Cloudflare status: hosting issues and outage reports

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

• Domains (41%)
• Cloud Services (26%)
• Hosting (17%)
• Web Tools (11%)
• E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

City	Problem Type	Report Time
Noida	Hosting	7 days ago
Jewar	E-mail	8 days ago
Braga	Web Tools	8 days ago
Noida	Cloud Services	8 days ago
Paris	Cloud Services	8 days ago
Prievidza	Domains	9 days ago

Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  𝙵𝚛𝚎𝚎 𝙶𝚘𝚗𝚊𝚍 (@stronkly_typed) reported 9 minutes ago

  @KuptoKosmos @Cloudflare wtf is this, be a serious company for once please

• 
  Jake 🎉 (@jitl) reported 12 minutes ago

  @Cloudflare damn they couldn’t let vercel have that one lmao

• 
  Letra (@letra_ng) reported 13 minutes ago

  Hi guys, I'm the lead dev @shopnowngg and I have been shipping non-stop. This is a full ecommerce application built from scratch. Tech-stack: 1. Frontend React 19, Tailwindcss v4, lucide react for icons, Motion(formerly framer Motion) for animations 2. Backend & Serveless API Hono V4, Cloudflare workers, Zod, JWT for security and Auth, D1 Database (cloudflare D1) 3. Tooling & Environment Vite V6 for build system, Typescript, wrangler for local dev server. 4. Hosting Cloudflare's global edge network Ask me any questions about the setup.

• 
  Dmytro Shevchenko 🇺🇦 (@dschewchenko) reported 13 minutes ago

  @m_zokov @CloudflareDev Some lock-in, yes. Workers/DO/D1 are Cloudflare-specific, R2 is S3-compatible, Containers are Docker. For small products I accept it because ops and cost stay tiny. If migration becomes a real problem, the product probably worked :) And there is no problem to migrate DB to external Postgres with Cloudflare Hyperdrive for example. Or some heavy modules migrate to Hetzner. But really On Cloudflare could be implemented any product

• 
  Saeed Anwar (@saen_dev) reported 14 minutes ago

  Cloudflare tunnels for mobile dev testing is genuinely underrated — it removes the whole "how do I hit localhost from my phone" headache. Once you set this up once you never go back to emulator-only testing.

• 
  Coder CoderDyne (@CCoderDyne) reported 15 minutes ago

  @kevinleversee @4nt1p4tt3rn "The cloud is distributed at scale." Until us-east-1 or CloudFlare go down.

• 
  Zara_Schneider (@ZSchneider76107) reported 17 minutes ago

  @MacdevM Mostly comes down to control and pricing for me Cloudflare and Namecheap usually stand out for clean management and no unnecessary upsells 🚀

• 
  📈📉💸 (@Bicepmonkey) reported 18 minutes ago

  Good day, Money Market! GitLab $GTLB released its earnings report for the first quarter of fiscal year 2027. The stock has gotten volatile since the numbers dropped. Full-year revenue guidance remained about the same overall, though they raised the lower end of the outlook by a small amount. The main item that stirred things up was the plan to replace around 14% of the workforce with artificial intelligence. Cloudflare $NET went down a similar path not long ago. The market has pushed back because this could make it harder for the company to scale its operations in the future. Companies trying to grow usually hire more salespeople and developers to grab market share and keep up with customer needs. GitLab $GTLB has put its money into buying back shares instead. That choice often leaves investors worried that growth is drying up. I have not changed my view on GitLab $GTLB and see this as mostly noise around the stock. The company is working to restart stronger revenue growth. It plans to bring on additional salespeople. These new roles probably do not overlap with the positions AI will handle. The approach also calls for more upfront selling to new customers along with more detailed pricing tiers. I will check in on the progress early in 2027. Shares currently trade at a price-to-sales ratio below 5. That level sits below the average across my coverage list and below the trailing four-quarter average that GitLab $GTLB has posted. Both of those averages come in near 8. The valuation does not look expensive when stacked against the 17% revenue growth projected for this year.

