflare-specific, R2 is S3-compatible, Containers are Docker. For small products I accept it because ops and cost stay tiny. If migration becomes a real problem, the product probably worked :) And there is no problem to migrate DB to external Postgres with Cloudflare Hyperdrive for example. Or some heavy modules migrate to Hetzner. But really On Cloudflare could be implemented any product
-
Saeed Anwar (@saen_dev) reportedCloudflare tunnels for mobile dev testing is genuinely underrated โ it removes the whole "how do I hit localhost from my phone" headache. Once you set this up once you never go back to emulator-only testing.
-
Coder CoderDyne (@CCoderDyne) reported@kevinleversee @4nt1p4tt3rn "The cloud is distributed at scale." Until us-east-1 or CloudFlare go down.
-
Zara_Schneider (@ZSchneider76107) reported@MacdevM Mostly comes down to control and pricing for me Cloudflare and Namecheap usually stand out for clean management and no unnecessary upsells ๐
-
๐๐๐ธ (@Bicepmonkey) reportedGood day, Money Market! GitLab $GTLB released its earnings report for the first quarter of fiscal year 2027. The stock has gotten volatile since the numbers dropped. Full-year revenue guidance remained about the same overall, though they raised the lower end of the outlook by a small amount. The main item that stirred things up was the plan to replace around 14% of the workforce with artificial intelligence. Cloudflare $NET went down a similar path not long ago. The market has pushed back because this could make it harder for the company to scale its operations in the future. Companies trying to grow usually hire more salespeople and developers to grab market share and keep up with customer needs. GitLab $GTLB has put its money into buying back shares instead. That choice often leaves investors worried that growth is drying up. I have not changed my view on GitLab $GTLB and see this as mostly noise around the stock. The company is working to restart stronger revenue growth. It plans to bring on additional salespeople. These new roles probably do not overlap with the positions AI will handle. The approach also calls for more upfront selling to new customers along with more detailed pricing tiers. I will check in on the progress early in 2027. Shares currently trade at a price-to-sales ratio below 5. That level sits below the average across my coverage list and below the trailing four-quarter average that GitLab $GTLB has posted. Both of those averages come in near 8. The valuation does not look expensive when stacked against the 17% revenue growth projected for this year.
-
Nilmani Prashant (@NILMANIPRASHANT) reportedRate limiting isn't about blocking requests. It's about **protecting system invariants under adversarial load** โ including your own code doing something stupid at 2am. --- **The precise definition most people skip:** A rate limiter is a policy enforcement mechanism that maps an identity (user, IP, API key, service) ร resource (endpoint, DB, queue) ร time window to an allowed request budget. Miss any of those three dimensions and your limiter is incomplete. --- **The five algorithms โ and what they actually trade:** **Fixed Window** โ simplest. Bucket resets on clock boundary. Problem: 2x burst at the seam. If your limit is 100 req/min, a client sends 100 at :59 and 100 at :01. You've served 200 in 2 seconds. This is how Cloudflare's early DDoS protection got punched through. **Sliding Window Log** โ stores each request timestamp. Exact, no burst artifact. Cost: O(n) memory per user. At Stripe's API scale (~500M requests/day), storing per-request timestamps across even 1% of users is untenable without aggressive TTL management. **Sliding Window Counter** โ approximation using two fixed windows weighted by overlap. Formula: `current_count + previous_count ร ((window_size - elapsed) / window_size)`. Stripe uses this. ~0.003% error rate in practice. Memory: O(1) per user. **Token Bucket** โ refill at constant rate, allow burst up to capacity. AWS API Gateway uses this. 10,000 req/s steady-state, 5,000 burst above that. Requests consume tokens; tokens refill at rate R. Good for bursty-but-average-bounded traffic. **Leaky Bucket** โ requests queue, drain at fixed rate. Smooths output regardless of input shape. Netflix uses this