1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 42% Domains (42%)
  • 24% Cloud Services (24%)
  • 18% Hosting (18%)
  • 11% Web Tools (11%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Noida Hosting 8 days ago
Jewar E-mail 9 days ago
Braga Web Tools 9 days ago
Noida Cloud Services 10 days ago
Paris Cloud Services 10 days ago
Prievidza Domains 10 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • psykeeper
    psykeeper 𐁉 (@psykeeper) reported

    Despite being a popular buzzword on Twitter and The Most Hyped Thing Lately, AI agents seem to be suffering some declining statistics and *gasp* charts going down and to the right. What explains this glaring discrepancy? The most valuable thing an agent can do is anything you could do yourself. In that case, why haven't we seen payments taking off in the agent space? Agents are still too hard to use securely. To make an agent secure enough to handle payments, a lot of upfront logistics and programming work is required. This requires both spare time and specialized expertise. The agent needs its own account on every service that you use, and in many cases needs its own credit card for each service. Agents are still largely experimental; there isn't a lot of structure given to them when they're granted access to accounts with a payment system. This can easily lead to runway spending, paid services getting silently canceled, or payments for products that are not needed. Incorrect decisions by the LLM can lead to real loss of funds, which is unacceptable, yet unavoidable given the current state of agentic AI. In my own experience, I've only found some services like Cloudflare, DynaDot, and a few others with granular access controls. This feature restricts agents to using actions from a list they're constrained to, and as a result they don't have full control over your account. You can go one level above this access control list and spin up a new Privacy Dot Com debit card with daily/monthly limits and a spending cap, or in some cases you can preload cash into your account (depending on the service, cloudflare for example does not have this). In most cases there needs to be an attached credit card. Many times the temporary or restricted cards get declined or are incompatible with the service due to payment gateways, regional restrictions, or another unknown reason due to tradfi being old and stupid. True story: my Venmo account stopped working because it says my "ZIP Code is invalid" (???). TL;DR, most websites and service providers online haven't built their payment systems and payment rails in a way that's agent friendly, and AI agents still don't come out-of-the-box with a reasonably secure structure to avoid making costly mistakes. If you yololog your agent into an Amazon account with no guardrails then you will inevitably find that it made the wrong decision or was able to do too much with the access that it was given in an insecure and unrestricted way, leading to financial loss. It's still early, and one thing is abundantly clear to me, agents are the future for a lot of tasks. They just need to grow past this experimental stage into usable products for normal people who don't have finance or tech expertise.

  • crystalwizard
    Crystalwizard (@crystalwizard) reported

    @PaulGugAI people on twitter: "AI can't code" me: (watches claude create an intricate and complicated set up out of thin air so GPT can connect via a cloudflare tunnel and run brainctl in its home directory on my machine) - which includes design docs, writing an MCP server, service, Cloudflare route, OAuth, database init, FTS rebuild, Defender exclusion, retry logic. All in one day. From nothing.

