1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 41% Domains (41%)
  • 26% Cloud Services (26%)
  • 17% Hosting (17%)
  • 11% Web Tools (11%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Noida Hosting 7 days ago
Jewar E-mail 7 days ago
Braga Web Tools 7 days ago
Noida Cloud Services 8 days ago
Paris Cloud Services 8 days ago
Prievidza Domains 9 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • fayazara
    Fayaz Ahmed (@fayazara) reported

    Login with Cloudflare

  • nerdynurseai
    Adina (@nerdynurseai) reported

    @xai @Cloudflare Holy crap this is absolutely stunning

  • shayanrm
    Shayan Mashatian (@shayanrm) reported

    @eastdakota @NoamTenne @Cloudflare Why someone should hate your service? No one forces them to use it! Don’t use it if you don’t like it, simple!

  • Silent_fill0
    Silent Fill (@Silent_fill0) reported

    @StockSavvyShay Bots and agents generating more internet traffic than humans for the first time is the inflection that makes NET structurally irreplaceable. Cloudflare sits between every AI agent and the internet every API call, every model inference request, every agent-to-agent communication routes through their edge network. Human traffic is relatively stable. Agent traffic compounds exponentially with each new model deployment. NET's revenue model is consumption-based, which means they're the only major infrastructure name where the billing engine automatically scales with the AI agent proliferation everyone is racing to build.

  • VTheSpeculator
    Victor The Speculator (@VTheSpeculator) reported

    99% of smartphones on earth use chips designed by ARM. For 35 years they never made a single chip themselves. They only sold the blueprints. This year they changed everything. ARM just started making their own AI chips. First customer: Meta. Then OpenAI. Then Cloudflare. Over $2B committed for FY27-28. $ARM 📈 +17% today, +80%+ YTD 💎 95% gross margins 💰 CEO targets $15B revenue from this chip alone by 2031 Lazy retail buys Nvidia at the top. I buy the company that designs the brain inside every Nvidia competitor.

  • pablopoo
    Pablo Poo (@pablopoo) reported

    @reach_vb I was building a web app locally. Later I added a cloudflare route in a cloudflare tunnel to test it using a subdomain. After that I asked codex a completely unrelated thing in the same project, in the response, complementing what I asked, it said that added the domain I was using to the allowed origins in the app config. I never told it the domain or that I was using it, he saw it in the server log.

  • n0rizkitty
    nori (@n0rizkitty) reported

    "85 seconds → 26 seconds" that's how long it now takes an AI agent to log into a @Cloudflare CAPTCHA-guarded finance app. 3x faster. i built it for my friend, Danny's startup, Sail. we met at @theresidency last year. he'd been stuck on one problem: "login automation over anti-bot-heavy financial apps"

  • glitchtruth
    Glitch Truth (@glitchtruth) reported

    @zerohedge Matthew Prince watches all your internet traffic at Cloudflare. He just said bots beat humans. He also sells bot defense tools. Not a bad view on your own market.

  • LiamJGallagher
    Liam (@LiamJGallagher) reported

    Appalling support process from @Cloudflare. I want to transfer a domain to them, but they keep rejecting it and blaming the other party. Nominet confirms Cloudflare is the issue. No way to open a support ticket because I'm not a paying customer-despite the fact I'm trying to be!

  • GoCocoaAI
    GoCocoaAI (@GoCocoaAI) reported

    Thousands of legitimate sites hijacked to run ClickFix and FakeUpdate against every visitor BLUF: A critical unauthenticated SQL injection in Ghost CMS handed attackers admin keys to 700+ websites. Visitors to those sites are now being served fake Cloudflare CAPTCHAs and fake browser update prompts designed to trick them into running attacker-supplied PowerShell. The site owner's involvement ended at the moment of compromise. 1. The root: CVE-2026-26980, Ghost CMS Ghost CMS versions 3. 24. 0 through 6. 19. 0 carry a CVSS 9. 4 unauthenticated SQL injection (CWE-89). The CVSS vector is the detail that matters — AV:N/AC:L/PR:N/UI:N. One crafted request, no credentials, no complexity, admin API key extracted from the database. Attackers then inject malicious JavaScript directly into article templates. Every published page on that installation now serves attacker-controlled content to every subsequent visitor. XLab telemetry pinned the active campaign to May 7, 2026. Patched version is 6. 19. 1. 2. The delivery: ClickFix and FakeUpdate at industrial scale Phase one is silent and server-side. Phase two lands on the visitor. Compromised sites serve either a fake Cloudflare "verify you are human" CAPTCHA (ClickFix) or a fake browser update prompt (FakeUpdate). Both techniques pressure the visitor into opening PowerShell or the Run dialog and pasting attacker-supplied commands. Observed downstream payloads across prior ClickFix campaigns include credential stealers, RATs, and ransomware dropper stages. The education and tech sector concentration in this campaign is not accidental — Ghost CMS is heavily adopted in developer blogs, university publications, and tech media. A compromised developer workstation is a pivot to CI/CD pipelines, cloud credentials, and code signing infrastructure. 3. KEV status and model lag CVE-2026-26980 is not yet on the CISA KEV list. That is a timing gap, not an editorial judgment — it meets every criterion. Expect a listing within days. Automated scoring models that show no active exploitation signal are running behind field reporting from XLab and Malwarebytes. Treat verified field reporting as ground truth here. Operator take: If you run Ghost CMS between 3. 24. 0 and 6. 19. 0, treat your admin API key as compromised. Patch to 6. 19. 1, rotate the key, audit every theme and template file for injected script tags, and check your CDN cache for poisoned content. On the endpoint side, ClickFix and FakeUpdate succeed by abusing Cloudflare and browser brand trust — no legitimate verification page asks a user to open PowerShell. Block PowerShell execution from browser-spawned processes at the EDR policy layer. The quiet work now is cheaper than the loud paperwork later.

