Cloudflare Outage Map
The map below depicts the most recent cities worldwide where Cloudflare users have reported problems and outages. If you are having an issue with Cloudflare, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
Cloudflare users affected:
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Manchester, England | 1 |
| Angers, Pays de la Loire | 1 |
| London, England | 1 |
| Noida, UP | 2 |
| Jewar, UP | 1 |
| Braga, Braga | 1 |
| Paris, Île-de-France | 1 |
| Prievidza, Nitriansky | 1 |
| Farmers Branch, TX | 1 |
| Helsinki, Uusimaa | 1 |
| Crisfield, MD | 1 |
| Nanaimo, BC | 1 |
| New York City, NY | 1 |
| Istanbul, Istanbul | 1 |
| Greater Noida, UP | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Rohit Kashyap | AI + Full-Stack (@rohit_jsfreaky) reported@zeke login with cloudflare as self managed oauth is a genuinely useful primitive
-
Alon Gubkin (@alongubkin) reportedIt's insane how hyped Cloudflare Workers is on X. But it's a completely broken platform. The first version of @alien was based on CF Workers. We built natively for it. But even if things worked perfectly locally, they were *always* broken in production because of some CF Workers runtime bug. We migrated to Vercel and EKS Auto in a weekend and everything became so much faster and more stable. Don't believe the hype. Oh, and all their example projects are just totally broken
-
Vijay Tupakula (@vijaytupakula) reported@HotAisle @Cloudflare Oh no! I haven’t used their email service yet. @Cloudflare can you help?
-
Anees Iqbal (@realsteelbrain) reported@levelsio @Cloudflare I think you should invest in a self hosted smtp server and split the outgoing email traffic and build up reputation with receiving servers over time and eventually just use your own. Email is free. Dont pay for it if you can help it
-
chr (@flowerpower732) reported@levelsio @Cloudflare yeah I got the same issue. got fallback set on AWS SES.
-
Stabledash (@stabledash) reportedAWS and Cloudflare have quietly turned on a new option for any publisher running on their infrastructure: the server can return an x402 payment code instead of a flat 404 when an AI bot hits their content. .@_rishinsharma, Head of AI Growth at @Solana Foundation, breaks down what that unlocks: "Say I have a blog, and it's hosted on AWS Bedrock, and I just write about financial data or something like that. By default, AWS will block bot traffic. So if they detect someone is a bot, they'll just block that traffic. If someone from an LLM is trying to get something I've written about, it'll just return a 404. It can return a 402, I can put in a wallet address, and I can actually get paid and monetize that traffic." His read on why subscriptions already lost this audience: "I think for content publishers, this is gonna be a new way for them to reach an audience, because two, three years ago, I was subscribed to a ton of Substacks, where I was paying for a couple of them too. It felt like a way to get alpha. Now I can't imagine, I don't wanna open my email and go to a Substack, and maybe this is an attention deficit thing, but I can't even read long form content. What's the important part? Skip to that one."
-
Aryan (@aryan_xv) reported@Valitskim Damn, I was hyped about @Cloudflare dropping this Nice to see this fast competition
-
Ranga (@ranga_cp) reported@TeamBHPforum site down ? Seeing some cloudflare error message
-
Rees (@ReesMorris) reportedI just noticed the Cloudflare login flow has a fade transition between pages and it's a really nice touch
-
Ackerman (@realphenolmenal) reportedIntroducing Cloudflare Drop Cloudflare just dropped the ultimate instant-deploy tool: Drop a folder or zip in your browser → static site live on their global edge in milliseconds. No account. No login. No friction. 60-minute temp preview or claim it forever. Built perfectly for the AI/agent era — agents spit out sites, Drop ships them instantly. Ca below
-
CyberClarence (@10xClarence) reported@levelsio @Cloudflare same issue, nearly impossible to migrate because of low starter quota
-
DeepakNess (@DeepakNesss) reportedrclone is a great way to mount Cloudflare R2 in Finder – this post shows a really minimal setup using nfsmount, no macFUSE required: It works well, but it's a live mount: no offline access, no sync status, and you'll want to set up a launchd agent to auto-mount at login.
