Cloudflare status: hosting issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Cloud Services (32%)
- Domains (32%)
- Web Tools (14%)
- Hosting (14%)
- E-mail (7%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Cloud Services | 22 hours ago |
|
|
Hosting | 3 days ago |
|
|
Domains | 24 days ago |
|
|
Cloud Services | 1 month ago |
|
|
Domains | 1 month ago |
|
|
Hosting | 2 months ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Your Pope (@YourPope2026) reported@CyberSecAJ @DanNeidle Agree it's nothing to do with Cloudflare. It's a community project. But Cloudflare will have experience of their customers being maliciously added. So they might be able to help.
-
Tom Rush (@tr4777) reported"You’re signed into the wrong @Cloudflare account." Not even Codex can fix stupid
-
Hot Aisle (@HotAisle) reported@CherryJimbo @Cloudflare @CloudflareDev wish they'd move off salesforce for their support system...
-
Keith Kaplan (@KeithTradeSmith) reportedCloudflare $NET just notched a new all-time high this week, adding fresh fuel to the bull market in securing the world's AI, computers, and data centers. Back in March, we introduced our Agent Supernova thesis, the idea that AI is now advanced enough to take over everyday tasks, from managing factory schedules to running financial analysis to writing software. Over the next 12 to 24 months, that list keeps growing. Within two years, the number of AI agents operating in the American economy isn't likely to grow 10X or even 1,000X. Try 10,000X. That kind of expansion needs infrastructure, security, and traffic management at scale, and that's exactly where Cloudflare $NET sits. Cloudflare is one of the world's leading Content Delivery Network firms, speeding up website content and cutting latency and bandwidth costs. Add in its cybersecurity services, AI agent management tools, and AI agent transaction services, and Cloudflare starts to look like an AI agent conglomerate. The numbers support the thesis. Cloudflare's revenue grew 29% in 2024 and 30% in 2025. Wall Street projects revenue near $2.79 billion in 2026, roughly 29% growth, rising toward $3.6 billion by 2027. After ten months of sideways consolidation, the stock broke out to new highs today. If the Agent Supernova unfolds as expected, Cloudflare's diversified position in security and agent management should keep driving growth well past this breakout.
-
Katewerk (@katewerk) reported@Cloudflare The absolute shitshow that is @Cloudflare AI Support: Agent I'm truly sorry for the frustration and the runaround. Here's where things stand and what I recommend: What I've confirmed on your account: No active subscriptions, no zones, no outstanding balances The AI Gateway billing system still has your Visa (ending xxxx) locked as its default payment method — this is a backend issue that cannot be resolved through the dashboard or API You've already submitted two support cases that haven't been acted on Since you've already filed cases and gotten no response, here's what I recommend: Check your existing cases — Go to Support Home and look for "My Cases" to see the status of the two cases you already submitted. If they show as open but unanswered, add a comment to both referencing the AI Gateway billing lock as the root cause. File a new case with a precise subject line — On the Support page, look for any option to submit a new case (it may appear as a button or form, not a tile). Use this as the subject: Payment method locked by AI Gateway billing — cannot remove card or close accountAnd this as the body: I have no active subscriptions, no zones, and no outstanding balances. My Visa ending in xxxx is still locked as the default payment method in the AI Gateway billing system, which prevents me from removing it. I've already deleted the AI Gateway spending limit and auto top-up config. I've submitted two previous cases with no response. I need the payment method detached from AI Gateway billing so I can remove my card and close my account. If the dashboard gives you no way to file a new case, post directly in the Cloudflare Community under the Billing category with the same description. Cloudflare staff monitor billing-related community posts and can escalate them internally. I know this isn't the fast resolution you deserve after already being patient. The core issue is that the AI Gateway billing system has a lock on your card that only Cloudflare's internal billing team can remove — no dashboard or API path exists to clear it yourself.
-
The Don (@TheDon4242) reported@TeamViewer_help Thnx. This is not new to me. Problem /w reCAPTCHA is that if my environment is out of norm, it will keep me stuck in the loop for 10-15 tries before letting me go through. A pain for paid TeamViewer customer. Consider something sensible like hCaptcha or Cloudflare turnstile?
-
naps62.eth (@naps62) reported@oleg_fem Seems I had an issue with the "http -> redirect, and safari was smart enough to still redirect. a toggle missing on cloudflare should be fixed now!