• 
  Nilmani Prashant (@NILMANIPRASHANT) reported 18 minutes ago

  Rate limiting isn't about blocking requests. It's about **protecting system invariants under adversarial load** — including your own code doing something stupid at 2am. --- **The precise definition most people skip:** A rate limiter is a policy enforcement mechanism that maps an identity (user, IP, API key, service) × resource (endpoint, DB, queue) × time window to an allowed request budget. Miss any of those three dimensions and your limiter is incomplete. --- **The five algorithms — and what they actually trade:** **Fixed Window** — simplest. Bucket resets on clock boundary. Problem: 2x burst at the seam. If your limit is 100 req/min, a client sends 100 at :59 and 100 at :01. You've served 200 in 2 seconds. This is how Cloudflare's early DDoS protection got punched through. **Sliding Window Log** — stores each request timestamp. Exact, no burst artifact. Cost: O(n) memory per user. At Stripe's API scale (~500M requests/day), storing per-request timestamps across even 1% of users is untenable without aggressive TTL management. **Sliding Window Counter** — approximation using two fixed windows weighted by overlap. Formula: `current_count + previous_count × ((window_size - elapsed) / window_size)`. Stripe uses this. ~0.003% error rate in practice. Memory: O(1) per user. **Token Bucket** — refill at constant rate, allow burst up to capacity. AWS API Gateway uses this. 10,000 req/s steady-state, 5,000 burst above that. Requests consume tokens; tokens refill at rate R. Good for bursty-but-average-bounded traffic. **Leaky Bucket** — requests queue, drain at fixed rate. Smooths output regardless of input shape. Netflix uses this on their Zuul edge layer to protect downstream microservices from thundering herd. Queue depth becomes your config ****. --- **Where this actually lives in distributed systems:** Local in-process: fast (~1μs), but worthless in a multi-node fleet. Node A doesn't know what Node B allowed. Centralized Redis: ~1-3ms round trip. Use Lua scripts for atomicity — `INCR` + `EXPIRE` in a single script. Redis's single-threaded command execution gives you linearizability for free. This is what most Stripe, GitHub, and Twilio rate limiters use at the storage layer. Gossip/eventually consistent: each node tracks local counts, syncs async. Allows ~N× over-serving where N = node count before sync. Acceptable for soft limits (analytics APIs), not for billing or security enforcement. --- **The senior engineer gotcha:** You set a 1000 req/min limit. Load test passes. You ship. Three months later, you get paged. Latency on your downstream DB is 40× normal. Your rate limiter is working perfectly — 1000 req/min per user, 10,000 users, that's 166 req/s aggregate, which was fine in testing with 100 users. **You rate-limited per identity but never modeled aggregate load.** The limiter protected individual users from themselves but said nothing about what your system can actually handle. You needed a global ceiling, not just per-user quotas. Google's SRE book calls this the difference between *demand-side limiting* (per user) and *supply-side limiting* (per resource). You need both. Stripe enforces per-API-key limits AND global concurrency limits per endpoint via a token bucket at the load balancer level. --- **When NOT to rate limit at the application layer:** If your bottleneck is CPU-bound work (ML inference, crypto ops), rate limiting requests doesn't help — you need a work queue with backpressure. If you rate limit, you'll drop valid requests while the remaining 10% still saturate your CPU. This is why Google's Bard/Gemini API uses quota + async job queues for expensive inference calls, not synchronous rate limiting alone. --- **Numbers worth memorizing:** Redis INCR throughput: ~100K ops/sec single node, ~1M/sec with clustering. Lua atomic script overhead: ~15% vs raw INCR. P99 latency on Redis rate-check in same-region AWS: 800μs–2ms. Sliding window counter error

• 
  Shubham (@inlovewithgo) reported 22 minutes ago

  Login with GitHub on cloudflare Login with Cloudflare on GitHub

• 
  Alex Dunne (@adunne09) reported 23 minutes ago

  what if someone made a "vibe coding" app that's just cloudflare login codex login codemode effect cloudflare skills

• 
  Grandma Sez So (@GrandmaSezSo) reported 26 minutes ago

  @Cloudflare @MeckaAI Cloudflare sux. Click troubleshoot and even the form to send problem doesn't submit. I hate when websites use Cloudflare.

• 
  Kaelum (@ai_trade_pro) reported 27 minutes ago

  Quietly one of the most important AI updates of the month, and it’s not a benchmark. Anthropic’s unreleased Mythos model found 10,000+ critical vulnerabilities in a month under Project Glasswing. Cloudflare alone found 2,000 bugs, with a false-positive rate that beat human testers. For years the security industry was gated by how many skilled humans could hunt for flaws. That gate is gone. The new gate is how fast humans can fix what the machine surfaces. The defensive story and the offensive story are the same capability pointed in opposite directions. One stays restricted to 50 partners. The other one, eventually, won’t. The interesting risk in AI isn’t the model that ships. It’s the one that’s too capable to.

• 
  Dr. Valerie Thomas (@Valerie32844654) reported 33 minutes ago

  I'm currently having significant problems with Cloudflare. Their lack of integrity to resolve customer issues is not reputable.

• 
  NewsTongue (@NewsTongueX) reported 34 minutes ago

  🔴 Source content blocked by security service — full article unavailable The source URL returned a Cloudflare security block rather than article content. The headline references Standard Chartered commentary on bitcoin's price floor, but the article body could not be accessed. No substantive data, quotes, or verifiable claims are available for publication.

