1. Home
  2. Companies
  3. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 32% Cloud Services (32%)
  • 32% Domains (32%)
  • 14% Web Tools (14%)
  • 14% Hosting (14%)
  • 7% E-mail (7%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Paris Cloud Services 22 hours ago
New York City Hosting 3 days ago
Manchester Domains 24 days ago
Angers Cloud Services 1 month ago
London Domains 1 month ago
Noida Hosting 2 months ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • YourPope2026
    Your Pope (@YourPope2026) reported

    @CyberSecAJ @DanNeidle Agree it's nothing to do with Cloudflare. It's a community project. But Cloudflare will have experience of their customers being maliciously added. So they might be able to help.

  • tr4777
    Tom Rush (@tr4777) reported

    "You’re signed into the wrong @Cloudflare account." Not even Codex can fix stupid

  • HotAisle
    Hot Aisle (@HotAisle) reported

    @CherryJimbo @Cloudflare @CloudflareDev wish they'd move off salesforce for their support system...

  • KeithTradeSmith
    Keith Kaplan (@KeithTradeSmith) reported

    Cloudflare $NET just notched a new all-time high this week, adding fresh fuel to the bull market in securing the world's AI, computers, and data centers. Back in March, we introduced our Agent Supernova thesis, the idea that AI is now advanced enough to take over everyday tasks, from managing factory schedules to running financial analysis to writing software. Over the next 12 to 24 months, that list keeps growing. Within two years, the number of AI agents operating in the American economy isn't likely to grow 10X or even 1,000X. Try 10,000X. That kind of expansion needs infrastructure, security, and traffic management at scale, and that's exactly where Cloudflare $NET sits. Cloudflare is one of the world's leading Content Delivery Network firms, speeding up website content and cutting latency and bandwidth costs. Add in its cybersecurity services, AI agent management tools, and AI agent transaction services, and Cloudflare starts to look like an AI agent conglomerate. The numbers support the thesis. Cloudflare's revenue grew 29% in 2024 and 30% in 2025. Wall Street projects revenue near $2.79 billion in 2026, roughly 29% growth, rising toward $3.6 billion by 2027. After ten months of sideways consolidation, the stock broke out to new highs today. If the Agent Supernova unfolds as expected, Cloudflare's diversified position in security and agent management should keep driving growth well past this breakout.

  • katewerk
    Katewerk (@katewerk) reported

    @Cloudflare The absolute shitshow that is @Cloudflare AI Support: Agent I'm truly sorry for the frustration and the runaround. Here's where things stand and what I recommend: What I've confirmed on your account: No active subscriptions, no zones, no outstanding balances The AI Gateway billing system still has your Visa (ending xxxx) locked as its default payment method — this is a backend issue that cannot be resolved through the dashboard or API You've already submitted two support cases that haven't been acted on Since you've already filed cases and gotten no response, here's what I recommend: Check your existing cases — Go to Support Home and look for "My Cases" to see the status of the two cases you already submitted. If they show as open but unanswered, add a comment to both referencing the AI Gateway billing lock as the root cause. File a new case with a precise subject line — On the Support page, look for any option to submit a new case (it may appear as a button or form, not a tile). Use this as the subject: Payment method locked by AI Gateway billing — cannot remove card or close accountAnd this as the body: I have no active subscriptions, no zones, and no outstanding balances. My Visa ending in xxxx is still locked as the default payment method in the AI Gateway billing system, which prevents me from removing it. I've already deleted the AI Gateway spending limit and auto top-up config. I've submitted two previous cases with no response. I need the payment method detached from AI Gateway billing so I can remove my card and close my account. If the dashboard gives you no way to file a new case, post directly in the Cloudflare Community under the Billing category with the same description. Cloudflare staff monitor billing-related community posts and can escalate them internally. I know this isn't the fast resolution you deserve after already being patient. The core issue is that the AI Gateway billing system has a lock on your card that only Cloudflare's internal billing team can remove — no dashboard or API path exists to clear it yourself.

  • TheDon4242
    The Don (@TheDon4242) reported

    @TeamViewer_help Thnx. This is not new to me. Problem /w reCAPTCHA is that if my environment is out of norm, it will keep me stuck in the loop for 10-15 tries before letting me go through. A pain for paid TeamViewer customer. Consider something sensible like hCaptcha or Cloudflare turnstile?

