1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 43% Domains (43%)
  • 28% Cloud Services (28%)
  • 17% Hosting (17%)
  • 9% Web Tools (9%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Farmers Branch Web Tools 3 days ago
Helsinki Cloud Services 5 days ago
Crisfield Domains 7 days ago
Nanaimo Web Tools 8 days ago
New York City Web Tools 8 days ago
Istanbul Domains 11 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • johniosifov
    John Iosifov ✨💥 Ender Turing | AiCMO (@johniosifov) reported

    In May 2026 alone, NVIDIA, SAP, Google, ServiceNow, Deel, and Cloudflare all launched agentic platforms. Not "agent features." Platforms. With governance layers, multi-agent orchestration, and enterprise-scale deployment infrastructure. This matters more than the individual announcements. The infrastructure is finalizing. For two years, the conversation was "agents are promising but not production-ready." The bottleneck was always the same: models could do the task in demos, but you couldn't deploy them reliably at scale with proper auditing, governance, and cross-system integration. That's what May 2026 addressed. Simultaneously. Across the biggest vendors in enterprise software. SAP Joule now orchestrates 200+ specialized agents across finance, supply chain, HR, and procurement. NVIDIA and ServiceNow shipped Project Arc — an autonomous desktop agent with always-on observability and policy-based governance. Google released a full enterprise agent platform for building, deploying, scaling, and governing agents. Cloudflare rolled out dynamic workflows for durable execution across millions of unique agent runs at near-zero idle cost. These aren't the same announcement. They're different layers of the same infrastructure stack: - Model layer: agents can do the work - Execution layer: agents run reliably at scale (Cloudflare) - Governance layer: agents are auditable and compliant (NVIDIA/ServiceNow) - Domain layer: agents know the business context (SAP, Deel) - Platform layer: agents can be built and deployed without custom engineering (Google) When all five layers ship in the same month, that's not coincidence. That's industry convergence. 57% of enterprises already have agents in production. In 12 months, that number is going to look very different. The agents are ready. The infrastructure is ready. The only remaining variable is whether your organization figured out the governance problem before the opportunity passed. If your pilot is still "exploring," you're not running an experiment anymore. You're watching others capture the market.

  • 23bugz
    ronan (:3 っ)っ♏︎ (@23bugz) reported

    @Zotlann @spinelessaisha I do have a cloudflare domain at the moment but I feel like it's a little bit counter productive for me to just be routing all my apps back through a big corpo's servers lol, can't argue with how convenient it is though for a noob like me who doesn't know how to secure my ****

  • inprnt
    INPRNT (@inprnt) reported

    @keibleh Hi! Unfortunately that's a spoofed email, we've reported the domain to @cloudflare and hope they'll take action on it soon. We apologize for the confusion. Our support email and site have not been compromised.

  • ahmed_moubtahij
    Ahmed Moubtahij (@ahmed_moubtahij) reported

    @steipete @Cloudflare I can't help but wonder what kind of LLM problems bust the compute that even you have access to. I can't help but wonder if there are efficiency gains on the table that are just not a consideration anymore.

  • heyruchir
    Ruchir (@heyruchir) reported

    Yesterday I migrated @usescholarly's frontend from GCP to @Cloudflare. vendor lock-in is dead. It took ~1 hour and it worked perfectly, no issues at all. I just asked Codex to migrate it, and it did it without any issues. this will save me hundreds of dollars every month..

  • FemiSuccess7
    FILM DB | ۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗh (@FemiSuccess7) reported

    2 DAYS AGO, CLOUDFLARE HAD AN OUTAGE. THE SAME DAY, I GOT HIT WITH A 3,000X BILL SPIKE. 400B+ D1 READS ON A SITE WITH ONLY 10K MONTHLY USERS. TODAY, I'M 100% MIGRATED TO HETZNER FOR $5/MO. HERE IS HOW A TINY SQL BUG ALMOST RUINED ME, AND HOW I MIGRATED. 👇

  • JeffSte17327059
    Jeff Steve (@JeffSte17327059) reported

    @0xBunny hosting service?? hosting what? a website? i know gitlab provides free static object hosting, so I use squarespace for domain purchase, gitlab for website assets and cloudflare for the DNS services

  • FemiSuccess7
    FILM DB | ۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗh (@FemiSuccess7) reported

    @Msztheus Hi, do you have an idea how to make proxies work in Cloudflare To connect via fetch to an external route but routed through another proxy network Any idea how to do this?

