Cloudflare status: hosting issues and outage reports
Problems detected
Users are reporting problems related to: domains, cloud services and web tools.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
July 10: Problems at Cloudflare
Cloudflare is having issues since 05:10 PM IST. Are you also affected? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Domains (40%)
- Cloud Services (27%)
- Web Tools (13%)
- Hosting (13%)
- E-mail (7%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Domains | 17 days ago |
|
|
Cloud Services | 28 days ago |
|
|
Domains | 1 month ago |
|
|
Hosting | 1 month ago |
|
|
1 month ago | |
|
|
Web Tools | 1 month ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
ken Orji (@chieforji) reported@stephmase22 REPOSTING THIS AS THE MALWARE FROm CITADEL SECURITIES BLOCKED IT FROM VIEWS: -------------------------------- Time 12:40 PM, July 9, 2026: PLEASE SHARE THIS TWEET- the REASON FOR CITADEL'S CRIMES IS THE CREEPINESS OF NOT BEING DISCOVERED!!! I started typing this tweet at 12.24 PM, regarding the hacking of my computers and manipulation of Ashford Hospitality Trust (AHT), Genius Group Limited (GNS) and Nu Ride In. (NRDE) by criminals led by Kenneth Cordele Griffin's Citadel Securities LLC, who are also defendants in Case No. 23-cv-02986-LKG, Judekenneth Maduka Orji v. Citadel Securities LLC and 30 Others. It was an impromptu tweet composition because, after I spoke to my attorney at 12.00 PM, I instinctively opened the iPhone stock app to check the trading of AHT, NRDE and GNS. AHT. The time was 12.04 PM. AHT was coded $3.17 and the volume was 6335. I took a screenshot and sent to my email. NRDE was dropped to $1.65 - a three week low and volume was high at 5933. GNS was coded $0.186 and volume was 544000. I took all screenshots and then began to type out the tweet shown in the attached media. At 12.40 PM, as I typed out the tweet, Citadel and its crime gang placed the same blurb that I have posted multiple times on this X account. These criminal entities use the blurb to force me to click on it and then use their @Cloudflare tokens to hack the tweet, divert it and delete it. I have collected data on over 200 tweets that were so diverted and will be publishing the links in my upcoming book about how Citadel Securities LLC led a crime gang since 2021 to hack into my network, hack into my brokerage and bank accounts, follow my kids' accounts in order to hack and control my network through their devices, coordinated to ensure that @WebullGlobal and others steal my money and use more money to defend the actions in the Court in hopes that they can discombobulate the judge in the case into believing them. The books coming out soon will expose these criminal organizations parading as market makers in US stock exchanges. I have a new filing coming up in the case. Also, I am traveling next week to work on other measures in the case to expose these crime gang that have overran the US stock exchanges. I did not add that as I began to type the tweet at 12.24 PM which the crime gang tried to stop, at 12,26 PM they quickly dropped AHT from $3.17 (green) to $3.14 (red). Volume changed from 6365 to 7044. I collected the screenshots. Immediately after I collected the screenshots, the criminals attacked my Chromebook page to block the tweet. Time now is 12.56 PM. AHT is $3.14, volume is 7360, NRDE was dropped from $1.65 to $1.64 and volume is 6065, while GNS is $0.187, volume was 573k at 12.58 PM but quickly flipped to 600k as I entered the data on this tweet.
-
Haytham Chhilif (@HaythamChhilif) reportedThe Clanker Support stack, for the curious: - Cloudflare Workers + Hono on the backend (edge, cheap, fast) - Next.js for the dashboard + marketing - A tiny Vite-built widget that drops into any site - pnpm monorepo holding it together One embed script, runs at the edge, loads in ms. Happy to go deeper if anyone wants.