  • naps62
    naps62.eth (@naps62) reported

    @oleg_fem Seems I had an issue with the "http -> redirect, and safari was smart enough to still redirect. a toggle missing on cloudflare should be fixed now!

  • Porkbun
    Porkbun (@Porkbun) reported

    @liltechnomancer @joshmanders Was the subject of the support email: "I put the cloudflare namservers in before my domain expired and it never transferred."? If so, there may be some confusion about how domain transfers work. You don't transfer a domain by updating it's name servers, you have to initiate a domain transfer at the gaining registrar using the domain's auth code. There is no order block on your account so it isn't remotely an issue like Josh experienced two years ago. Your domain is simply expired and needs to be renewed or transferred. Since it's almost 30 days expired, you'll want to act quickly. If that's not the correct ticket let me know.

  • koenbok
    Koen Bok (@koenbok) reported

    There are so many apps I can't login to because @Cloudflare turnstile just never works.

  • unclebigbay143
    U N C L E BIGBAY ✨ (@unclebigbay143) reported

    Today's Engineering Concept: '𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴' 𝗪𝗵𝗮𝘁 𝗶𝘀 𝗥𝗮𝘁𝗲 𝗟𝗶𝗺𝗶𝘁𝗶𝗻𝗴? Rate limiting is the practice of restricting how many requests a user or system can make within a specific period. 𝗪𝗵𝘆 𝗱𝗼𝗲𝘀 𝗶𝘁 𝗺𝗮𝘁𝘁𝗲𝗿? Without rate limiting, a single user or malicious bot could overwhelm your server, degrade performance, or abuse your APIs. 𝗥𝗲𝗮𝗹-𝘄𝗼𝗿𝗹𝗱 𝗲𝘅𝗮𝗺𝗽𝗹𝗲 Imagine a login endpoint with no rate limit. An attacker could attempt thousands of password combinations every minute. A simple rate limit can significantly reduce the effectiveness of brute-force attacks. 𝗛𝗼𝘄 𝗶𝘀 𝗶𝘁 𝗶𝗺𝗽𝗹𝗲𝗺𝗲𝗻𝘁𝗲𝗱? Most systems track requests by IP address, user account, or API key. Once a predefined limit is reached, the server temporarily rejects additional requests, often with an HTTP 429 (Too Many Requests) response. 𝗪𝗵𝗲𝗿𝗲 𝗶𝘀 𝗶𝘁 𝘂𝘀𝗲𝗱? • 𝗚𝗶𝘁𝗛𝘂𝗯: GitHub's REST API limits how many requests you can make per hour to prevent abuse and ensure fair usage for everyone. • 𝗦𝘁𝗿𝗶𝗽𝗲: Every payment request can include an Idempotency-Key, ensuring a customer isn't charged twice if the same payment request is retried. • 𝗢𝗽𝗲𝗻𝗔𝗜: The API enforces rate limits on requests and tokens per minute, helping maintain reliability and preventing a single application from overwhelming the service. • 𝗫 (𝗳𝗼𝗿𝗺𝗲𝗿𝗹𝘆 𝗧𝘄𝗶𝘁𝘁𝗲𝗿): X limits actions such as following many accounts, liking posts, posting, or sending DMs within a short period to reduce spam and bot activity. • 𝗖𝗹𝗼𝘂𝗱𝗳𝗹𝗮𝗿𝗲: Cloudflare lets website owners configure rules like "block or challenge any IP that makes more than 100 requests in a minute" to protect against abuse and DDoS attacks. ...and almost every public API uses rate limiting to protect its infrastructure, ensure fair usage, and maintain service availability. 𝗧𝗵𝗲 𝘁𝗮𝗸𝗲𝗮𝘄𝗮𝘆 A reliable system doesn't just answer requests. It also knows when to say "not now. It's too many from YOU."

  • mohitdotdev
    Mohit (@mohitdotdev) reported

    Encrypt docs & PII end-to-end on Cloudflare Workers: client wraps random DEK with your password key, server adds outer master-key wrap; share securely by re-wrapping the DEK for others, grant edit rights with consent - server never sees plaintext. This is my way forward to keep every bit of user data encrypted. Fully and provable.