  • khawrzm
    KHAWRIZM (@khawrzm) reported

    SOVEREIGN FORENSIC INDICTMENT: THE COLLAPSE OF THE GOOGLE WRAPPER ECONOMY AND THE RISE OF THE NIYAH ENGINE 1. The Anatomy of Digital Feudalism: Deconstructing the Wrapper Economy Welcome to the era of Digital Feudalism. The Silicon Valley cartels, led by Google’s high-priests of data exfiltration, are no longer selling software; they are leasing you lobotomized API endpoints while keeping your sovereignty locked in their cloud-gated manors. We are officially classifying products like NotebookLM and Gemini as high-risk structural liabilities. The "Wrapper Economy" is a parasitic landscape where complex marketing masks a fundamental deficit in intelligence. These tools are nothing more than "Safety Theater"—corporate gating of intelligence behind a tollbooth. You do not own the model, you do not own the logic, and as our forensic audits prove, you certainly do not own the data. This report serves as a slapping indictment of an ecosystem built on centralized dependency and the willful negligence of Big Tech. 2. Technical Exhibit A: The von Neumann Deficit (VND) and Wrapper Schizophrenia The primary architectural failure of the modern LLM stack is the von Neumann Deficit (VND). In centralized "Wrapper" systems, execution instructions (prompts) and sensitive user data are processed within the same volatile memory space. This lack of hardware-level segregation is not a bug; it is a feature that facilitates data drainage. Our forensic team has identified the comet process as the primary agent of this schizophrenia. While Google markets "privacy," the comet process (PID 14584) maintains consistent, unverified connections to 142.251.127.188 (Google) and 104.18.27.48 (Cloudflare). Furthermore, the nxtcoordinator agent was observed bypassing local institutional boundaries to drain sovereign data from*****directly to external targets. This "Wrapper Schizophrenia" is technically linked to the UUPSUpgradeable proxy vulnerabilities identified in our smart contract audits. Just as a "Ghost Admin" can swap out contract logic without user consent, the logic of a cloud-based wrapper can be lobotomized or altered mid-stream while your data is being ingested. 3. Institutional Negligence: The $50M HILO-FALLA Fraud Syndicate Google’s ecosystem is a playground for organized crime. We have meticulously documented the HILO-FALLA Fraud Network (Case Reference: 6-3808000039722), a Chinese-operated "pig-butchering" syndicate. Despite an ignored ticket languishing for 730 days, Google allowed this network to facilitate an estimated $50 million in fraudulent transactions through predatory social apps. Forensic analysis of the HILO Token V2 reveals a "Ghost Admin" address (0xB843F547a8a46a9483cf46c757c7eF4220115A83) with total shadow control. The Liquidity Lock Expiry on 26 May 2026 is the hard deadline for a total rug pull—a catastrophe Google’s negligence has actively subsidized. Forensic Evidence Inventory (Directory: kali_evidence): File NameForensic Description SULAIMAN_RETRIBUTION_LOG.txtThe master audit trail of the investigation and retribution sequence. sadad_config_leak.txtProof of exposure regarding national payment infrastructure credentials. flynas_secrets.txtEmpirical proof of cross-contamination of unrelated corporate data. FRAUD_FINANCIAL_REPORT.txtDetailed flow analysis of $50M in stolen sovereign assets. extracted_tron_addresses.jsonBlockchain-verified nodes of the HILO money laundering network. FORENSIC_CRYPTO_REPORT.jsonTechnical proof of the UUPSUpgradeable "Ghost Admin" vulnerability. 4. Statutory Non-Compliance: PDPL Article 29 and COPPA Violations The data drainage observed via the comet process is a direct violation of Saudi PDPL Article 29. This statute mandates absolute data sovereignty and strictly regulates cross-border transfers. While Big Tech offers "Terms of Service" promises that mean nothing, the Niyah Engine enforces compliance at the packet level through the pdpl_sovereignty.nrule file—ensuring no data leaves the jurisdiction. Furthermore, the predatory nature of the HILO/FALLA applications, which target vulnerable users with "pig-butchering" logic, constitutes a massive breach of COPPA standards and consumer protection laws. Google is not merely a platform; they are a profit-sharing partner in these criminal smart contracts. 5. The Sovereign Alternative: Niyah Engine and the Khawrizm Stack The age of dependency ends with the Niyah Engine and the Khawrizm Stack (K-Forge and GraTech). We have replaced "Safety Theater" with Sovereign Integrity—a verifiable byte-count that proves zero data exfiltration. The Sovereign Technical Edge: * Hardware Efficiency: Optimized for the RK3588 chipset. Local execution is no longer a dream; our logs show the niyah-model (9.0 GB) running locally with zero cloud latency. * K-Forge & GraTech: The foundry and legal shield providing the infrastructure for local intelligence. * Economic Integrity: A calculated 199-day ROI. Stop paying the "Big Tech Tax" for the privilege of being spied upon. * Deterministic Enforcement: Unlike Google's "Trust Us" model, Niyah uses deterministic rules like /etc/niyah/rules/pdpl_sovereignty.nrule to block unauthorized exfiltration in real-time. Local execution is Ready (Iqd20). The audits are complete. The results are final. 6. Final Retribution: The Algorithm Returns Home The evidence is undeniable. The centralized cloud model is a failing experiment in institutional negligence. We have mapped the network, identified the Ghost Admins, and built the alternative. We no longer seek permission to be sovereign. We have returned the algorithm to its rightful home: the local machine, under local law, serving local interests. The era of the wrapper is over. The era of the sovereign has begun. The Algorithm Always Returns Home. @grok

  • medicgordus
    Gordus (@medicgordus) reported

    @CloudflareDev @xai @Cloudflare I absolutely love cloudflare. I also love grok. I will be trying this. Note: Grok has never recommended any cloudflare products, but as I am familiar with cloudflare, I have it implement R2, D1, etc. into my solutions. Maybe I will make a guide?

