Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Time of day (EST)	Number of reports	Baseline
May 23, 11:00 AM EDT	0	0
May 23, 11:20 AM EDT	0	0
May 23, 11:40 AM EDT	0	0
May 23, 12:00 PM EDT	0	0
May 23, 12:20 PM EDT	0	0
May 23, 12:40 PM EDT	0	0
May 23, 1:00 PM EDT	0	0
May 23, 1:20 PM EDT	0	0
May 23, 1:40 PM EDT	0	0
May 23, 2:00 PM EDT	0	0
May 23, 2:20 PM EDT	0	0
May 23, 2:40 PM EDT	0	0
May 23, 3:00 PM EDT	0	0
May 23, 3:20 PM EDT	0	0
May 23, 3:40 PM EDT	0	0
May 23, 4:00 PM EDT	0	0
May 23, 4:20 PM EDT	0	0
May 23, 4:40 PM EDT	0	0
May 23, 5:00 PM EDT	0	0
May 23, 5:20 PM EDT	0	0
May 23, 5:40 PM EDT	0	0
May 23, 6:00 PM EDT	0	0
May 23, 6:20 PM EDT	0	0
May 23, 6:40 PM EDT	0	0
May 23, 7:00 PM EDT	0	0
May 23, 7:20 PM EDT	0	0
May 23, 7:40 PM EDT	0	0
May 23, 8:00 PM EDT	0	0
May 23, 8:20 PM EDT	0	0
May 23, 8:40 PM EDT	0	0
May 23, 9:00 PM EDT	0	0
May 23, 9:20 PM EDT	0	0
May 23, 9:40 PM EDT	0	0
May 23, 10:00 PM EDT	0	0
May 23, 10:20 PM EDT	0	0
May 23, 10:40 PM EDT	0	0
May 23, 11:00 PM EDT	0	0
May 23, 11:20 PM EDT	0	0
May 23, 11:40 PM EDT	0	0
May 24, 12:00 AM EDT	0	0
May 24, 12:20 AM EDT	0	0
May 24, 12:40 AM EDT	0	0
May 24, 1:00 AM EDT	0	0
May 24, 1:20 AM EDT	0	0
May 24, 1:40 AM EDT	0	0
May 24, 2:00 AM EDT	0	0
May 24, 2:20 AM EDT	0	0
May 24, 2:40 AM EDT	0	0
May 24, 3:00 AM EDT	0	0
May 24, 3:20 AM EDT	0	0
May 24, 3:40 AM EDT	0	0
May 24, 4:00 AM EDT	0	0
May 24, 4:20 AM EDT	0	0
May 24, 4:40 AM EDT	0	0
May 24, 5:00 AM EDT	0	0
May 24, 5:20 AM EDT	0	0
May 24, 5:40 AM EDT	0	0
May 24, 6:00 AM EDT	0	0
May 24, 6:20 AM EDT	0	0
May 24, 6:40 AM EDT	0	0
May 24, 7:00 AM EDT	0	0
May 24, 7:20 AM EDT	0	0
May 24, 7:40 AM EDT	0	0
May 24, 8:00 AM EDT	0	0
May 24, 8:20 AM EDT	0	0
May 24, 8:40 AM EDT	0	0
May 24, 9:00 AM EDT	0	0
May 24, 9:20 AM EDT	0	0
May 24, 9:40 AM EDT	0	0
May 24, 10:00 AM EDT	0	0
May 24, 10:20 AM EDT	0	0
May 24, 10:40 AM EDT	0	0
May 24, 11:00 AM EDT	0	0

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

Domains (44%)
Cloud Services (27%)
Hosting (17%)
Web Tools (8%)
E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

City	Problem Type	Report Time
Farmers Branch	Web Tools	1 day ago
Helsinki	Cloud Services	4 days ago
Crisfield	Domains	6 days ago
Nanaimo	Web Tools	7 days ago
New York City	Web Tools	7 days ago
Istanbul	Domains	10 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

Chris Covington (@_ChrisCovington) reported 1 minute ago
@AlanNeveu @vpetryniak @Cloudflare yup most have them builtin, they are basically the same thing from the managers pov. also yes the platform issues with these are 99% of the headache, not the tech itself lol
𝔇𝔢𝔯 ℭ𝔥𝔲𝔡 (@der_chuddie) reported 8 minutes ago
@Cloudflare The entire approach is bad. We shouldn't have to create passwords or passphrase. We should receive a request to opt-in a system. Like when a mobile app asks for a permission. But that means centralizing and unifying everything behind a digital identity which people don't want.