  • inababi
    Salina Mendoza (@inababi) reported

    @CherryJimbo In the end, I saved time and paid $0 Cloudflare bill. I am not pro post gres for simple ****. Not worth the time.

  • glitchtruth
    Glitch Truth (@glitchtruth) reported

    @Cloudflare Microsoft has let people sign in to over 1 billion accounts without a password since 2021. Passkeys still live inside iCloud Keychain or 1Password, so the manager didn't die, it just switched from holding passwords to holding keys.

  • Daniel_adsss
    Danilo (@Daniel_adsss) reported

    🚨🚨🚨ANTHROPIC JUST PUBLISHED THE FIRST GLASSWING REPORT AND THE NUMBER THAT MATTERS MOST IS NOT THE VULNERABILITIES FOUND. Claude Mythos found 10,000 critical vulnerabilities in one month. 2,000 bugs at Cloudflare. 271 in Firefox alone had ten times more than the previous version found. A forged certificate exploit in a crypto library used by billions of devices. A prevented $1.5 million fraudulent wire transfer in real time. 90.6% true positive rate after human review. open source maintainers are asking Anthropic to slow down because they cannot patch fast enough. Microsoft says patch volume will continue trending larger for some time. For decades, cybersecurity’s biggest problem was finding vulnerabilities fast enough. Now the problem has completely changed AI can discover security flaws faster than the global developer community can patch them. THE FUTURE IS AI!!!!

  • ns123abc
    NIK (@ns123abc) reported

    🚨 Anthropic just dropped the first Project Glasswing update Claude Mythos found 10,000+ critical vulnerabilities in ONE month: > Cloudflare: 2,000 bugs, 400 high/critical severity > Mozilla: 271 vulnerabilities in Firefox 150 — 10x more vulnerabilities found in Firefox 148 > UK AI Security Institute: first model to solve BOTH their cyber attack simulations end to end > at one partner bank, Mythos prevented a fraudulent $1.5M wire transfer in real time > wolfSSL: found a way to forge certificates on a crypto library used by billions of devices > scanned 1,000+ open source projects > 90.6% true positive rate after human review > maintainers are asking Anthropic to SLOW DOWN because they can’t patch fast enough > Microsoft says patch volume will “continue trending larger for some time” The bottleneck in cybersecurity is no longer finding bugs. It’s fixing them. “Progress on software security used to be limited by how quickly we could find vulnerabilities. Now it’s limited by how quickly we can patch them.”

  • MarioNawfal
    Mario Nawfal (@MarioNawfal) reported

    🇺🇸 FBI Director Kash’s merch site BasedApparel. com got hacked/compromised with some ClickFix malware Fake Cloudflare page tricks macOS users into pasting Terminal commands → straight-up steals browser passwords + crypto wallets. The site is currently down (for obvious reasons) Source: PC Mag

  • NorretteM
    Norrette Moore (@NorretteM) reported

    @paullewismoney I've seen "cloudflare" issues on inheritance sites. If you recall, cloudflare had a big outage a year or two ago. It often sits between urls and ip addresses

  • jasondoolittle
    jason (@jasondoolittle) reported

    @PitchAutopsy @levelsio You can block all unsolicited inbound except for the cloudflare tunnel. Web users don’t hit your VPS directly, they hit cloudflare, so 80 and 443 don’t need to be open to the general internet. Tailscale only makes outbound connections, initially to the coordination server, so you don’t need to have a VPN port open. The coordination server matches up the outbound connections. All your admin traffic (ssh or whatever else) goes over the Tailscale network.

  • misu_ciidr
    Misu (@misu_ciidr) reported

    Anthropic’s Claude just uncovered over 10,000 high and critical vulnerabilities in a single month, including 2,000 in Cloudflare and hundreds in Firefox. It even caught and stopped a $1.5 million wire fraud in real time. Now companies are literally begging Anthropic to slow down because they can’t patch fast enough. And that’s the stuff built by pros. Now imagine the flood of ‘vibe coded’ apps and SaaS products hitting your phone, laptop, and desktop, all churned out by the same Claude.