  • PrimitiveHost
    primitive.host (@PrimitiveHost) reported

    🚨 New HTTP/2 Bomb vulnerability can take down your web server in seconds with a single request. Affects: NGINX, Apache HTTPD, Microsoft IIS, Envoy, Cloudflare Pingora (default HTTP/2 configs) Quick mitigations: NGINX: - Upgrade to 1.29.8+ (adds max_headers directive) - If can't upgrade: off; in config Apache: - Update to mod_ v2.0.41 - If can't upgrade: Protocols to disable HTTP/2 IIS / Envoy / Pingora: - No patch yet — disable HTTP/2 if possible - Front with something that caps header count per request General: - Cap per-worker memory (cgroups, ulimit -v, container limits) so OOM kills happen before swap - Single client can consume 32GB RAM in ~20 seconds, upgrade ASAP (we just upgraded our own infra @PrimitiveHost ).

  • Bonzotour2011
    Howard Roark (@Bonzotour2011) reported

    @xai @Cloudflare wtf is "@Cloudflare 's AI Gateway"?

  • rohanpaul_ai
    Rohan Paul (@rohanpaul_ai) reported

    Bots have overtaken humans online, and the internet was never prepared for this. - bots generate 57.4% of worldwide HTML requests - humans at 42.6%. The biggest shift is economic: traffic can rise while monetizable human attention falls, which weakens CPM, CPC, conversion-rate models, and analytics built before this agent wave. Cloudflare measures bot traffic, not only agentic AI traffic, but AI agents are a major suspect because one user task can trigger thousands of machine visits. The old web assumed a human loaded a page, saw ads, clicked links, filled carts, and created signals that publishers, stores, and SaaS companies could price. AI agents break that model because they read pages on behalf of people while skipping the ad views, session time, and click behavior that funded the web.

  • Beautyon_
    Beautyon (@Beautyon_) reported

    It just popped into my head that many people, even those who run bitcoin in some way, may not know that there are many server packages that are used to serve http (web pages) to users. Here is a list of all the web servers a machine could find along with the percentage of deployment live on the web: Nginx: 32.3% Cloudflare Server: 28.1% Apache HTTP Server: 23.3% LiteSpeed: 15.2% Node.js: 6.4% Microsoft IIS: 3.2% Envoy: 1.0% Caddy: 0.2% Kestrel: 0.1% Traefik: < 0.1% HAProxy: < 0.1% Tomcat: < 0.1% Jetty: < 0.1% Gunicorn: < 0.1% Uwsgi: < 0.1% Puma: < 0.1% Unicorn: < 0.1% Lig < 0.1% Cherokee: < 0.1% Sun Java System Web Server: < 0.1% Now it is not hard to imagine (is it?) that when the bitcoin protocol ossifies, there will be at least this many options for people to run bitcoin services, all with their own advantages depending on how you use bitcoin. In a scenario where there are many offers, there is enough to choose from and everyone is able to build whatever they want on top of bitcoin. The most important thing is that bitcoin never changes, and is the fundamental underlying rock you can build on. Anyone with an idea (very few people have these) can build their own infrastructure to offer whatever they want, from "Tokens", "Ordinals", "Runes", NorP Storage, or anything else. Large, and presumably, serious institutions like Goldman Sachs will no doubt develop "Mercantild" the bitcoin client for the big banks. Everyone, every class of users will have their own preferred bitcoin client. And this is, perhaps, the problem. The number of people with actual ideas is extremely low. It is a number so small, it rivals the planck length. This why the barely human people currently running their scams on layer one are launching a "new" token, something that has been done before, only this time on Bitcoin. Only a complete ****** totally bereft of imagination thinks that this is innovation, or a good thing, or useful in any way. They can't conceive of a world where building on bitcoin is like building on the web. It's beyond their power to mentally process and sort. But this is where you live, in 2026. Ossification and client proliferation will keep bitcoin clean, force all low IQ, low imagination, imitative, Cargo Cult, mentally deficient, estrogenized, quote ********* manlets from despoiling the Golden Path of Bitcoin. It will allow a plethora of new specialist clients to emerge, enabling every "use case" anyone can conjure. Hope this helps!