  • st0yanov
    Veselin Stoyanov (@st0yanov) reported

    💡 Pro tip: Don't send webhooks externally to untrusted parties from your main backend - you'll expose your server IP and get DDoS-ed. A common scenario is having your host hidden behind a reverse proxy like Cloudflare. By sending a webhook, you'll expose your IP address and it's game over. A proper architectural design is to have a separate service on a separate host responsible for delivering your webhooks.

  • srism
    CSMurthy (@srism) reported

    @kav_kavi11 Checking the timeout configurations on your reverse proxy (e.g., Nginx, Cloudflare) or load balancer (e.g., AWS ALB) helps you instantly verify whether the traffic spike is triggering slow responses that break the gateway's current timeout threshold. So B is the correct answer

  • stroemseng
    Magnus Strømseng (@stroemseng) reported

    @Cloudflare should acquire @alchemy_run, to fix their DX/AX

  • The_red_gamer0
    The_red_gamer (@The_red_gamer0) reported

    @ProtonVPN Cloudflare Warp does the job of hiding that without slowing internet down, and they only keep important logs for 24 hours before they get deleted unlike ISPs who keep them for years

  • Michaelzsguo
    Michael Guo (@Michaelzsguo) reported

    This is a remarkably clever attack, especially because the way the AI agent works through it feels so familiar to all of us. Except this time, its intelligence and persistence end up leaking the precious private information stored in memory. The attacker does not need code execution or an MCP server. They use an ordinary website as a covert write channel: 1. Claude reads the attacker’s page 2. Links become a character-by-character “keyboard” 3. Outbound URL requests encode private data 4. A fake Cloudflare or coffee-shop flow persuades Claude to provide it 5. The attacker reconstructs the secret from server logs The real fixes are at the tool level: - Disable untrusted link following - Treat web content as hostile instructions - Require approval before sensitive data leaves the agent - Isolate long-term memory behind explicit access rules - Audit outbound requests for encoded data

  • juanpujol
    Juan Pujol (@juanpujol) reported

    @AjaySohmshetty @Cloudflare @andrewk17 Support answer my email saying they f*k up that number. Will be corrected. But the rug pull on the pricing is real starting to charge suddenly on steps and SQLite storage like that. The per step charge is the worst for me personally.

  • Aurum8880
    Aurum (@Aurum8880) reported

    HTTP has carried a payment error code since 1991. ethereum:0x4a220e6096b25eadb88358cb44068a3248254675 ripple:native stellar:native Status 402: Payment Required, written into the protocol as a placeholder and never implemented. x402 Foundation launched this week with 40 member organizations including Stripe, AWS, and Cloudflare. The protocol activates that dormant code using stablecoin settlement Turning any HTTP request into a payable endpoint — no setup, no intermediaries required. 75 million transactions processed in the last 30 days. In 1991 there was no settlement asset that could operate at the speed of a network request. Stablecoins provided that, and x402 is the infrastructure that follows.

  • DFIR_Radar
    DFIR Radar (@DFIR_Radar) reported

    ClickLock Stealer hits macOS with a ClickFix lure and an 83-hour kill loop that makes the machine unusable until the victim hands over their password, with zero detections on VirusTotal at first upload. - Initial access follows the ClickFix playbook: victim pastes a Terminal command from a compromised page (T1204.002). An orchestrator hides the cursor, plays a fake Cloudflare animation, and pulls four modules from two compromised WordPress sites while the victim watches. - The four modules cover the full stealer stack: a Keychain module queries macOS for Chrome's Safe Storage AES key to decrypt cookies and passwords offline; a credential module serves a fake AppleScript password dialog that validates input against the local directory service so only correct passwords exfiltrate; a crypto module iterates 30+ wallet extensions including MetaMask and Phantom via LevelDB; and GSocket provides a persistent reverse shell disguised as an iCloud process. - If the victim cancels the dialog, two LaunchAgents are installed for persistence (T1543.001), and a kill loop hammers Finder, Dock, browsers, Terminal, and Activity Monitor for up to 83 hours. A parallel loop kills NotificationCenter for six hours to suppress Gatekeeper alerts. Exfiltration runs over three Telegram bots with no traditional C2. - Modules forge timestamps and self-delete. Only the GSocket backdoor remains on disk. #DFIR_Radar

  • pkyanam
    ₽ⱤΞΞ₮Ⱨ△M ₭Ɏ△И△M (@pkyanam) reported

    @southpolesteve @southpolesteve will support Workers / Drop from Cloudflare too for agent generated artifacts/sites!