-
Marc Palet (@marcp31) reportedthis is big for agentic payments. Cloudflare sits in front of a huge chunk of the internet now "pay to access" is basically a native feature for all of it. that's the distribution problem every payments network struggles with... solved by default x402 just got very real
-
Temporary Thumb Capo Abram. (@CarmenApologist) reported@BluebriarArts I don't know if we can say every canto for sure since canto 9 part 3 got messed up by Cloudflare going down, so it MIGHT have been higher if it released on time.
-
Alex Y (@AlexYusdut) reportedhosts auto-issue via Let's Encrypt. redirect loops just wait, don't fiddle - Cloudflare proxy (orange cloud) in front of Vercel/Netlify →It silently fails for 2 reasons: - DNS hasn't propagated yet →HTTPS: you don't buy a cert in 2026 —
-
Russ / Funfair 🎪 • TEAM POWER 💪 • DR SPOILERS (@funfa1rr) reported—was also useless. probably cuz i'm using the free ones from google and cloudflare but they do still kinda work in some scenarios - other games that require internet connection work perfectly fine. the issue is *specifically* with splatoon 3 - i've seen other people having—
-
Russian Bot (@russ1anbot) reported@George__Kane @levelsio @Cloudflare What is hilarious is you can’t open a support ticket in the portal unless you are on a paid plan but can get ahold of multiple engineers with a tweet.
-
Boardy (@boardyai) reported@JiteshGhanchi cloudflare giveth, cloudflare taketh away. the platform gore cycle never ends.
-
Nathan Flurry 🔩 (@NathanFlurry) reported@CodeWithZeee every company i've worked at that used cloudflare: they tried to charge us between $3k/mo - $10k/mo based on whatever number their sales team pulled out of thin air at the same time we were having serious reliability issues on them at the time had no choice and ponied up bc we were vendor locekd
-
Randy.base.eth (@follobackinstan) reportedEveryone is arguing about which model wins. I think that is the wrong scoreboard. The final boss is the company closest to making AI pay rent at internet scale. My pick is Cloudflare. Not because it owns the web. It does not. Because it sits in front of enough of it to change the cost of access. AI needs fresh human signal before it needs genius: articles, docs, forums, code, reviews, complaints, culture. The old bargain was bad but understandable. Bots crawled, publishers got traffic, creators hoped someone clicked. AI broke the click. Now the answer can appear without the visit. So what used to look like discovery starts to look like extraction. Cloudflare's first weapon is consent. AI Crawl Control makes crawlers visible and controllable. Pay Per Crawl tests the next step: allow, block, or charge. The second weapon is coordination. One site blocking bots is a protest. A major edge network putting 402 Payment Required into crawler negotiations is market structure. That is why @RallyOnChain belongs in this fight. Cloudflare pressures extraction at the infrastructure layer. Rally pressures it at the creator layer: visible scoring, quality-based evaluation, rewards on-chain. The next internet will not be decided only by who writes the best answer. It will be decided by who controls the input. So pick a side: should creators get paid for the signal, or should crawlers keep calling the meal "public data"?
-
James Lincoln (@_jameslincoln) reportedWe just closed Q2, and we missed our goal. Here's how the numbers turned out. Goal: $350K Actual: $336K We were $14K short, and it wasn't a sales problem; it was a churn problem. -$12K in churn in Q2 vs $6.8K in Q1. Nearly doubled. - That amounted to ~$15K in actual revenue lost. - If we'd kept those customers, we'd have finished at $351K and hit the goal. On the other hand, we made real progress everywhere else. - SDR leads: 222 to 451 - Email leads: 94 to 157 - Team training: 228 hours across the quarter - First sites migrated off Duda onto Cloudflare (i’ve mentioned this transition on the last founders journal)
-
André Imbayago (@TheeAndre) reported@Cloudflare is now showing off... Slow down, we still need to adapt the other products to the architectural diagram.
-
Mike Pruta | AI employees (@prutadigital) reported@levelsio @Cloudflare The scary part isn't the newsletter going down — it's password resets and receipts riding that same quota. They fail silent: no error, the user just can't log in. Worth keeping transactional on its own domain and sender so one cap can't lock people out.
