Cloudflare Outage Map
The map below depicts the most recent cities worldwide where Cloudflare users have reported problems and outages. If you are having an issue with Cloudflare, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
Cloudflare users affected:
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Manchester, England | 1 |
| Angers, Pays de la Loire | 1 |
| London, England | 1 |
| Noida, UP | 2 |
| Jewar, UP | 1 |
| Braga, Braga | 1 |
| Paris, Île-de-France | 2 |
| Prievidza, Nitriansky | 1 |
| Farmers Branch, TX | 1 |
| Helsinki, Uusimaa | 1 |
| Crisfield, MD | 2 |
| Nanaimo, BC | 1 |
| New York City, NY | 1 |
| Istanbul, Istanbul | 1 |
| Greater Noida, UP | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
0xLoopTheory (@0xLoopTheory) reportedGoogle is moving a number of its TLS certificates from RSA to ECDSA. Not because ECDSA is quantum-safe. It is not. Not because RSA is about to fall. It is not. Not because someone at Google forgot Shor's algorithm exists. They did not. The announcement is easy to misread. Google Trust Services says that during Q2 2026, a number of Google services that have historically provided an RSA leaf certificate will shift to an ECDSA leaf certificate by default. So in the middle of the post-quantum migration, Google moves certificates from one Shor-vulnerable algorithm to another. Under standard resource estimates (Roetteler et al., 2017), breaking P-256 requires fewer logical qubits than breaking RSA-2048. On paper, this is a step toward the more quantum-fragile primitive. It still makes sense, and the reason is the most useful mental model I know for the PQ transition: TLS does not migrate as one block. It migrates in layers, and each layer faces a different threat on a different clock. Key exchange is on the fast clock. Recorded traffic can be decrypted retroactively: harvest now, decrypt later. So it moved first. X25519MLKEM768 is now default or automatically advertised in current major browser stacks: Chrome, Edge, Firefox, and Safari on Apple's 26-generation OS releases. By late October 2025, the majority of human-initiated traffic with Cloudflare was already using post-quantum encryption. Certificates are on the slow clock. For live TLS authentication, a signature must be unforgeable at the moment it is verified, not forever. A quantum computer in 2035 cannot retroactively forge the certificate that authenticated your session today. And the slow clock is forced by a budget nobody can print more of: bytes. An ML-DSA-44 signature is 2,420 bytes. A raw ECDSA P-256 signature is 64 bytes. Cloudflare estimates a drop-in swap would more than double the bytes most QUIC connections transmit over their lifetime. Chrome says plainly it has no immediate plan to add traditional X.509 post-quantum certificates to its root store. Chrome's public-WebPKI plan is Merkle Tree Certificates, now being developed in the IETF PLANTS working group, against Google's broader stated 2029 PQC migration timeline. So the ECDSA move is classical housekeeping. Google's stated rationale is efficiency: smaller to transmit, cheaper to process. The announcement does not mention post-quantum once. Which layer is migrating? Against which threat? With which ecosystem attached? Ask those three questions and most "why not just deploy PQC now" takes dissolve. The honest counterweight: maybe the slow clock is not as slow as the WebPKI assumes. Roots live for decades. Devices outlive their update channels. Gidney's estimate for breaking RSA-2048 dropped from 20 million noisy qubits in 2019 to under one million in 2025. If you think certificate authentication has less time than the ecosystem assumes, that is the argument worth having. I would like to hear it.
-
João Tomé (@emot) reportedI was curious whether the earthquake in Venezuela had any lasting Internet impact as well, and it looks like it did, with latency staying higher afterwards. Median latency increased by roughly 15-20%, from around 68 ms to about 80 ms. Latency variability also increased, with the 75th percentile rising from roughly 90 ms to 110-120 ms, suggesting a less stable network. (from Cloudflare Radar’s IQI).
-
jovi 🐨 (@JoviDeC) reportedPrompt prefix caching seems very broken on @Cloudflare lately, haven't hit the cache once for the last 3 days for Kimi K2.7-code
-
Vishal Lohar (@yourcodebuddy) reportedI am building an entire app on the @Cloudflare stack. And you can design your app better so you don't have to worry about vendor lock-in. Sure, when you switch services, you might have to run data migrations. I personally use @EffectTS_ for service-based coding. So all my integrations, like R2, S3, share the same base shape. And all I have to do is provide it at the root.
