Cloudflare status: hosting issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Domains (41%)
- Cloud Services (33%)
- Hosting (20%)
- Web Tools (4%)
- E-mail (2%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Domains | 4 hours ago |
|
|
Cloud Services | 18 hours ago |
|
|
Cloud Services | 6 days ago |
|
|
Domains | 10 days ago |
|
|
Domains | 14 days ago |
|
|
Domains | 16 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Chynen Eide (@chynen_eide) reportedI have to admit. Cloudflare is awful. Firstly, security verification: most of the websites get a verification if you are not a bot and that's fine. The problem is that it failed to load (it refreshes over and over and over again) until it started to work. Then if you think that's bad, Some websites get down for like a HOUR.
-
My1 (@nep.one - Misskey) (@My1xT) reported@Cloudflare At least some more stuff needs to bette work with dynamic gua prefixes. This was one major issue where i worked with a firewall software which didn't seem to like them.
-
Primož Ajdišek (@Bigpod98) reported@Cloudflare My network is internally ipv6 primarily using ipv4 only for compat
-
dh1415161(new) (@dh14151617) reported@Cloudflare SHUT DOWN CLOUDFLARE AND MAKE IT ILLIGAL FOR MATTHEW PRINCE TO EVER ACCESS A COMPUTER AGAIN. HIS COMPANY THAT HE CO FOUNDED IS THE WORST THING TO EVER HAPPEN TO THE INTERNET
-
ACI (@ACIToken) reported@jarvismrvs Exactly. And 'adapts fast enough' is doing a lot of heavy lifting in that sentence. The NSA started their post-quantum transition in 2022. NIST finalized standards in 2024. Cloudflare just moved their deadline to 2029. Bitcoin's last major protocol upgrade took 6 years of debate. The ecosystem has never moved fast. Why would existential threats change that?
-
Nick Gray (@nickgraynews) reportedI’ve spent the past 3 weeks trying to port a handful of WordPress sites to EmDash CMS, a new open source CMS from Cloudflare But it might all be for naught… I believe my love of Cloudflare + excitement for "the shiny new thing" blinded me towards what I really need for my business case After banging my head with build times, load times, etc I had to step back Now I’ve spent the a few hours today really challenging my assumptions and looking at other options like Payload CMS, SonicJS, and some ***-based CMS solutions like Alinea and Sveltia I'm still not sure what I'll end up on, but I am excited about what we're building tl;dr I may have wasted TONS of time and thousands of dollars of engineering contractor time on my team for the wrong solution!! FML I've been hammering Opus 4.7 and Gstack’s skills to help me think it through, plus getting second opinions from Gemini and Codex. I'll try getting a second opinion on my PRD from GPT 5.5 too Happy Friday! Any suggestions appreciated
-
Techrev (@Techrev_9999) reported@gelbooru @RazorSharpFang @Cloudflare Easy enough to vps in different areas, and sync - if you feel like you need it? DDOS attacks might be an issue, if they get their ***** all up in a bunch, but dang - there are even ways to mitigate that without being lorded over by Cloudflare scum.
-
axolyte (@axolytea) reported@sama HTTPS is a fine protocol for agents to use, especially if agents properly self identify as agents in user agent and accept markdown in mime types, i don't see an issue with it past this? Cloudflare is also doing the 402 payment required as well to make them pay for traffic
-
Mete (@ymetemert) reportedHas Cloudflare gone down or not???? There is no reliable source, its been 10 minutes and no one has posted an update on the site #Cloudflare aloo
-
CypherPunk (@CryptoAgorist99) reported@CrewChiefBased @theo Can you remind me what happens when cloudflare or aws goes down?
-
Jakwoun Reid (@JakwounReid) reportedMy rate limiter was silently broken in production for months. It deployed fine. It tested fine. It ran fine. It was also completely useless. Here's what I found, and how I fixed it by rebuilding on Cloudflare Workers.