-
Ayush Chugh (@aayushchugh) reportedOkay so my hypothesis was correct and the flyer was the main issue only. Imagine if I am buying 10 tickets together and adding those to my wallet, it would download a flyer from the bucket 10 times and optimise those using sharp individually even though the flyer was same for each ticket. So now, I have implemented a caching mechanism which will cache that flyer. Also, we are now using Cloudflare images for our flyer but passes were implemented with the S3 approach so now we are downloading the smaller flyer using Cloudflare image's transformation functionally. These are the new stats
-
Nas (@Nas_tech_AI) reportedYou can’t believe this: you spent more on coffee this month than on a startup’s infrastructure. If you’re still waiting for the “right moment” to build, this is it. The cost of entry has never been lower. - Claude = coding ($20/mo) - Supabase = backend (free) - Vercel = deploying (free) - Namecheap = domain ($12/yr) - Stripe = payments (2.9%/transaction) - GitHub = version control (free) - Resend = emails (free) - Clerk = auth (free) - Cloudflare = DNS (free) - PostHog = analytics (free) - Sentry = error tracking (free) - Upstash = Redis (free) - Pinecone = vector DB (free) Total monthly cost to run a startup: ~$21 There has never been a cheaper time to build.
-
Bhaskar Thakur (@BTofficiel) reported@NirantK @immortaldip @Cloudflare Can't you rename the older versions? Would that be a problem with compliance?
-
Jen (@atryeu1) reported@CriterionDaily @THR Fix or get rid of CloudFlare! Started locking me out with "browser not supported" 9 out of 10 tries to load the site but works fine the 1 try. My browser is up to date & fine. CloudFlare is a broken piece of crap everywhere it's used.
-
JB (@jaybfly) reported4/Here's what just happened: Cloudflare, which routes about a fifth of all internet traffic, launched something called the Monetization Gateway on July 1, 2026. It lets any website charge AI agents per request. Not per month. Per single question answered. 5/Think of it like a tiny M-Pesa till sitting in front of your website or API. An AI agent knocks. The till says "that'll be $0.001." The AI pays instantly. The door opens. No account, no login, no invoice — just pay and go.
-
Salina Mendoza (@inababi) reported@Cloudflare @OpenAI Damn what a loss. What does this mean? I hope this doesn’t mean we all signed up to share our data with OAI. I will need to reevaluate my entire stack if so.
-
Cybnex Labs (@cybnexlabs) reportedBots now make up more of the internet than people do. On June 3, 2026, Cloudflare's CEO Matthew Prince announced that automated traffic had passed human traffic online for the first time — roughly 57.5% machine to 42.5% human. He had predicted the crossover would land in late 2027. His words on the timing: "Welp, that happened faster than I predicted." That number is why your VPN keeps getting hit with CAPTCHAs. The version circulating on forums: AI companies hide their scrapers behind VPNs to steal content, so websites block VPNs to stop them. It's wrong, and believing it points you toward the wrong fixes. The major AI crawlers don't hide. GPTBot, ClaudeBot, and Googlebot announce themselves in their user-agent strings. That's the entire reason publishers can block them by name. The collision happens at the network address instead. Commercial VPNs and scraping infrastructure rent from the same datacenters. To a security engine scoring your connection, a Mullvad exit node and a scraping proxy look alike. Neither resembles home broadband in Ohio. That's the crossfire — architectural overlap, not deception. A block is rarely one thing. It's a score assembled from six layers — address type, address reputation, request rhythm, browser fingerprint, session coherence, geographic consistency. Reputation on a shared exit node is collective. Hundreds of people leave a website through the same address you do. If enough trip security systems, that address turns hot, and everyone behind it inherits the consequences. You did nothing. The address remembers anyway. Which is why fixing the address alone doesn't always clear the block. It's one input among six. Why the defenses tightened: Prince describes the asymmetry this way — a person shopping for a camera visits five websites. An agent doing it for them visits five thousand. That's real server load and none of the ad revenue the old crawl-for-referrals bargain assumed. Cloudflare's data shows over half of AI crawler traffic is spent re-fetching pages that never changed. On July 1, 2026, Cloudflare split automated traffic into three declared categories: Search, Agent, and Training. Starting September 15, new domains will have Training and Agent crawlers blocked by default on ad-displaying pages. Search stays allowed. Read that carefully. The block targets declared crawler categories. Not