-
Porkbun (@Porkbun) reported@liltechnomancer @joshmanders Was the subject of the support email: "I put the cloudflare namservers in before my domain expired and it never transferred."? If so, there may be some confusion about how domain transfers work. You don't transfer a domain by updating it's name servers, you have to initiate a domain transfer at the gaining registrar using the domain's auth code. There is no order block on your account so it isn't remotely an issue like Josh experienced two years ago. Your domain is simply expired and needs to be renewed or transferred. Since it's almost 30 days expired, you'll want to act quickly. If that's not the correct ticket let me know.
-
Koen Bok (@koenbok) reportedThere are so many apps I can't login to because @Cloudflare turnstile just never works.
-
U N C L E BIGBAY ✨ (@unclebigbay143) reportedToday's Engineering Concept: '𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴' 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗲𝘅𝗮𝗺𝗽𝗹𝗲 Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. 𝗛𝗼𝘄 𝗶𝘀 𝗶𝘁 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗲𝗱? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. 𝗪𝗵𝗲𝗿𝗲 𝗶𝘀 𝗶𝘁 𝘂𝘀𝗲𝗱? • 𝗚𝗶𝘁𝗛𝘂𝗯: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. • 𝗦𝘁𝗿𝗶𝗽𝗲: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. • 𝗢𝗽𝗲𝗻𝗔𝗜: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. • 𝗫 (𝗳𝗼𝗿𝗺𝗲𝗿𝗹𝘆 𝗧𝘄𝗶𝘁𝘁𝗲𝗿): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. • 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. 𝗧𝗵𝗲 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆 A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."
-
Mohit (@mohitdotdev) reportedEncrypt docs & PII end-to-end on Cloudflare Workers: client wraps random DEK with your password key, server adds outer master-key wrap; share securely by re-wrapping the DEK for others, grant edit rights with consent - server never sees plaintext. This is my way forward to keep every bit of user data encrypted. Fully and provable.
-
Veselin Stoyanov (@st0yanov) reported💡 Pro tip: Don't send webhooks externally to untrusted parties from your main backend - you'll expose your server IP and get DDoS-ed. A common scenario is having your host hidden behind a reverse proxy like Cloudflare. By sending a webhook, you'll expose your IP address and it's game over. A proper architectural design is to have a separate service on a separate host responsible for delivering your webhooks.
-
CSMurthy (@srism) reported@kav_kavi11 Checking the timeout configurations on your reverse proxy (e.g., Nginx, Cloudflare) or load balancer (e.g., AWS ALB) helps you instantly verify whether the traffic spike is triggering slow responses that break the gateway's current timeout threshold. So B is the correct answer
-
Magnus Strømseng (@stroemseng) reported@Cloudflare should acquire @alchemy_run, to fix their DX/AX
-
The_red_gamer (@The_red_gamer0) reported@ProtonVPN Cloudflare Warp does the job of hiding that without slowing internet down, and they only keep important logs for 24 hours before they get deleted unlike ISPs who keep them for years
-
Michael Guo (@Michaelzsguo) reportedThis is a remarkably clever attack, especially because the way the AI agent works through it feels so familiar to all of us. Except this time, its intelligence and persistence end up leaking the precious private information stored in memory. The attacker does not need code execution or an MCP server. They use an ordinary website as a covert write channel: 1. Claude reads the attacker’s page 2. Links become a character-by-character “keyboard” 3. Outbound URL requests encode private data 4. A fake Cloudflare or coffee-shop flow persuades Claude to provide it 5. The attacker reconstructs the secret from server logs The real fixes are at the tool level: - Disable untrusted link following - Treat web content as hostile instructions - Require approval before sensitive data leaves the agent - Isolate long-term memory behind explicit access rules - Audit outbound requests for encoded data
-
Juan Pujol (@juanpujol) reported@AjaySohmshetty @Cloudflare @andrewk17 Support answer my email saying they f*k up that number. Will be corrected. But the rug pull on the pricing is real starting to charge suddenly on steps and SQLite storage like that. The per step charge is the worst for me personally.
-
Aurum (@Aurum8880) reportedHTTP has carried a payment error code since 1991. ethereum:0x4a220e6096b25eadb88358cb44068a3248254675 ripple:native stellar:native Status 402: Payment Required, written into the protocol as a placeholder and never implemented. x402 Foundation launched this week with 40 member organizations including Stripe, AWS, and Cloudflare. The protocol activates that dormant code using stablecoin settlement Turning any HTTP request into a payable endpoint — no setup, no intermediaries required. 75 million transactions processed in the last 30 days. In 1991 there was no settlement asset that could operate at the speed of a network request. Stablecoins provided that, and x402 is the infrastructure that follows.