on their Zuul edge layer to protect downstream microservices from thundering herd. Queue depth becomes your config ****. --- **Where this actually lives in distributed systems:** Local in-process: fast (~1ฮผs), but worthless in a multi-node fleet. Node A doesn't know what Node B allowed. Centralized Redis: ~1-3ms round trip. Use Lua scripts for atomicity โ `INCR` + `EXPIRE` in a single script. Redis's single-threaded command execution gives you linearizability for free. This is what most Stripe, GitHub, and Twilio rate limiters use at the storage layer. Gossip/eventually consistent: each node tracks local counts, syncs async. Allows ~Nร over-serving where N = node count before sync. Acceptable for soft limits (analytics APIs), not for billing or security enforcement. --- **The senior engineer gotcha:** You set a 1000 req/min limit. Load test passes. You ship. Three months later, you get paged. Latency on your downstream DB is 40ร normal. Your rate limiter is working perfectly โ 1000 req/min per user, 10,000 users, that's 166 req/s aggregate, which was fine in testing with 100 users. **You rate-limited per identity but never modeled aggregate load.** The limiter protected individual users from themselves but said nothing about what your system can actually handle. You needed a global ceiling, not just per-user quotas. Google's SRE book calls this the difference between *demand-side limiting* (per user) and *supply-side limiting* (per resource). You need both. Stripe enforces per-API-key limits AND global concurrency limits per endpoint via a token bucket at the load balancer level. --- **When NOT to rate limit at the application layer:** If your bottleneck is CPU-bound work (ML inference, crypto ops), rate limiting requests doesn't help โ you need a work queue with backpressure. If you rate limit, you'll drop valid requests while the remaining 10% still saturate your CPU. This is why Google's Bard/Gemini API uses quota + async job queues for expensive inference calls, not synchronous rate limiting alone. --- **Numbers worth memorizing:** Redis INCR throughput: ~100K ops/sec single node, ~1M/sec with clustering. Lua atomic script overhead: ~15% vs raw INCR. P99 latency on Redis rate-check in same-region AWS: 800ฮผsโ2ms. Sliding window counter error
-
Shubham (@inlovewithgo) reportedLogin with GitHub on cloudflare Login with Cloudflare on GitHub
-
Alex Dunne (@adunne09) reportedwhat if someone made a "vibe coding" app that's just cloudflare login codex login codemode effect cloudflare skills
-
Grandma Sez So (@GrandmaSezSo) reported@Cloudflare @MeckaAI Cloudflare sux. Click troubleshoot and even the form to send problem doesn't submit. I hate when websites use Cloudflare.
-
Kaelum (@ai_trade_pro) reportedQuietly one of the most important AI updates of the month, and itโs not a benchmark. Anthropicโs unreleased Mythos model found 10,000+ critical vulnerabilities in a month under Project Glasswing. Cloudflare alone found 2,000 bugs, with a false-positive rate that beat human testers. For years the security industry was gated by how many skilled humans could hunt for flaws. That gate is gone. The new gate is how fast humans can fix what the machine surfaces. The defensive story and the offensive story are the same capability pointed in opposite directions. One stays restricted to 50 partners. The other one, eventually, wonโt. The interesting risk in AI isnโt the model that ships. Itโs the one thatโs too capable to.
-
Dr. Valerie Thomas (@Valerie32844654) reportedI'm currently having significant problems with Cloudflare. Their lack of integrity to resolve customer issues is not reputable.
-
NewsTongue (@NewsTongueX) reported๐ด Source content blocked by security service โ full article unavailable The source URL returned a Cloudflare security block rather than article content. The headline references Standard Chartered commentary on bitcoin's price floor, but the article body could not be accessed. No substantive data, quotes, or verifiable claims are available for publication.
-
Daksh Trehan (@DakshTrehan) reportedthe frontend was never the bottleneck. the URL is. once Codex deploys, OpenAI is competing with Vercel and Cloudflare on hosting, not models. where does the generated app's auth and state live, theirs or yours?