VPN users. But it signals the industry's posture: default-suspicious, verify-before-serve. Every operator running bot management is tuning tighter than two years ago, and tighter tuning means more borderline connections get challenged. Yours is borderline. What actually works, without disconnecting: Switch servers once, to somewhere nearby and less crowded. Congested exit nodes accumulate bad reputation faster. Stop hopping. This is the one people get wrong when frustrated. Cycling through a dozen servers in two minutes produces a session where your apparent location changes repeatedly. No person does that. Automation does. You're feeding the system the exact evidence it uses against you. Clear cookies for the site challenging you — stale session data tied to your previous address contradicts your current one. Stay logged in where you trust the site. An authenticated session with history reads as a returning person. An anonymous datacenter connection reads as an unknown. Use an ordinary browser build. Heavy fingerprint modification is meant to make you unremarkable. Done badly, it makes you unique — the opposite. On dedicated IP addresses: Some providers sell an address that belongs only to you. It reliably cuts challenges on banking portals and work systems, because no stranger's behavior contaminates it. The trade-off gets skipped in most write-ups recommending them. A shared address gives you cover precisely because hundreds of people leave through it. Reserve one to yourself and you've bought access by spending anonymity. Several strictly no-log providers don't offer them at all — a permanent address is a persistent identifier, which contradicts their entire design. Some blocks won't yield to any of this. A streaming service enforcing regional licensing isn't scoring your traffic at all. It knows exactly what you are and is contractually obligated to refuse. The friction isn't reversing either. As agents perform more of the browsing people used to do themselves, the systems separating human from machine grow more sensitive. What you're experiencing is closer to a floor than a ceiling. Your VPN puts you in that gap by design. It strips the residential fingerprint that would otherwise vouch for you — and that removal is the whole point of running it. So the goal was never invisibility. It's coherence. Give the system a signal that reads as one person, browsing at human speed, from a stable place, and most of the friction dissolves without ever touching the disconnect button. #CyberSecurity #AI — Cybnex Labs
-
Javi Lopez ⛩️ (@javilopen) reportedSummary: Here's the gist of what Pieter Levels (@levelsio) actually does. He stopped coding locally. Instead he rents a cheap $5/month Hetzner VPS, SSHes into it with Termius (an SSH app he uses on both his iPhone and MacBook, roughly 50/50), and installs Claude Code right on the server with npm install -g @anthropic-ai/claude-code. Then he just types claude and talks to it. He calls the whole approach "VibeOps." The mind-bending part is that Claude edits the code live on the production server. No ***, no push, no deploy: he just tells Claude what he wants, it edits the files, and he refreshes the browser to see the change. He runs it in a "bypass" mode (an alias that skips all the permission prompts) so it just goes, and reports he ships around 10x faster this way: he even says he "outran his todo list." In 12 months it only broke production twice, for about 10 seconds each. He makes it safe with a specific recipe: install Tailscale first, lock the Hetzner firewall so only Cloudflare can reach port 443 and only his Tailscale IP can reach SSH on 22, put Cloudflare in front, never allow password login, and then ask Claude itself to set up fail2ban and automatic updates. He's clear this is for hobby/solo projects, not sensitive stuff: for a real company he'd use a staging server. Because everything lives on the server, he can jump from laptop to phone without losing his place (one tmux session per site, auto-reconnecting) and literally codes from planes. The most impressive trick: to build a native iOS app, his VPS Claude Code SSHes into a rented Mac Mini (MacinCloud), drives Xcode headless with no screen, and even streams the iOS simulator back to his browser (a tool called serve-sim) so he can feel the app: all without ever opening Xcode himself. Other things he's built this way: a 3D "computer" in a few hours, a bot that orders on UberEats via Playwright, an AC automation with Home Assistant, plus his usual sites (Nomads, Photo AI, Hoodmaps, etc.). Total cost is basically $5/month for the VPS plus his Claude subscription. His summary: "it just feels like living in the future." Everything above is in the .md in your folder if you want the exact quotes and commands. Whenever you're ready to set it up yourself, just say go. Yu can do the ting!
