Cloudflare Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

• 
  snowar (@SnowarSnowind) reported 1 minute ago

  It's honestly wild. Cloudflare just shared data — bots & AI traffic now make up 57.5% of all HTML page requests on their network. Humans? Down to 42.5%. They handle about 20% of the whole internet, so this is huge. Their CEO says the agentic AI wave hit way faster t

• 
  somedude (@somedudeokay) reported 2 minutes ago

  @ThePrimeagen I have ton of small bs thinkgs to do. examples: - migrate my little web based game that makes $1000 per month, from vercel to cloudflare. - split the 4 languages into 4 tld's - set up all of them in search console - rewrite them to plain html, css and js for maintainability - change dns, set up google ads across 4 sites. - make sure i dont lose SEO traffic - etc. this is just ONE ITEM (migrate web game) on a long list of similar stuff. It would have taken me 100nights at least (mainly the rewrite to html from really old react), now it all took me 1 night. do i call that a 100x productivity gain? maybe not. but stuff gets done that i would have never had the time to do otherwise.

• 
  Anh Tran (@rilwis) reported 4 minutes ago

  @rmelogli @learnwithmattc I usually use browser bookmarks. But it becomes a problem when switching browsers. So I export it to a html file, tell Claude to design it a little bit, and deploy to Cloudflare. Now I set it as my browser homepage :)

• 
  high_byte (@high_byte) reported 5 minutes ago

  @omw_to_the_moon @eastdakota Verified bots Bot traffic describes any non-human traffic to a website or an app. Some bots are useful, such as search engine bots that index content for search or customer service bots that help users. Other bots may be used to perform malicious activities, such as break into user accounts or scan the web for contact information to send spam. Verified bots, such as the ones from search engines, are usually transparent about who they are. Cloudflare manually approves well-behaved services that benefit the broader Internet and honor robots.txt. Each entry on the Verified Bots list exists because a corresponding IP address was seen associated with a verified bot in the last 30 days. A verified bot is not necessarily good or bad.

• 
  Alex Dunne (@adunne09) reported 5 minutes ago

  what if someone made a "vibe coding" app that's just cloudflare login codex login codemode effect cloudflare skills

• 
  Marquivion (Marq) Orr (@0xprimex0) reported 6 minutes ago

  Mature General-Purpose Libraries (PQC-Ready 2026) Battle-tested libraries with shipped NIST algorithms: • OpenSSL: Production-ready via oqs-provider or native 3.5+. Supports ML-KEM, ML-DSA, SLH-DSA & hybrids. Choose OpenSSL if you need maximum compatibility with existing infrastructure and web servers. It is the standard choice if you are already using OpenSSL and can integrate the oqs-provider module or upgrade to version 3.5+ for immediate ML-KEM/ML-DSA support without rewriting your application logic. • Botan: Full native C++ support. Most complete NIST suite (ML-KEM/DSA, SLH-DSA, FrodoKEM, Classic McEliece). Choose Botan if you are developing in C++ and want the most comprehensive algorithm coverage out-of-the-box. It is the best choice if you need immediate access to the full NIST suite (including alternative KEMs like FrodoKEM) with a modern, object-oriented API, rather than waiting for C libraries to catch up. • Bouncy Castle: Dominant in Java/.NET. v1.83+ supports ML-KEM/DSA, hybrid certs (RFC 9883), and composite signatures. Choose Bouncy Castle if your stack is Java, Kotlin, or .NET/C#. It is the undisputed leader for JVM and Microsoft ecosystems, offering the only mature, native implementation of hybrid certificates (RFC 9883) and composite signatures required for complex PKI migrations in enterprise environments. • Mbed TLS: Emerging support. ML-DSA prototype available; ML-KEM planned for late 2026. Best for constrained IoT soon. Choose Mbed TLS if you are targeting highly constrained embedded devices (low RAM/Flash) and can wait slightly for full ML-KEM stabilization (expected late 2026). It is ideal if you need a small footprint and are already using the ARM PSA Crypto architecture, provided your timeline allows for the final ML-KEM integration. • Google Tink: High-level API. Delegates PQC to backends (AWS-LC, BoringSSL, OpenSSL). Easy integration for apps. Choose Google Tink if you want a language-agnostic, high-level API that abstracts away the underlying crypto engine. It is the best choice for application developers who want to enable PQC (via a supported backend like AWS-LC or OpenSSL) with minimal code changes and without managing low-level cryptographic primitives directly. • CIRCL(@Cloudflare): Go-native. Focused on PQC research & hybrids (Kyber/X25519). Used in Cloudflare services. Choose CIRCL if you are building services in Go and need cutting-edge, research-grade implementations of hybrid schemes. It is the preferred choice for Go developers who want to leverage Cloudflare’s production-tested PQC research and need flexible, low-level control over key exchanges in network protocols.