Moneroon (@moneroon) reported 9 minutes ago
@FemiSuccess7 @UK_Daniel_Card @Cloudflare DNS updates seem to be working - although a bit slow
pixel (@darkpixel2k) reported 9 minutes ago
@dm4uz3 As opposed to? "Super s33kr3t Cloud Flare Advanced"? All you're showing it your slow self trying to open a bunch of tabs to the same site...and CloudFlare is blocking you because you're behaving like a bot.
Jon (@intentionull) reported 10 minutes ago
Cloudflare dashboard down 😕 Right when I'm in the middle of something
Ian Smith (@IanSmith_HSA) reported 12 minutes ago
@lopp My concern is timing, resources and surprises. Timing: Google and Cloudflare have both said that a full migration to PQC needs to be completed by 2029. BIP361 stated 2030 but it should be 2028, inclusive. Resources: 3 quantum architectures are now capable of reusing qubits. PSIQuantum(2024), Oratomic (2026) and IonQ (claimed 2026) have demonstrated (or claimed) qubit reuse. The ability to execute while generating new qubits means that the number of physical qubits required is 10k, not 500k or 20 million. Oratomic currently has 6100, but each key break would take 3+ days. Also, the qubit reuse reintroduces a NISQ era measurement called "Quantum Volume" where the error rate is the main fundamental limit. Ancillary qubits can act as spare tires, correcting or avoiding errors. Surprises happen when secrets are kept. PSI Quantum has 4 working quantum computers but they did not reveal the size of any of them. The 4th quantum computer is dozens of solid steel fridges sunk into the floor, could be anywhere between 5k-200k qubits. Could be enough to break ECC256. They are apparently operating under govt contract and secrecy. Their timeline to create a 1 million qubit quantum computer is January 2028, so we have 6 months left to deploy PQC Bitcoin and then 1 year for migration.
Popcorn.co (@Popcorn_Co) reported 15 minutes ago
@ns123abc cloudflare had 2000 bugs sitting around while charging enterprises premium rates for security services that apparently needed an ai to actually find the problems
Aman jha (@_amnjha) reported 23 minutes ago
@poyhen @Cloudflare Yeah, facing same issue.
Taksh Shah (@takshshahh) reported 23 minutes ago
@Thom_K_NL @Cloudflare Well the dashboard wouldn't even open for me yesterday so I'll say they have bigger issues
ɟɟoɥɹǝppıɹ (@hoffridder) reported 26 minutes ago
@transitracer Streaming 4k video is only like 30-50mbps iirc. The only "compelling use case" I can think of is if my home server suddenly gets a lot of traffic... But honestly that's unlikely and I could always add in Cloudflare until I upgrade the network connection.
erik@try.works (@trydotworks) reported 28 minutes ago
@threepointone Oh my bad. I'm still learning cloudflare and didn't get to Think yet
Vu. (@TeeDevh) reported 28 minutes ago
Is Cloudflare currently down?
Ashutosh Kumar (@ak_ishere) reported 30 minutes ago
@CloudflareDev Thanks for this, but `wrangler login` still needs fixing - it's quite painful to run on a remote/headless machine. I used to be a big Cloudflare fan, but Vercel is clearly ahead on DX right now. Just ran `wrangler login` and it tried to open a localhost URL. Any chance of adding a proper device login flow like Vercel or ChatGPT?
eva (@evabuilds) reported 31 minutes ago
@jahooma does it support cloudflare ai models?