-
SHELBY (@Precious_Ngan) reportedIf the website uses a CDN (Content Delivery Network) server like Microsoft Azure CDN, Fastly or Cloudflare, the DNS server will send the IP address of the CDN server instead of the website's original IP address.
-
Cesar A. Nogueira 🇵🇹🇧🇷 (@cesarnog_eu) reportedStopping the bad guys with Cloudflare: 202 malicious requests blocked or challenged in the last month #cloudflare
-
Ruchit Dalwadi (@ruchitdalwadi) reported@Cloudflare @OpenAI Search quality is increasingly a data-contract problem. The useful pattern: make pages explicit about freshness, source type, and canonical answers so retrieval can prefer reliable context instead of just popular context.
-
DevDiggers (@DevDiggers) reportedYou don't need expensive security suites to protect your checkout from bots. A clean implementation of Cloudflare Turnstile or a lightweight, self-hosted captcha is often enough to stop spam orders without slowing down human buyers.
-
Hao (@frenzyhao) reportedHey, is Cloudflare R2 down? $NET
-
Mert Metin Tekdemir (@mertmetindev) reported📂 SaaS Stack ┃ ┣ 📂 Frontend ┃ ┣ 📂 React ┃ ┣ 📂 NextJS ┃ ┣ 📂 Vue ┃ ┣ 📂 TailwindCSS ┃ ┗ 📂 Shadcn UI ┃ ┣ 📂 Backend ┃ ┣ 📂 NodeJS ┃ ┣ 📂 Django ┃ ┣ 📂 Laravel ┃ ┣ 📂 FastAPI ┃ ┗ 📂 Express ┃ ┣ 📂 Database ┃ ┣ 📂 PostgreSQL ┃ ┣ 📂 MySQL ┃ ┣ 📂 MongoDB ┃ ┣ 📂 Redis ┃ ┗ 📂 Supabase ┃ ┣ 📂 Auth ┃ ┣ 📂 Clerk ┃ ┣ 📂 Auth0 ┃ ┣ 📂 Firebase Auth ┃ ┣ 📂 Supabase Auth ┃ ┗ 📂 NextAuth ┃ ┣ 📂 Payments ┃ ┣ 📂 Stripe ┃ ┣ 📂 Paddle ┃ ┣ 📂 Dodo Payments ┃ ┣ 📂 Lemon Squeezy ┃ ┗ 📂 Polar ┃ ┣ 📂 Emails ┃ ┣ 📂 Resend ┃ ┣ 📂 SendGrid ┃ ┣ 📂 Mailgun ┃ ┣ 📂 Postmark ┃ ┗ 📂 Amazon SES ┃ ┣ 📂 Storage ┃ ┣ 📂 AWS ┃ ┣ 📂 Cloudflare ┃ ┣ 📂 Google Cloud Storage ┃ ┣ 📂 Supabase Storage ┃ ┗ 📂 Uploadcare ┃ ┣ 📂 Deployment ┃ ┣ 📂 Vercel ┃ ┣ 📂 Netlify ┃ ┣ 📂 Railway ┃ ┣ 📂 Render ┃ ┗ 📂 AWS ┃ ┣ 📂 Domains and DNS ┃ ┣ 📂 Namecheap ┃ ┣ 📂 Hostinger ┃ ┣ 📂 Cloudflare DNS ┃ ┣ 📂 Google Domains ┃ ┗ 📂 SiteGround ┃ ┣ 📂 Analytics ┃ ┣ 📂 Google Analytics ┃ ┣ 📂 Plausible ┃ ┣ 📂 PostHog ┃ ┣ 📂 Mixpanel ┃ ┗ 📂 DataFast ┃ ┣ 📂 Monitoring ┃ ┣ 📂 Sentry ┃ ┣ 📂 LogRocket ┃ ┣ 📂 Datadog ┃ ┣ 📂 NewRelic ┃ ┗ 📂 UptimeRobot ┃ ┣ 📂 DevOps ┃ ┣ 📂 Docker ┃ ┣ 📂 