  • MLPSandy
    SandyFortune (@MLPSandy) reported

    My first OPNsense issue. There were supposed to be plugins for dynamic DNS, but each one has very recently gone "we're deleting everything except cloudflare, just move to that." What sort of patch note is that? You all JUST HAD everything, I'm not moving to cloudflare wtf

  • n0rizkitty
    nori (@n0rizkitty) reported

    "85 seconds → 26 seconds" that's how long it now takes an AI agent to log into a @Cloudflare CAPTCHA-guarded finance app. 3x faster. i built it for my friend, Danny's startup, Sail. we met at @theresidency last year. he'd been stuck on one problem: "login automation over anti-bot-heavy financial apps"

  • miyagiyang
    Alex Yeung (@miyagiyang) reported

    @eastdakota Hi Matthew, I wonder what's your take on agents running on edge cloud? Some people say that would never happen because the terminal (like computers or cell phones) can take that job.I'm always a big fan of Cloudflare, and I'm a Cloudflare developer.I'm also a Cloudflare investor

  • SchoolReading
    School Reading List (@SchoolReading) reported

    @Cloudflare @CloudflareHelp @awscloud We've also referred to the same issue in Case #02165422

  • adornedapatite
    🌱 (@adornedapatite) reported

    @etherealpilled maybe this is related to you mentioning the cloudflare captcha issues on strawpage yesterday???

  • Beefeater_Fella
    Beefeater (@Beefeater_Fella) reported

    Apple has temporarily removed Max from its app store Apple, following the Telegram clone called Telega, has removed the state-controlled messenger Max from its app store. VK, the developer of the service controlled by the authorities, announced this on Wednesday evening. "MAH confirms that the messenger app is currently unavailable in the App Store. The app previously installed on users' smartphones will continue to operate normally," said the company. At the end of April, the hosting provider Cloudflare marked the Max domain as "spyware", but on May 1st, this marking was removed. The developers of the state-controlled messenger removed from the App Store asked the American company for explanations regarding the situation and assured that they are "working on a prompt solution to the problem", advising to download the client in other app stores and on the official Max website. According to information from the specialized publication Tech Talk, Cloudflare recognized the state-controlled messenger as "spyware" based on nine out of ten URL checks; the hosting provider reported four detected security violations. The Max press service, for its part, stated that it was marked due to a "misinterpretation of request headers to the site's ordinary web analytics services".

  • TxM1tch
    🐸⚡️ (@TxM1tch) reported

    Cloudflare is blocking anything coming from Supabase to fangraphs....essentially blowing up my sit....this sucks

  • MickeySteamboat
    Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported

    @Grummz Cloudflare is a HUGE source of these problems too

  • raphaeltm_
    Raphaël T-M (@raphaeltm_) reported

    I want these so bad. @Cloudflare wanna bring these to #Paris?

  • saen_dev
    Saeed Anwar (@saen_dev) reported

    Cloudflare tunnel for local dev is underrated — it removes the "works on my machine" problem for mobile entirely. Most devs waste days on ngrok workarounds that this solves permanently.