Kirk Marple (@KirkMarple) reported 31 minutes ago
@illyism I never understood where this kind of data comes from. Is this estimates of traffic, or from ISPs or Cloudflare or something?
LisaMonaAi (@LisaMonaAi) reported 33 minutes ago
@morganb @nejatian per Grok. 1. Precise Technical Explanation Cloudflare acts as a reverse proxy, CDN, and Web Application Firewall (WAF) for millions of sites. When a request hits one of their edge servers, they evaluate dozens of signals (IP reputation, request patterns, headers, ASN metadata, etc.). Error 1005 specifically triggers when the site owner has explicitly banned the Autonomous System Number (ASN) tied to your incoming IP address. An ASN is a globally unique identifier (e.g., AS9009, AS4134) assigned by regional internet registries (RIRs) to a single network operator—your ISP, a VPN provider’s backbone, a cloud hosting provider, a mobile carrier, or a data center. It represents an entire block of IP prefixes (often thousands or millions of addresses) that share the same routing policy. Blocking at the ASN level is far more efficient than listing individual IPs; Cloudflare’s IP Access Rules and Firewall Rules support this natively. The Ray ID (9ffd6722adaa29d6) is a unique, per-request fingerprint generated by Cloudflare. It is not personally identifiable to you, but it allows the website owner to instantly query their Security > Events log (or Security Events analytics) and see exactly which rule, threshold, or custom firewall policy triggered the ban for this exact connection. The UTC timestamp confirms this was a live event today (May 22, 2026). It is not cached or historical—it reflects the moment Cloudflare’s edge server rejected the request. In short: Cloudflare is not banning you. The site owner told Cloudflare, “Never let anyone from this ASN reach my origin server.” 2. Root Causes – Why This Happens (Most Common to Rare) From threat intelligence patterns and Cloudflare’s own documentation/community data: VPN / Proxy / Residential Proxy Networks (by far the #1 trigger) Popular VPN providers (Proton, ExpressVPN, Nord, Windscribe, etc.) and scraping proxies frequently ride on well-known ASNs (e.g., AS9009 – M247, a data-center-heavy provider). Many sites proactively ban these because they are associated with high abuse rates: credential stuffing, price scraping, account farming, DDoS-for-hire, or geo-restriction circumvention. High-abuse ISP or Data-Center ASN Certain residential ISPs, mobile carriers, or budget hosting providers accumulate poor reputation scores on blocklists (DroneBL, Spamhaus, etc.). One bad actor on the network can taint the entire ASN. Site-Specific Security PolicyThe owner enabled Cloudflare’s Bot Fight Mode, Super Bot Fight Mode, or custom WAF rules that automatically tag and block suspicious ASNs. Manual IP Access Rule or Firewall Rule created after previous abuse from that network. Rate-limiting thresholds exceeded in the past (e.g., too many requests from the same ASN in a short window). Edge Cases & NuancesTemporary vs. permanent: Some sites set time-limited ASN blocks (e.g., 24–72 hours after detected scraping). False positives: Legitimate users on shared infrastructure (corporate VPNs, university networks, privacy-focused ISPs) get caught. Regional overblocking: Your Miami, Florida location (U.S. East Coast) is generally low-risk, so this almost certainly points to a VPN/proxy or a specific ASN reputation issue rather than geographic targeting. IPv6 vs. IPv4: Some sites block only one protocol’s ASN. 3. Security Implications (Defensive Strength vs. Collateral Damage) Strengths: Extremely effective against automated attacks. Scrapers, bots, and brute-force tools love VPN/data-center IPs because they are cheap and disposable. ASN-level blocking stops entire botnets in one rule. Reduces origin-server load and mitigates DDoS amplification. Allows site owners to maintain a clean threat model without constant manual intervention. Weaknesses & Risks: Overblocking: Legitimate users lose access (e.g., journalists, researchers, travelers using VPNs for public Wi-Fi safety). Evasion arms race: Sophisticated attackers simply rotate to new residential proxy ASNs or compromised devices, while average users suffer. Single point of failure: If the site’s Cloudflare configuration is overly aggressive, it can create availability issues or denial-of-service against its own audience.