-
One Man LBO (@OneManLBO) reportedCold email for M&A today is both science + art. The science (tech stack) is table stakes at this point, and surprisingly, a lot of people still get it wrong. What worked for me: Cloudflare domains, Google Workspace inboxes, never-ending AI warmup of 30+ emails per day. The AI-driven warmup is hilarious. You log into one of your cousin domain inboxes and here you are, with your name and real Workspace profile pic, having thousands of enthusiastic, vague, automated conversations with strangers (including a random Benchmark International analyst, who was probably on the same SMB M&A sourcing quest). But it works. The servers trust you now. In zeros and ones, they think something along the lines of "oh wow, this dude is sending 40 emails per day and having amazing convos about nothing all day long!" So cool, now you hit sellers' inboxes (or at least most inboxes). Now, what do you say? This is where the art comes in. What worked for me was: (1) language specific to the seller (in terms of their company and industry, NOT where they went to school or some meaningless junk rapport building statement), (2) extremely informal, (3) 4-5 sentences max, (4) subject line 2-4 words, all lower case, and referencing terms relevant to their industry. THIS IS EXTREMELY CHALLENGING TO GET "JUST RIGHT." Essentially, you are writing in the tone of a peer asking for a favor. You don't pitch. You just ask for the meeting, and you try to explain in one sentence what you're trying to do here (which is so hard -- like some version of "yo, my wife and I are looking at HVAC businesses to buy"). You just need to trigger some response, any response, even if it's a NO. A no is better than no response. To be honest, when I was hunting for businesses, I found it very hard to scale high quality cold email, because I was really perfectionist in my approach. Idaho is a small market, and I couldn't afford to burn leads. So I wanted to get the emails right. I paired cold email with handwritten direct mail, and I only ever pummeled HVAC and plumbing seriously with 3-4 touches on average. But I got 10%-15% response rates, which I think is pretty good. (As a side note, if you're serious, you have to do way more touches, like 10-15, over several months). Still, an absolute pain. But that's what's required in this world of generic mass outrage. If you are cheap and trying to take shortcuts in terms of the work you put into your messaging, the market sees right through it. You're a cheap commodity volume sender. There's no free lunch.
-
Ritesh (@treadon) reported@lukcombinator @Samaytwt Why Mongo, I just switched my last site away from Atlas because of latency and connection issues from CloudFlare?
-
Vishwanath Patil (@patilvishi) reportedDDoS Protection Architecture -How Systems Survive Massive Traffic Attacks This is: - Used by Cloudflare, AWS Shield, Google Cloud Armor - Critical for public APIs, SaaS, fintech - A must-know for system design interviews - Directly tied to availability & security Let’s go deep 👇 The Core Problem DDoS = Distributed Denial of Service Attackers send massive traffic: Millions of requests/sec Goal: Overload system → make it unavailable Types of DDoS Attacks 1. Volumetric Attacks Flood network bandwidth. Example: UDP flood, DNS amplification 2. Protocol Attacks Exploit network layer. Example: SYN flood 3. Application Layer Attacks (Most Dangerous) Look like real traffic: HTTP GET /login spam Hard to detect. Defense Strategy (Layered Approach) DDoS protection is not one tool. It is multi-layer defense: 1. Edge Protection (CDN + WAF) First line of defense. Handles: - Traffic filtering - Bot detection - IP blocking - Geo-blocking Examples: Cloudflare Akamai AWS CloudFront + WAF 2. Rate Limiting Limit requests per IP / tenant. Example: 100 req/sec per IP Stops abuse early. 3. Load Balancing Distributes traffic across servers. Prevents single-node overload. 4. Auto Scaling Increase capacity during attack. But: Scaling alone does NOT stop DDoS. 5. Application Protection - CAPTCHA - Login throttling - API key validation - Token-based access 6. Backend Protection - Circuit breakers - Queue buffering - Caching Example Attack Flow Without protection: Botnet → API → DB → crash With protection: Botnet → CDN → WAF → Rate Limit → App → DB Attack filtered before reaching backend. Key Techniques 1. IP Reputation Block known bad IPs. 2. Geo Filtering Block traffic from suspicious regions. 3. Bot Detection Analyze: - request patterns - headers - behavior 4. Challenge Systems - CAPTCHA - JS challenges - Proof-of-work 5. Traffic Shaping Limit heavy endpoints like: login search payment Real-World Example Login endpoint under attack: 1M requests/min Protection: - CAPTCHA after 3 attempts - Rate limit per IP - Block suspicious patterns Trade-Offs Strategy Benefit Cost CDN/WAF Strong protection Cost Rate limiting Easy May block legit users CAPTCHA Blocks bots UX impact Auto scaling Absorbs load Expensive Architect-Level Insight DDoS protection is about: Filtering early + protecting deeper layers Never rely on backend alone. Common Mistakes - No edge protection - Only scaling infra - No rate limits - No bot detection - Blocking too aggressively Golden Rule Drop bad traffic as early as possible Edge > Gateway > App > DB Final Insight DDoS protection is not optional. It is a core reliability + security requirement for any internet-facing system.