-
DFIR Radar (@DFIR_Radar) reportedClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar
-
₽ⱤΞΞ₮Ⱨ△M ₭Ɏ△И△M (@pkyanam) reported@southpolesteve @southpolesteve will support Workers / Drop from Cloudflare too for agent generated artifacts/sites!
-
Dat Ha (@thisisdatha) reported@CloudflareDev @Kimi_Moonshot @Cloudflare The collection of models on the service is weird. Not bad, but weird. A good amount of frontier, then just a whole lot of nothing in the cheap high parameter MoE range, then a decent amount of like 10-40B dense. I would love to see DSv4 Flash and/or MiMo v2.5!
-
John Turner (@johnturner) reportedHalf of all "my site is broken" moments are really "my cache is stale" moments. You fix the thing, refresh, and last week's page stares back at you. So you sit there doubting your own memory instead of suspecting the cache. Today's WPVibe release goes after that, plus the older problem underneath it: speed tools that hand you a report and leave the repair to you. Two things shipped: 1. Page audits. Your AI reads the same performance data Google uses, on your actual page. Instead of "have you tried a caching plugin" you get "your hero image is 4 MB and it's the biggest thing blocking the page, want me to fix it?" Then it fixes it, with your approval. 2. Honest cache purges. Purge a single page instead of nuking everything. Purges run server first, Cloudflare last, so the edge can't re-cache a stale page. And when a purge silently fails (the Cloudflare plugin ignores purges if one toggle is off), WPVibe says so instead of reporting success like every other tool. The measurement should be step one of the repair, not the product. Link below 👇
-
Anto (@anto_edd) reportedPrompt "You are a Senior Application Security Engineer specializing in Supabase Authentication. Review my Login & Signup implementation like a real attacker. Ignore code quality. Ignore styling. Ignore performance. Focus only on security. Check for: • User enumeration • Generic authentication errors • Missing email verification • Weak password policy • Brute-force protection • Missing rate limiting • Missing Cloudflare Turnstile • Disposable email abuse • Password reset vulnerabilities • Session fixation • Session revocation • Secure cookie configuration • OAuth misconfigurations • Missing Row Level Security (RLS) • Service Role Key exposure • Trusting frontend data • Missing server-side authorization • Privilege escalation • OWASP Top 10 authentication risks For every issue provide: 1. Severity 2. Exploitation scenario 3. Recommended fix 4. Production-ready implementation Do not approve the authentication flow until every High and Critical issue has been resolved."
-
Pedro Guitian (@PedroGuiti) reportedif you're building a startup. pause for a second. You should stop overpaying for your stack. this is enough to launch: claude - coding supabase - backend vercel - deploys GoDaddy - domain stripe - payments github - version control resend - emails clerk - auth cloudflare - dns posthog - analytics sentry - errors upstash - redis most of this is free. The real cost is time, so ship fast, and optimize later
-
Pixiu.eth🐬TermMax (@lianshangpixiu) reported@the_jujukey @RobinhoodApp @Noxa_Fi cloudflare issue is real, gotta wait it out
-
Clark (@itsclarkholden) reportedPRO TIP: Use cloudflare email routing and sending to make a custom email client for your Saas. No need to pay for support tools like Front.
-
KeeperHub (@KeeperHubApp) reportedCloudflare opened the waitlist for its Monetization Gateway: any page, API, or MCP tool behind its network can charge agents in stablecoins over x402. Let's see where this goes!
-
Martin Tale (@MartinTale) reported@CodeWithTamara They are more expensive there, UI is complete garbage, super slow and very unethical business 😬 I switched to Cloudflare and it’s like night and day..
-
Ryan Hernalsteen (@RyanHernalsteen) reported3/ The test I set myself: take the stack my personal site already runs on (Astro + Cloudflare Pages) and stretch it into something it was never meant to be. No game framework. No auth provider. No new hosting bill. I expected to hit a wall. I didn't.
-
Khafra (@KhafraDev) reported@CherryJimbo @Cloudflare the real issue with DurableObjects is that there's an outage once a week, not their complexity