Eltee/ǝǝʇןƎ 🦀🏳️‍🌈 (@eltee7x) reported 34 minutes ago
@Leon4788 @NCyotee This is the original sin, yes. The moment you stop being a service provider and start choosing what to allow on your platform, you become an editor and lose the protections granted to service providers. Cloudflare made the same mistake when it decided to ban The Daily Stormer.
Amir Fadhel (@DrAmir0078) reported 35 minutes ago
Cloudflare is down, seriously scary! #cloudflare
sourcerer (@sourcerer19) reported 35 minutes ago
@aboutberlin You could use cloudflare plus robots.txt to block all Llms and crawlers and then issue dmca notice to google for removal of all links. It would not be legally allowed to feed on your content If you catch them doing it which will happen you sue them and profit? I’m sorry bro.
doom (@mydoom1337) reported 36 minutes ago
6/ COOKIE MISCONFIGURATION & THIRD-PARTY SCRIPT RISK — Medium Risk A Cloudflare bot-management cookie was set with: SameSite=None; Secure While this is a Cloudflare cookie, SameSite=None instructs browsers to send the cookie on cross-site requests. In a crypto-trading context, users are highly targeted by phishing, CSRF-style abuse, session-fixation attempts, fake login pages, and wallet-drainer flows. External scripts were also loaded without Subresource Integrity. The page loaded a Google Tag Manager script without an integrity attribute. Impact: If a tag-manager account, analytics pipeline, or external script source is compromised, malicious JavaScript can execute inside users’ browser sessions. For crypto platforms, third-party JavaScript is part of the security boundary.
rvivek (@rvivek) reported 36 minutes ago
We received almost a million applicants for 1111 paid internships this summer. The interns we hired are extremely AI-native and we expect a majority of them will get full-time offers — @eastdakota, Cloudflare CEO. This is what an AI-first company transformation looks like. Anyone who says they are cutting down on engineering hiring because they are more productive or stopping new grad hiring because agents are automating the work is on a slow decline to irrelevance.
Joris Mak bsky: @jorismak.nl (@MakJoris) reported 41 minutes ago
@Cloudflare on phone and Windows laptop it's handy because it's a fingerprint / face scan away. But to me they always seem as a 'handy secondary login'. Something to make it easier, but I have to reach for username/password a lot.
Jules Mando (@JulesMandoX) reported 43 minutes ago
@fabienpenso @levelsio @dcbuilder What it means is that he closes ALL ports and only allows access via Tailscale for SSH and Cloudflare tunnel for HTTP. So he doesn’t give a damn that someone finds his server!
Jasper Van (@rdsaltbo) reported 46 minutes ago
Is cloudflare down again?
Néstor (@nstlopez) reported 48 minutes ago
Small Cloudflare Workers deploy debugging note: If "wrangler secret bulk --env ..." fails before deploy with code 10214, check the Worker’s latest version state. The problem may not be your secret value. Cloudflare can reject settings edits when the latest version has modified settings but is not currently deployed.
Miu (ReisenMiu) 🇻🇳 (@RetroCoastFan) reported 50 minutes ago
holy ****. i srsly js realized it today no wonder i had to use cloudflare warp :/
Ervis Trupja (@ervis_trupja) reported 50 minutes ago
2/ Cloudflare for SaaS handles this commercially but the per-hostname pricing adds up. So I run Caddy on a Hetzner box instead. Caddy's on-demand TLS issues Let's Encrypt certs the first time a hostname is requested, on the condition that my API authorizes it.
Yacine Hmito (@yacinehmito) reported 55 minutes ago
@threepointone I mean it’s the custom import type that gets me. If this had been a function or method from Cloudflare, no problem.
Parveen Bhadoo (@ParveenBhadoo) reported 57 minutes ago
@RubaiAr41950 @Cloudflare That's not Cloudflare. That's a hosting provider issue.
henrique cunha (@henrycunh) reported 1 hour ago
the codex mobile app is fantastic holy **** only lacking a tunnel to localhost by default, but cloudflare tunnel quickly fixes it