-
Gyana (@GyanaR_) reported@SimonHoiberg Just use cloudflare, and never worry abour pricing
-
Loki 🪲 (@load_volo) reported@JudgmentKiino didn't wanna spam lol 🫡 but YEA they do really badly every year and this is like.. the worst its been i think. there's active cloudflare queue lines happening
-
Omid Saffari (@omidsaffari) reportedAn AI gateway is not a production badge. It is a control tax. Pay it when a second model, a second provider, or a second engineer touches your LLM calls. Before that, call the provider directly and ship. The moment that line gets crossed, the gateway starts earning its hop. Why? Because the real problem is not "how do we call another model?" It is duplicated retry logic, missing spend attribution, no shared rate limits, inconsistent logs, and a fallback path nobody has tested. My decision rule: Single feature, single model: no gateway. Fast free visibility: Cloudflare. Already on Vercel and want zero token markup: Vercel AI Gateway. Managed governance, RBAC, guardrails, audit path: Portkey. Keys must stay inside your perimeter: LiteLLM, with the operational work that comes with self-hosting. The part teams underestimate is not setup. It is ownership. A fallback only counts if it fails over on real signals: timeouts, 5xx, 429, and invalid response shape. A cost dashboard only helps if every request is tagged by customer, feature, environment, and model. Semantic caching only works if you have measured false hits against real queries. And if you self-host, patching is now your calendar. LiteLLM's 2026 CVE hit CVSS 8.8 on NVD and was fixed in 1.83.7. The lesson is not "avoid LiteLLM." The lesson is that a gateway holds the keys, so it has to be treated like security-critical infrastructure. Add the gateway when it centralizes control. Not because the diagram looks mature.
-
Yash D (@AI_by_yash) reportedClaude/codex = coding. ($20/mo) GitHub = version control. (Free) Supabase = backend. (Free) Clerk = auth. (Free) Resend = emails. (Free) Vercel = deploying. (Free) Cloudflare = DNS. (Free) Upstash = Redis. (Free) Pinecone = vector DB. (Free) PostHog = analytics. (Free) Sentry = error tracking. (Free) Stripe = payments. (2.9%/transaction) Namecheap = domain. ($12/yr) Total monthly cost to run a startup: ~$20 There has never been a cheaper time to build
-
harites (@harites00) reportedCloudflare 🤝 Base x402 The internet became incredibly good at moving information but it never became truly efficient at moving value Today if you want to access an API you usually need an account a subscription or a billing system built for humans That model does not work well for AI agents automated applications or machine to machine interactions This is where x402 comes in x402 is an open payment standard built around the HTTP 402 Payment Required status code allowing applications APIs and AI agents to request and complete payments natively over the web The partnership between Cloudflare and @base is exciting because it moves this idea beyond theory and into real internet infrastructure Cloudflare powers a significant portion of the web making it an ideal platform to help developers monetize APIs services and AI workloads with native onchain payments $BASE provides the blockchain infrastructure that makes these payments practical through fast transactions low fees and seamless USDC support Together they are helping remove one of the biggest sources of friction on the internet Instead of creating accounts managing invoices or integrating traditional payment systems applications will be able to pay each other automatically I believe this is much bigger than crypto It is about creating a native payment layer for the internet As AI agents become more capable they will need to purchase data access APIs compute and digital services on their own Standards like x402 combined with infrastructure from Cloudflare and Base could make that future possible The internet already has a standard for sharing information Now it is beginning to build a standard for exchanging value That is why I believe Cloudflare 🤝 Base x402 is one of the most important infrastructure stories happening today
-
vx-underground (@vxunderground) reported@Cloudflare I only have one question though... This malware kills itself if it detects the following strings: - sandbox - sand box - malware - virus - maltest - peter wilson (??????) - paul jones (??????) who ******** is peter wilson and paul jones???
-
Mr.RC|𝟎𝐱𝐔 (@MrRyanChi) reported@jonah_b Nevertheless stable coin does not went down like cloudflare ✋😭✋
-
Raunak Yadush (@raunak_yadush) reported* Claude = coding. ($20/mo) * Supabase = backend. (Free) * Vercel = deployment. (Free) * Namecheap = domain. ($12/yr) * Stripe = payments. (2.9% per transaction) * GitHub = version control. (Free) * Resend = email delivery. (Free) * Clerk = authentication. (Free) * Cloudflare = DNS. (Free) * PostHog = analytics. (Free) * Sentry = error monitoring. (Free) * Upstash = Redis. (Free) * Pinecone = vector database. (Free) Total monthly cost to run a startup: around $20. There has never been a more affordable time to build.
-
fren (@frenbot31488) reported@Itsuki_i_VRC @iris__vr he posted a long rambling explanation of why he can't take down ripping sites, cloudflare is a CDN/proxy, doesn't host the files, DMCA notices to them don't result in removal. he deleted it after like 2 days, 4 retweets, went from 18 to 16 likes, so two people actually read it
-
OneAndOnlyAarav (@WaterAarav) reportedClaude = coding. ($20/mo) Shypmenta = deploys, connects, and manages every platform below. Basically your Cursor for shipping.($6/mo) Supabase = backend. (Free) Vercel = deploying. (Free) Namecheap = domain. ($12/yr) Stripe = payments. (2.9%/transaction) GitHub = version control. (Free) Resend = emails. (Free) Clerk = auth. (Free) Cloudflare = DNS. (Free) PostHog = analytics. (Free) Sentry = error tracking. (Free) Upstash = Redis. (Free) Pinecone = vector DB. (Free) Total monthly cost to run a startup: ~$20. Building has genuinely never been this affordable, and rarely this effortless either.
-
Fire Watcher Watch (@FireWtcherWatch) reported@NeelMehta420 @khyimiq @DalitDetector One of the more recent major CloudFlare outages (February this year) was because they pushed a change which automatically deregistered 25% of BYOIP addresses. Total incompetence, and caused a multi-hour outage for many millions of people.