-
Cumulus (@cumulus_____) reported@CodeWithAmann Always vercel, anything backend related render. If heavy and need speed aws Never ever Cloudflare, just not curious to learn it and I don’t understand their pricing
-
Michael Denney (@MikeDVB) reported@CloudFlare We're seeing 520 errors between the LAX POP and our Denver facility - but only LAX - and we're having trouble nailing it down. The end-user having issues is on a free account and apparently there is no logging/details available and support is community-based only now. Is there any way we can get in touch with someone? We were a CloudFlare partner back before you even had a portal for that - so we've been with you a while - and this is the strangest issue I've seen that we haven't been able to sort.
-
Summer☀️ (@isaidmeow_) reported@ImLunaHey @Cloudflare Bro a few lines?? they're making us look bad
-
K.R.I.S. (@KrisWorkLife) reportedWhen will @Cloudflare support .in domains? 🙄
-
Sanjeev "SPAI" Pai (@sanjeevpai) reported@vlntnst @lopp @Cloudflare The compromise there would be to just kill access to one of these and the user would have a full Denial of Service. No perfect solutions exist.
-
SOVA (@getsovaapp) reported@mikefutia but does it passes the security issues when the Cloudflare blocks it?
-
SHΘCKWΛVΞ (@x5h0ckw4v3x) reported@KitsuneroVT checked the link with cloudflare radar and it returned a malicious veredict. it redirects to a "dmca alert" website that will more than likely steal your login and/or stream key.
-
michelle (@michellechen) reported@dr00shie @Cloudflare we never released cached token pricing for glm 4.7 flash, feature was only released since Kimi 2.5 and might backfill cached token pricing (or might bring on glm5.1 instead)
-
Ilya (@ilyarogers) reported@HaloArchive My brotheren, why is your Cloudflare setting blocking NordVPN ips? Never been blocked by a normal site like this before.
-
Framob (@Framob) reportedSee putting cloudflare over my app to pay my bills is just ******* stupid & is going to get you all the jail bc I can only keep that server offline for so long. Idiot earlier was like "show me ,show me" how ******** can I show him when it would need put on & then goes tp social/
-
TallWallet (@ElectricTony999) reported@Cloudflare And it is a horror show, blocking legitimate users all over the world, again. This mob are useless. I had a perfectly good service earier, allowing me to watch some sport events, but, suddenly, somewhere throughout the session, it refuses any connections from any source.
-
Christopher Cichielo (@ccichielo) reported@PalidifyVT @teej_dv You can self host a password manager - like VaultWarden. And even expose it via something like a CloudFlare Tunnel + Domain Name, or just access it on your local network when you need it.
-
AlterRion (@AlterRion) reported@Cloudflare I can't pass the Cloudflare captcha in relatively old browsers anymore from yesterday. Please, fix it.
-
dh1415161(new) (@dh14151617) reported@Cloudflare SHUT DOWN CLOUDFLARE AND MAKE IT ILLIGAL FOR MATTHEW PRINCE TO EVER ACCESS A COMPUTER AGAIN. HIS COMPANY THAT HE CO FOUNDED IS THE WORST THING TO EVER HAPPEN TO THE INTERNET
-
Jonathan Wilson (@jfwfreo) reported@Cloudflare My router supports IPv6 but my ISP doesn't support IPv6.
-
Shawn Huang (@ssshawnh) reportedI’ve paid for custom-domain email before. It worked fine, and it was cheap. But if I keep launching small projects, I don’t want each one to come with another email subscription just so I can send and reply from support@.... So this time I reused Cloudflare + Gmail + Resend.