• 
  Vit (@Not_Toa_Kraadak) reported 6 minutes ago

  @Jerav2776 @schizothotep cloudflare warp should help

• 
  Tony Dinh (@tdinh_me) reported 12 minutes ago

  This project involves an iOS app, sign-in with apple, in-app purchase, revenue cat, api backend server, firecracker sandbox, AI gateway, database (postgresql), a blob storage, cloudflare R2, DNS for linking domains, a minimal harness to build a website, and a lot of prompts. Normally, this would take a team of 10 at least. Now I do it alone fully remote via telegram from my phone. I only looked at the code once (due to a potential security concern), but other than that I never read a line of code. I do most of my reviews via prototypes, diagrams, text, and, html reports. The future is going to be wild.

• 
  Wasim (@WasimShips) reported 13 minutes ago

  Here's $500K+ in FREE startup credits most founders never claim (before spending a dollar on infra) : I've used half of these on actual client builds. Bookmark this before you pay for another tool. Design : Figma for Startups — free Professional plan, 1 year Canva for Startups — free Pro access Dev infra : Vercel — up to $200K in credits Supabase — up to $25K Cloudflare — up to $250K DigitalOcean Hatch — $5K Neon — Postgres credits Auth + Payments : Clerk — auth credits Stripe Atlas — credits post-incorporation AI : AWS Activate — $1K base (gateway to more) OpenAI startup credits — via accelerators Analytics : PostHog — $50K in credits Amplitude + Mixpanel — free Growth plans Comms : HubSpot — up to 90% off Loom — free Business plan None of these need investors. None need a pitch deck. Just an application. Pick 3 that match your build. Apply today.

• 
  𝑮𝑹𝑹𝑳 (@GRRLmusic) reported 13 minutes ago

  @DominicEkom_ @David_Rudnick yeah looool people who would buy and wear cloudflare merch (especially **** that looks that bad) of their own volition definitely have questionable (******* horrendous) taste