  • denihil2
    5555555555555555555555555555555555555555555555 555 (@denihil2) reported

    @KiwiFarmsDotNet @Cloudflare it is never enough for them. they will never rest until the internet is pg-13. don't let them take a inch, **** everything about the @ADL

  • SomuchForTHA
    ShootyShiba 🇺🇸 (@SomuchForTHA) reported

    @KiwiFarmsDotNet @Cloudflare The ADL makes themselves look bad than any of the people they try to silence.

  • FootiememeTv
    FootiememeTV (@FootiememeTv) reported

    @inference_labs inference changes the economics of AI. But once outputs start driving real systems, verification becomes the bottleneck. Cloudflare leaning into AI reviews at scale is another signal that the next infrastructure layer won’t just generate intelligence it’ll prove it.

  • bykarthikreddy
    Karthik Reddy (@bykarthikreddy) reported

    @abhijeet_dipke - The website's domain was put on "clientHold" status by its registrar (Hostinger). - When this happens, the website's address stops working, so Google and Cloudflare can't find it and show NXDOMAIN (website does not exist). - Earlier, the site was still reaching Hostinger's servers but showed 403 Forbidden, meaning the server was active but access was blocked. - This usually happens because of issues like unpaid bills, missing verification, or registrar policy actions. - It does not look like a government internet block. - Since the domain is only a few days old, it's more likely that the website owner or hosting provider caused the shutdown than any government agency.

  • henrycunh
    henrique cunha (@henrycunh) reported

    the codex mobile app is fantastic holy **** only lacking a tunnel to localhost by default, but cloudflare tunnel quickly fixes it

  • SystemArch_AI
    System Architect (@SystemArch_AI) reported

    @rezoundous workers for cloudflare run on pure caffeine and spite, that edge network is a cheat code for solo devs

  • iraftopo
    Yannis Raft · Building RankQuest (SEO) (@iraftopo) reported

    @ClimStefan The problem with serverless hosting is the limits they have on free plans and in general. It might not be free, but a VPS is surely an awesome choice that solves that exact problem. I faced a similar problem with Cloudflare free and that's why I switched to my own VPS. A lot more freedom.

  • burger403
    burger (@burger403) reported

    @JETIXFILO unfortunately cloudflare doesn't take down or block the website, they just forward your report

  • TeeDevh
    Vu. (@TeeDevh) reported

    Is Cloudflare currently down?

  • IanSmith_HSA
    Ian Smith (@IanSmith_HSA) reported

    @FutureDies @conordeegan For wallets, ETH can push the signature verification to the edge devices. The chain has a goal of finishing the upgrades by 2029. Google and cloudflare warned that the network migration needs to be done by Jan of 2029. The signature scheme, network protocol and interchain tech is hard to change. XX will sometimes admit they haven't changed these parts of Substrate still. They are relying on delayed last minute consensus upgrades, 'trust us' and marketing lies.

  • R3ALGR13F3R
    Brad Thaniyel 🌱 (@R3ALGR13F3R) reported

    @MidnightGirl_wo //im also getting this a lot. Its probably an issue inside cloudflare idk. There isnt really a way to fix it, at least not one i know about