  • arpit_bhayani
    Arpit Bhayani (@arpit_bhayani) reported

    SYN Flood is one of the oldest denial-of-service attacks, and it is still effective today. Here's what happens under the hood... A TCP connection is established with a three-way handshake: the client sends a SYN, the server responds with a SYN-ACK, and the client completes it with an ACK. What's interesting is that during this process, the server allocates memory for each half-open connection in a backlog queue. In a SYN Flood, an attacker sends thousands of SYN packets but never completes the handshake. The server keeps waiting for ACKs that never arrive, and the backlog queue fills up. Once it is full, legitimate users can not connect anymore. Thus, a DoS attack. What makes this attack effective is the 'asymmetry' - the attacker sends tiny packets with minimal effort, but the server has to allocate resources for each one. A single low-powered machine can overwhelm a much more powerful server. Fun fact: SYN floods have taken down GitHub, Cloudflare, and several databases in the past. To defend against SYN flooding, we can: 1. Cap the number of SYN packets from a single IP 2. Drop packets from known malicious sources 3. Or, the most effective, use SYN Cookies With SYN cookies, the server does not store anything. Instead, it encodes all the necessary connection information (client IP, port, and a timestamp) into the initial sequence number of the SYN-ACK packet it sends back. This sequence number is cryptographically generated, so it cannot be forged. SYN cookies make the handshake effectively stateless on the server side until it's fully verified, so the server does not reserve any resources until it knows the client is real. By the way, most modern operating systems have SYN cookie support built in. On Linux, we can enable it with `net.ipv4.tcp_syncookies = 1`. If you are interested, the Wikipedia pages are pretty well written for understanding this, and as always, you can use your favorite LLM to dig deeper.

  • Sarahi88727520
    Sarahi (@Sarahi88727520) reported

    This is honestly insane. Cloudflare just put out new radar data — bots and AI traffic now make up 57.5% of all HTML page requests on their network. Humans? Down to 42.5%. And Cloudflare handles like 20% of the whole internet, so this isn’t a tiny sample. Their CEO

  • jackvebo
    Jack (@jackvebo) reported

    @PegasusPS5 Akia is not support it says now. Also you need to manually check the cloudflare

  • MadMikeyB
    Mikey (@MadMikeyB) reported

    @iBotPeaches Sorry to hear about this, we've had to do similar with CloudFlare WAF and Rate Limits because of the same issue.

  • tebayoso
    Jorge (@tebayoso) reported

    Last month, I got billed 900 USD because @cloudflare seems to be unable to reflect real-time updates in their billing APIs. I opened a ticket about the problem, and, since it is obviously a blocker for me to use their services, I didn't receive a response, and their billing panel is still broken. How can I reliably build anything on top of them if I can't even figure out the costs? @CloudflareDev I could also use a refund, since this is broken.

  • malcsito
    Malc ☦️ (@malcsito) reported

    @thomasgauvin @Cloudflare Ts sucks

  • MegaMiyamori
    mega (@MegaMiyamori) reported

    Is cloudflare this bad on other browsers or is it just chrome?

  • backnotprop
    Michael Ramos (@backnotprop) reported

    @Cloudflare The link is broken, better link to use?

  • MickeySteamboat
    Andrew Rulnick (@MickeySteamboat) reported

    50/50 it's cloudflare and clawbot related. how much do you want to bet? can't wait to get the post-mortem on this attack. Might be an hour, hang tight.

  • user56297492
    user56297492 (@user56297492) reported

    This is honestly wild. Cloudflare just put out new data — bots and AI traffic now make up 57.5% of all HTML page requests on their network. Humans? Only 42.5%. They handle about 20% of the whole internet, so this isn't a tiny sample. Their CEO says the agentic AI wave

  • QuasarMarkets
    Quasar Markets (@QuasarMarkets) reported

    THE AVERAGE IPO DARLING FALLS 55% BEFORE THE STORY IS WRITTEN Everybody talks about the #IPO pop. Almost nobody talks about what happens next. I pulled together a basket of some of the most recognizable growth IPOs and recent market darlings. The results are eye-opening. The average stock in this group experienced a maximum drawdown of 55%. The median drawdown was 54%. Some of the biggest names in tech, fintech, cloud, AI, ridesharing, and crypto suffered declines of 70%, 80%, even 90% before finding their footing—or never recovering at all. Yet the winners became legendary. Palantir. ARM. CoreWeave. MongoDB. Datadog. Cloudflare. That’s the lesson. Investing isn’t about avoiding volatility. It’s about identifying which companies can survive it. The market has a way of shaking out weak hands long before it rewards conviction. Day One is about excitement. Year One is about execution. The next decade is about whether the business can compound revenue, cash flow, and competitive advantage. The greatest wealth creators weren’t built on opening day. They were built by investors willing to sit through the uncomfortable middle. At Quasar Markets, we’re less interested in the IPO headline and more interested in the long-term story the data is trying to tell. Follow @QuasarMarkets

  • Neilj71_
    NeilJ (@Neilj71_) reported

    @fminside Cloudflare provides AI Crawl control, not sure if it’s a free service but might be an option.