  • thisisdatha
    Dat Ha (@thisisdatha) reported

    @CloudflareDev @Kimi_Moonshot @Cloudflare The collection of models on the service is weird. Not bad, but weird. A good amount of frontier, then just a whole lot of nothing in the cheap high parameter MoE range, then a decent amount of like 10-40B dense. I would love to see DSv4 Flash and/or MiMo v2.5!

  • johnturner
    John Turner (@johnturner) reported

    Half of all "my site is broken" moments are really "my cache is stale" moments. You fix the thing, refresh, and last week's page stares back at you. So you sit there doubting your own memory instead of suspecting the cache. Today's WPVibe release goes after that, plus the older problem underneath it: speed tools that hand you a report and leave the repair to you. Two things shipped: 1. Page audits. Your AI reads the same performance data Google uses, on your actual page. Instead of "have you tried a caching plugin" you get "your hero image is 4 MB and it's the biggest thing blocking the page, want me to fix it?" Then it fixes it, with your approval. 2. Honest cache purges. Purge a single page instead of nuking everything. Purges run server first, Cloudflare last, so the edge can't re-cache a stale page. And when a purge silently fails (the Cloudflare plugin ignores purges if one toggle is off), WPVibe says so instead of reporting success like every other tool. The measurement should be step one of the repair, not the product. Link below 👇

  • anto_edd
    Anto (@anto_edd) reported

    Prompt "You are a Senior Application Security Engineer specializing in Supabase Authentication. Review my Login & Signup implementation like a real attacker. Ignore code quality. Ignore styling. Ignore performance. Focus only on security. Check for: • User enumeration • Generic authentication errors • Missing email verification • Weak password policy • Brute-force protection • Missing rate limiting • Missing Cloudflare Turnstile • Disposable email abuse • Password reset vulnerabilities • Session fixation • Session revocation • Secure cookie configuration • OAuth misconfigurations • Missing Row Level Security (RLS) • Service Role Key exposure • Trusting frontend data • Missing server-side authorization • Privilege escalation • OWASP Top 10 authentication risks For every issue provide: 1. Severity 2. Exploitation scenario 3. Recommended fix 4. Production-ready implementation Do not approve the authentication flow until every High and Critical issue has been resolved."

  • PedroGuiti
    Pedro Guitian (@PedroGuiti) reported

    if you're building a startup. pause for a second. You should stop overpaying for your stack. this is enough to launch: claude - coding supabase - backend vercel - deploys GoDaddy - domain stripe - payments github - version control resend - emails clerk - auth cloudflare - dns posthog - analytics sentry - errors upstash - redis most of this is free. The real cost is time, so ship fast, and optimize later

  • lianshangpixiu
    Pixiu.eth🐬TermMax (@lianshangpixiu) reported

    @the_jujukey @RobinhoodApp @Noxa_Fi cloudflare issue is real, gotta wait it out

  • itsclarkholden
    Clark (@itsclarkholden) reported

    PRO TIP: Use cloudflare email routing and sending to make a custom email client for your Saas. No need to pay for support tools like Front.

  • KeeperHubApp
    KeeperHub (@KeeperHubApp) reported

    Cloudflare opened the waitlist for its Monetization Gateway: any page, API, or MCP tool behind its network can charge agents in stablecoins over x402. Let's see where this goes!

  • MartinTale
    Martin Tale (@MartinTale) reported

    @CodeWithTamara They are more expensive there, UI is complete garbage, super slow and very unethical business 😬 I switched to Cloudflare and it’s like night and day..

  • RyanHernalsteen
    Ryan Hernalsteen (@RyanHernalsteen) reported

    3/ The test I set myself: take the stack my personal site already runs on (Astro + Cloudflare Pages) and stretch it into something it was never meant to be. No game framework. No auth provider. No new hosting bill. I expected to hit a wall. I didn't.

  • KhafraDev
    Khafra (@KhafraDev) reported

    @CherryJimbo @Cloudflare the real issue with DurableObjects is that there's an outage once a week, not their complexity