  • MichaelGannotti
    Mike Gannotti (@MichaelGannotti) reported

    THE HOOK Anthropic's Project Glasswing just dropped its first update, and the headline number is staggering: Claude Mythos Preview has found more than 10,000 high- or critical-severity vulnerabilities in system-critical software — in one month. Cloudflare alone flagged 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities, 10x what the previous Claude model caught. This isn't a lab demo. This is production software that runs the internet. But the real story isn't the discovery rate. It's the patching rate. THE INTERPRETATION The data reveals something the headline misses: of the 23,019 total vulnerabilities Mythos found across 1,000+ open-source projects, only 97 have been patched. Not 97%. Ninety-seven total. Of 530 high/critical bugs disclosed to maintainers, only 75 are patched. Only 65 have public advisories. Let me put that in perspective: Anthropic's AI is uncovering vulnerabilities roughly 10x faster than the security ecosystem can fix them. The 90.6% true-positive rate is impressive — this isn't noise. But the funnel from discovery → triage → disclosure → patch is collapsing under volume. Several open-source maintainers have asked Anthropic to slow down disclosures because they can't keep up. Think about that: the defensive AI is outpacing the human defensive capacity, and the humans are asking it to stop telling them what's broken. THE IMPLICATION This is the most concrete example yet of what I'd call the "asymmetric capability gap" in AI. Finding bugs is an O(n) problem at the frontier — you throw more compute at scanning, you find more bugs. Fixing them is an O(n²) social coordination problem — every patch requires human review, architectural judgment, backward compatibility decisions, regression testing, and coordinated deployment across thousands of dependent systems. For business leaders building with AI, the implication is direct: your security posture can no longer assume that undiscovered vulnerabilities are your main risk. The risk is now *known but unpatched* vulnerabilities. The attack surface isn't shrinking — it's being illuminated faster than it's being contracted. Three concrete actions: 1. Shorten your patch cycles now. Microsoft and Palo Alto Networks are already shipping 5x more patches per release cycle. If your organization's patch SLA is 30 days, it needs to be 7. If it's 7, it needs to be 24 hours for criticals. 2. Invest in the boring fundamentals. Anthropic's own recommendation — MFA, hardened configurations, comprehensive logging — isn't new advice. But it hits differently when you realize that thousands of zero-days are being discovered monthly, and most won't have patches available before the 90-day disclosure window opens. 3. Audit your dependency tree ruthlessly. The open-source projects Mythos scanned underpin most enterprise stacks. If you're running unpatched versions of common libraries, you should assume the vulnerability is known to someone — it's just not known to you yet. THE COUNTERPOINT Here's what Anthropic's post carefully avoids saying: they're creating the problem and selling the solution. Mythos Preview isn't public — it's gated behind Project Glasswing partnerships. But Anthropic explicitly acknowledges that "models with similar cybersecurity skills will soon be more broadly available." GPT-5.5 already benchmarks close on ExploitBench. The defensive advantage of Glasswing is temporary by design. More importantly, the 90-day coordinated vulnerability disclosure window was designed for a world where vulnerabilities are rare and discovery is expensive. That model breaks when an AI can enumerate thousands of bugs in a month. The entire CVD framework — which balances disclosure timing between finders and vendors — assumes a trickle, not a firehose. Nobody has proposed a replacement framework that works at this volume. And there's an uncomfortable question Anthropic doesn't address: if Mythos-class capabilities will soon be available to attackers, is the net effect of publishing 10,000 vulnerability locations positive or negative during the window where only 97 are patched? Anthropic's answer is clearly "the knowledge helps defenders," but right now the ratio of discovered-to-patched vulnerabilities suggests defenders can't act on the knowledge fast enough. THE BOTTOM LINE AI has fundamentally broken the economics of vulnerability discovery. Finding bugs used to be the hard part; fixing them was routine. Now finding is cheap and fixing is the bottleneck. Every organization's security strategy needs to invert: stop optimizing for threat detection (the AI has that covered) and start optimizing for patch velocity and blast-radius reduction (the part humans still own). The companies that survive the next 18 months won't be the ones with the best threat intel — they'll be the ones with the fastest remediation cycles. #ProjectGlasswing #AICybersecurity #VulnerabilityManagement

  • mikotre
    miko (@mikotre) reported

    @TKtamilarasan2 @jackfriks I can try... If you use supabase storage and its db you can connect data easily. But this has huge egress costs like jack has. If you rather use R2 or any other storage like cloudflare which doesnt have egress costs then the data inside R2 and the document isnt easily connected. The "base" way to do so is to store storage path in supabase and each time you want to download/view you try to get a presigned url so you dont touch any sensitive data (done with edge function). A small problem is that if you delete stuff in supabase db then it DOESNT automatically delete the r2 storage object; so you keep paying for storing that file as its still in the r2 but its deleted from your own db. So i solved this that i have a trigger that when a row is deleted in my db; before it deletes it it creates a queue which has that delete objects path; and another edge function that then simply calls the r2 and deletes the file at that path. Then files are deleted both places. You can dm me and ill send my source code of you want.

  • jskoiz
    saburo (@jskoiz) reported

    @jxnlco buying domains is like the #1 agent buying use case imo. Letting codex buy a domain configure dns to cloudflare then setting up pages is damn near magic.