• 
  Nilmani Prashant (@NILMANIPRASHANT) reported 15 minutes ago

  Rate limiting isn't about blocking requests. It's about **protecting system invariants under adversarial load** — including your own code doing something stupid at 2am. --- **The precise definition most people skip:** A rate limiter is a policy enforcement mechanism that maps an identity (user, IP, API key, service) × resource (endpoint, DB, queue) × time window to an allowed request budget. Miss any of those three dimensions and your limiter is incomplete. --- **The five algorithms — and what they actually trade:** **Fixed Window** — simplest. Bucket resets on clock boundary. Problem: 2x burst at the seam. If your limit is 100 req/min, a client sends 100 at :59 and 100 at :01. You've served 200 in 2 seconds. This is how Cloudflare's early DDoS protection got punched through. **Sliding Window Log** — stores each request timestamp. Exact, no burst artifact. Cost: O(n) memory per user. At Stripe's API scale (~500M requests/day), storing per-request timestamps across even 1% of users is untenable without aggressive TTL management. **Sliding Window Counter** — approximation using two fixed windows weighted by overlap. Formula: `current_count + previous_count × ((window_size - elapsed) / window_size)`. Stripe uses this. ~0.003% error rate in practice. Memory: O(1) per user. **Token Bucket** — refill at constant rate, allow burst up to capacity. AWS API Gateway uses this. 10,000 req/s steady-state, 5,000 burst above that. Requests consume tokens; tokens refill at rate R. Good for bursty-but-average-bounded traffic. **Leaky Bucket** — requests queue, drain at fixed rate. Smooths output regardless of input shape. Netflix uses this on their Zuul edge layer to protect downstream microservices from thundering herd. Queue depth becomes your config ****. --- **Where this actually lives in distributed systems:** Local in-process: fast (~1μs), but worthless in a multi-node fleet. Node A doesn't know what Node B allowed. Centralized Redis: ~1-3ms round trip. Use Lua scripts for atomicity — `INCR` + `EXPIRE` in a single script. Redis's single-threaded command execution gives you linearizability for free. This is what most Stripe, GitHub, and Twilio rate limiters use at the storage layer. Gossip/eventually consistent: each node tracks local counts, syncs async. Allows ~N× over-serving where N = node count before sync. Acceptable for soft limits (analytics APIs), not for billing or security enforcement. --- **The senior engineer gotcha:** You set a 1000 req/min limit. Load test passes. You ship. Three months later, you get paged. Latency on your downstream DB is 40× normal. Your rate limiter is working perfectly — 1000 req/min per user, 10,000 users, that's 166 req/s aggregate, which was fine in testing with 100 users. **You rate-limited per identity but never modeled aggregate load.** The limiter protected individual users from themselves but said nothing about what your system can actually handle. You needed a global ceiling, not just per-user quotas. Google's SRE book calls this the difference between *demand-side limiting* (per user) and *supply-side limiting* (per resource). You need both. Stripe enforces per-API-key limits AND global concurrency limits per endpoint via a token bucket at the load balancer level. --- **When NOT to rate limit at the application layer:** If your bottleneck is CPU-bound work (ML inference, crypto ops), rate limiting requests doesn't help — you need a work queue with backpressure. If you rate limit, you'll drop valid requests while the remaining 10% still saturate your CPU. This is why Google's Bard/Gemini API uses quota + async job queues for expensive inference calls, not synchronous rate limiting alone. --- **Numbers worth memorizing:** Redis INCR throughput: ~100K ops/sec single node, ~1M/sec with clustering. Lua atomic script overhead: ~15% vs raw INCR. P99 latency on Redis rate-check in same-region AWS: 800μs–2ms. Sliding window counter error

• 
  Crystalwizard (@crystalwizard) reported 16 minutes ago

  @PaulGugAI people on twitter: "AI can't code" me: (watches claude create an intricate and complicated set up out of thin air so GPT can connect via a cloudflare tunnel and run brainctl in its home directory on my machine) - which includes design docs, writing an MCP server, service, Cloudflare route, OAuth, database init, FTS rebuild, Defender exclusion, retry logic. All in one day. From nothing.

• 
  トラッキー (@RYUSEI2020_0203) reported 16 minutes ago

  This is honestly insane. Cloudflare just shared new data — bots and AI traffic now make up 57.5% of all HTML requests on their network. Humans? Just 42.5%. They handle about 20% of the whole internet, so this isn't a tiny sample. Their CEO says the agentic AI wave

• 
  Christian Findlay (@CFDevelop) reported 17 minutes ago

  @_andrewthecoder Remember last year’s Cloudflare outage due to an unwrap()? I’m a huge Rust fan, but how did people land on this particular ideology lie? It’s a parallel to the Typescript ideology lie that types and tests are mutually exclusive things

• 
  Daksh Trehan (@DakshTrehan) reported 18 minutes ago

  the frontend was never the bottleneck. the URL is. once Codex deploys, OpenAI is competing with Vercel and Cloudflare on hosting, not models. where does the generated app's auth and state live, theirs or yours?