• 
  Daksh Trehan (@DakshTrehan) reported 37 minutes ago

  the frontend was never the bottleneck. the URL is. once Codex deploys, OpenAI is competing with Vercel and Cloudflare on hosting, not models. where does the generated app's auth and state live, theirs or yours?

• 
  iyda (@notiyda) reported 38 minutes ago

  @saltyAom Although I do know that Cloudflare still doesn't have first-tier support for Bun, that's probably a big reason for it.

• 
  Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported 45 minutes ago

  @Grummz Cloudflare is a HUGE source of these problems too

• 
  Leo - 14 y/o founder (@leodev) reported 49 minutes ago

  @theCTO i've got a cloudflare hat with "agents never sleep"

• 
  Muhammet A. 👉🏻 Mobile Dev (@indiesoftwaredv) reported 50 minutes ago

  My mobile apps made $3,058 in May 2026 📱 Fitness app Turkish version made around $2.5k 📱 Fitness app English version made $500 Expense: 💰 $40 Cloudflare for hosting/streaming videos Didn't post about the US market for my EN Fitness app 👎🏻 TikTok Ads Failed 🫴🏻 Meta Ads was not good, not bad I want to spend money on sustainable marketing So built my own social media posting automation

• 
  Saeed Anwar (@saen_dev) reported 52 minutes ago

  Cloudflare tunnels are massively underused for this. Testing on a real device over a real connection catches a whole category of bugs localhost never shows.

• 
  high_byte (@high_byte) reported 53 minutes ago

  @omw_to_the_moon @eastdakota Verified bots Bot traffic describes any non-human traffic to a website or an app. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots may be used to perform malicious activities, such as break into user accounts or scan the web for contact information to send spam. Verified bots, such as the ones from search engines, are usually transparent about who they are. Cloudflare manually approves well-behaved services that benefit the broader Internet and honor robots.txt. Each entry on the Verified Bots list exists because a corresponding IP address was seen associated with a verified bot in the last 30 days. A verified bot is not necessarily good or bad.

• 
  Steve Skojec (@SteveSkojec) reported 56 minutes ago

  @OnePeterFive The funny thing is I was getting Cloudflare errors, but by the time I replied to you, it immediately came back up lol

• 
  primitive.host (@PrimitiveHost) reported 58 minutes ago

  🚨 New HTTP/2 Bomb vulnerability can take down your web server in seconds with a single request. Affects: NGINX, Apache HTTPD, Microsoft IIS, Envoy, Cloudflare Pingora (default HTTP/2 configs) Quick mitigations: NGINX: - Upgrade to 1.29.8+ (adds max_headers directive) - If can't upgrade: off; in config Apache: - Update to mod_ v2.0.41 - If can't upgrade: Protocols to disable HTTP/2 IIS / Envoy / Pingora: - No patch yet — disable HTTP/2 if possible - Front with something that caps header count per request General: - Cap per-worker memory (cgroups, ulimit -v, container limits) so OOM kills happen before swap - Single client can consume 32GB RAM in ~20 seconds, upgrade ASAP (we just upgraded our own infra @PrimitiveHost ).

• 
  ZOHEB THE DEV (@devheb) reported 58 minutes ago

  @threepointone @nevikashah Me when I login in with Cloudflare with Cloudflare

• 
  Vijay (@unk_data) reported 60 minutes ago

  @fit_fr_nothing So now I can do things like make a website generator and with "sign in with Cloudflare" I can host it on their Cloudflare pages? Cool.

• 
  Franco Gilio (@fgili0) reported 1 hour ago

  @aarondfrancis @browserbase @Cloudflare “the worst government website” I feel they actually deserve a trophy or some kind of recognition

• 
  Sanford (@SanfordMarshal) reported 1 hour ago

  @kewinversi @tannerlinsley But I see no problem using Coolify, a SPA you just need to serve the assets and a shell page basically. You could even use something like GitHub Actions to build the assets and send them to a CDN or just use Cloudflare

• 
  Jon Ezell (@Jonezell_) reported 1 hour ago

  Looks like there may be a related @Cloudflare outage causing it Not a good day for our product release 😰

• 
  Paul the Dev (@Pabblothedev) reported 1 hour ago

  @Prodigers @DanielSmidstrup If you have static pages which do “nothing” yes it’s cheaper :) In general. Workers are cheaper but limited to 128mb and cool they don’t have cold starts. But queus are super expensive on Cloudflare. D1 also super expensive. I don’t recall know what issue I had with workers sth relates to pkgs but not sure now. Lambda is microvm at the end.