-
Night (@Night_Fiber) reported@muvluvist A chud like me cant play mualani to save his life i’m #sorry 💔 Have u tried cloudflare one tho it might fix yo ping but you probably 2 far away for it to even work 🥹
-
Sean Knox (@Opp_Knox) reported@wholemars @levelsio @Cloudflare What is bad about it sendgrid?
-
Cybnex Labs (@cybnexlabs) reportedBots now make up more of the internet than people do. On June 3, 2026, Cloudflare's CEO Matthew Prince announced that automated traffic had passed human traffic online for the first time — roughly 57.5% machine to 42.5% human. He had predicted the crossover would land in late 2027. His words on the timing: "Welp, that happened faster than I predicted." That number is why your VPN keeps getting hit with CAPTCHAs. The version circulating on forums: AI companies hide their scrapers behind VPNs to steal content, so websites block VPNs to stop them. It's wrong, and believing it points you toward the wrong fixes. The major AI crawlers don't hide. GPTBot, ClaudeBot, and Googlebot announce themselves in their user-agent strings. That's the entire reason publishers can block them by name. The collision happens at the network address instead. Commercial VPNs and scraping infrastructure rent from the same datacenters. To a security engine scoring your connection, a Mullvad exit node and a scraping proxy look alike. Neither resembles home broadband in Ohio. That's the crossfire — architectural overlap, not deception. A block is rarely one thing. It's a score assembled from six layers — address type, address reputation, request rhythm, browser fingerprint, session coherence, geographic consistency. Reputation on a shared exit node is collective. Hundreds of people leave a website through the same address you do. If enough trip security systems, that address turns hot, and everyone behind it inherits the consequences. You did nothing. The address remembers anyway. Which is why fixing the address alone doesn't always clear the block. It's one input among six. Why the defenses tightened: Prince describes the asymmetry this way — a person shopping for a camera visits five websites. An agent doing it for them visits five thousand. That's real server load and none of the ad revenue the old crawl-for-referrals bargain assumed. Cloudflare's data shows over half of AI crawler traffic is spent re-fetching pages that never changed. On July 1, 2026, Cloudflare split automated traffic into three declared categories: Search, Agent, and Training. Starting September 15, new domains will have Training and Agent crawlers blocked by default on ad-displaying pages. Search stays allowed. Read that carefully. The block targets declared crawler categories. Not VPN users. But it signals the industry's posture: default-suspicious, verify-before-serve. Every operator running bot management is tuning tighter than two years ago, and tighter tuning means more borderline connections get challenged. Yours is borderline. What actually works, without disconnecting: Switch servers once, to somewhere nearby and less crowded. Congested exit nodes accumulate bad reputation faster. Stop hopping. This is the one people get wrong when frustrated. Cycling through a dozen servers in two minutes produces a session where your apparent location changes repeatedly. No person does that. Automation does. You're feeding the system the exact evidence it uses against you. Clear cookies for the site challenging you — stale session data tied to your previous address contradicts your current one. Stay logged in where you trust the site. An authenticated session with history reads as a returning person. An anonymous datacenter connection reads as an unknown. Use an ordinary browser build. Heavy fingerprint modification is meant to make you unremarkable. Done badly, it makes you unique — the opposite. On dedicated IP addresses: Some providers sell an address that belongs only to you. It reliably cuts challenges on banking portals and work systems, because no stranger's behavior contaminates it. The trade-off gets skipped in most write-ups recommending them. A shared address gives you cover precisely because hundreds of people leave through it. Reserve one to yourself and you've bought access by spending anonymity. Several strictly no-log providers don't offer them at all — a permanent address is a persistent identifier, which contradicts their entire design. Some blocks won't yield to any of this. A streaming service enforcing regional licensing isn't scoring your traffic at all. It knows exactly what you are and is contractually obligated to refuse. The friction isn't reversing either. As agents perform more of the browsing people used to do themselves, the systems separating human from machine grow more sensitive. What you're experiencing is closer to a floor than a ceiling. Your VPN puts you in that gap by design. It strips the residential fingerprint that would otherwise vouch for you — and that removal is the whole point of running it. So the goal was never invisibility. It's coherence. Give the system a signal that reads as one person, browsing at human speed, from a stable place, and most of the friction dissolves without ever touching the disconnect button. #CyberSecurity #AI — Cybnex Labs