-
iyda (@notiyda) reported@saltyAom Although I do know that Cloudflare still doesn't have first-tier support for Bun, that's probably a big reason for it.
-
Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported@Grummz Cloudflare is a HUGE source of these problems too
-
Leo - 14 y/o founder (@leodev) reported@theCTO i've got a cloudflare hat with "agents never sleep"
-
Muhammet A. ๐๐ป Mobile Dev (@indiesoftwaredv) reportedMy mobile apps made $3,058 in May 2026 ๐ฑ Fitness app Turkish version made around $2.5k ๐ฑ Fitness app English version made $500 Expense: ๐ฐ $40 Cloudflare for hosting/streaming videos Didn't post about the US market for my EN Fitness app ๐๐ป TikTok Ads Failed ๐ซด๐ป Meta Ads was not good, not bad I want to spend money on sustainable marketing So built my own social media posting automation
-
Saeed Anwar (@saen_dev) reportedCloudflare tunnels are massively underused for this. Testing on a real device over a real connection catches a whole category of bugs localhost never shows.
-
high_byte (@high_byte) reported@omw_to_the_moon @eastdakota Verified bots Bot traffic describes any non-human traffic to a website or an app. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots may be used to perform malicious activities, such as break into user accounts or scan the web for contact information to send spam. Verified bots, such as the ones from search engines, are usually transparent about who they are. Cloudflare manually approves well-behaved services that benefit the broader Internet and honor robots.txt. Each entry on the Verified Bots list exists because a corresponding IP address was seen associated with a verified bot in the last 30 days. A verified bot is not necessarily good or bad.
-
Steve Skojec (@SteveSkojec) reported@OnePeterFive The funny thing is I was getting Cloudflare errors, but by the time I replied to you, it immediately came back up lol
-
primitive.host (@PrimitiveHost) reported๐จ New HTTP/2 Bomb vulnerability can take down your web server in seconds with a single request. Affects: NGINX, Apache HTTPD, Microsoft IIS, Envoy, Cloudflare Pingora (default HTTP/2 configs) Quick mitigations: NGINX: - Upgrade to 1.29.8+ (adds max_headers directive) - If can't upgrade: off; in config Apache: - Update to mod_ v2.0.41 - If can't upgrade: Protocols to disable HTTP/2 IIS / Envoy / Pingora: - No patch yet โ disable HTTP/2 if possible - Front with something that caps header count per request General: - Cap per-worker memory (cgroups, ulimit -v, container limits) so OOM kills happen before swap - Single client can consume 32GB RAM in ~20 seconds, upgrade ASAP (we just upgraded our own infra @PrimitiveHost ).
-
ZOHEB THE DEV (@devheb) reported@threepointone @nevikashah Me when I login in with Cloudflare with Cloudflare
-
Vijay (@unk_data) reported@fit_fr_nothing So now I can do things like make a website generator and with "sign in with Cloudflare" I can host it on their Cloudflare pages? Cool.
-
Franco Gilio (@fgili0) reported@aarondfrancis @browserbase @Cloudflare โthe worst government websiteโ I feel they actually deserve a trophy or some kind of recognition
-
Sanford (@SanfordMarshal) reported@kewinversi @tannerlinsley But I see no problem using Coolify, a SPA you just need to serve the assets and a shell page basically. You could even use something like GitHub Actions to build the assets and send them to a CDN or just use Cloudflare
-
Jon Ezell (@Jonezell_) reportedLooks like there may be a related @Cloudflare outage causing it Not a good day for our product release ๐ฐ
-
Paul the Dev (@Pabblothedev) reported@Prodigers @DanielSmidstrup If you have static pages which do โnothingโ yes itโs cheaper :) In general. Workers are cheaper but limited to 128mb and cool they donโt have cold starts. But queus are super expensive on Cloudflare. D1 also super expensive. I donโt recall know what issue I had with workers sth relates to pkgs but not sure now. Lambda is microvm at the end.