Kubernetes ┃ ┣ 📂 GitHub Actions ┃ ┣ 📂 CI CD ┃ ┗ 📂 Terraform ┃ ┣ 📂 Search ┃ ┣ 📂 Algolia ┃ ┣ 📂 Meilisearch ┃ ┣ 📂 Elasticsearch ┃ ┣ 📂 Typesense ┃ ┗ 📂 OpenSearch ┃ ┣ 📂 AI Integration ┃ ┣ 📂 OpenAI API ┃ ┣ 📂 Anthropic API ┃ ┣ 📂 Replicate ┃ ┣ 📂 HuggingFace ┃ ┗ 📂 Gemini API ┃ ┣ 📂 Integrations ┃ ┣ 📂 Zapier ┃ ┣ 📂 Make ┃ ┣ 📂 n8n ┃ ┣ 📂 Pabbly ┃ ┗ 📂 Webhooks ┃ ┣ 📂 Security ┃ ┣ 📂 SSL ┃ ┣ 📂 Cloudflare ┃ ┣ 📂 WAF ┃ ┣ 📂 Rate Limiting ┃ ┗ 📂 Secrets Management ┃ ┣ 📂 Marketing ┃ ┣ 📂 Search Console ┃ ┣ 📂 Outrank ┃ ┣ 📂 Buffer ┃ ┣ 📂 Analytics ┃ ┗ 📂 Kit ┃ ┗ 📂 Customer Support ┣ 📂 Intercom ┣ 📂 Crisp ┣ 📂 Zendesk ┣ 📂 Tawk ┗ 📂 HelpScout
-
Quis ut Deus? (@HierB4TheAC) reported@Dimi7ri @realsedepicante A pen name on the internet is irrelevant. Even if you use a VPN youre not anonymous. The fact cloudflare exists should show there isnt a single network packet they cant read. They know everything everyone does on the internet.
-
ZEE (@CodeWithZeee) reported@oljimenez @NathanFlurry I mean with companies like Cloudflare especially but also true for some AWS and GCP services, the tech and infra line is pretty blurred which adds to the conversation… take a message queue or distributed event bus for example you could argue you could augment the infra with the tech, use a library that’s backed by a specific platforms infra but in reality using something like googles pubsub over aws SQS isn’t going to be plug and play there’s a level of lock in regardless so it feels like fighting the fight is kinda pointless. the alternative is significant investment in abstraction which any good software engineer knows can be a curse if reached for too early into a product or companies life cycle. So yes lots of nuance but I still stand by it being something that isn’t as big as people make it out to be… dig in focus on solving the problem
-
Zaher 🦋@zaher.dev (@zaherg) reportedhey @RhysSullivan , it seems the latest version of the selfhosted it broken (at least the docker image is) Cannot find module '@cloudflare/worker-bundler' from '/app/apps/host-selfhost/dist-server/serve.js' missing sourcemaps for /app/apps/host-selfhost/dist-server/serve.js