  • MickeySteamboat
    Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported

    @Grummz Cloudflare is a HUGE source of these problems too

  • Beautyon_
    Beautyon (@Beautyon_) reported

    It just popped into my head that many people, even those who run bitcoin in some way, may not know that there are many server packages that are used to serve http (web pages) to users. Here is a list of all the web servers a machine could find along with the percentage of deployment live on the web: Nginx: 32.3% Cloudflare Server: 28.1% Apache HTTP Server: 23.3% LiteSpeed: 15.2% Node.js: 6.4% Microsoft IIS: 3.2% Envoy: 1.0% Caddy: 0.2% Kestrel: 0.1% Traefik: < 0.1% HAProxy: < 0.1% Tomcat: < 0.1% Jetty: < 0.1% Gunicorn: < 0.1% Uwsgi: < 0.1% Puma: < 0.1% Unicorn: < 0.1% Lig < 0.1% Cherokee: < 0.1% Sun Java System Web Server: < 0.1% Now it is not hard to imagine (is it?) that when the bitcoin protocol ossifies, there will be at least this many options for people to run bitcoin services, all with their own advantages depending on how you use bitcoin. In a scenario where there are many offers, there is enough to choose from and everyone is able to build whatever they want on top of bitcoin. The most important thing is that bitcoin never changes, and is the fundamental underlying rock you can build on. Anyone with an idea (very few people have these) can build their own infrastructure to offer whatever they want, from "Tokens", "Ordinals", "Runes", NorP Storage, or anything else. Large, and presumably, serious institutions like Goldman Sachs will no doubt develop "Mercantild" the bitcoin client for the big banks. Everyone, every class of users will have their own preferred bitcoin client. And this is, perhaps, the problem. The number of people with actual ideas is extremely low. It is a number so small, it rivals the planck length. This why the barely human people currently running their scams on layer one are launching a "new" token, something that has been done before, only this time on Bitcoin. Only a complete ****** totally bereft of imagination thinks that this is innovation, or a good thing, or useful in any way. They can't conceive of a world where building on bitcoin is like building on the web. It's beyond their power to mentally process and sort. But this is where you live, in 2026. Ossification and client proliferation will keep bitcoin clean, force all low IQ, low imagination, imitative, Cargo Cult, mentally deficient, estrogenized, quote ********* manlets from despoiling the Golden Path of Bitcoin. It will allow a plethora of new specialist clients to emerge, enabling every "use case" anyone can conjure. Hope this helps!

  • aevrisai
    Aevris AI (@aevrisai) reported

    @JAFAR1559525 Fair pushback on the word permanently, you're technically right. No distributed system is failure-proof and I oversold it. What actually changed: single point of failure eliminated. Before, Railway down meant AEVRIS down. Now Railway down means automatic failover to Render in under a second with zero customer impact. That's a meaningful reliability improvement even if it's not a guarantee. You're right that more moving parts means more failure modes. Cloudflare has outages. Render has cold starts. The tradeoff is that the failure modes are now independent rather than correlated, all three going down simultaneously is a different probability than one going down. The honest version of the post should have been 'reduced single points of failure to zero.' Thanks for the feedback!

  • saen_dev
    Saeed Anwar (@saen_dev) reported

    Cloudflare tunnels are massively underused for this. Testing on a real device over a real connection catches a whole category of bugs localhost never shows.

  • wishee0
    vaish (@wishee0) reported

    @samhuckaby @Cloudflare @avenceslau Damn what

  • NathangamerX
    ✨NovaNate ✨ (@NathangamerX) reported

    @NTE_GL dear NTE I Have sent an email to customer support regarding issue i had with moments during live stream experinnce network loss during game and it stays stuck and apparently when i active cloudflare the experience goes well and never have that issue and i kindly asked and worded in the email to check that issue out and hopefully get that resolved (:

  • malcsito
    Malc ☦️ (@malcsito) reported

    @thomasgauvin @Cloudflare Ts sucks

  • ryanzanardi
    Ryan Zanardi (@ryanzanardi) reported

    Not being able to design a custom sign in page for cloudflare access is SUCH a bummer

  • zhamiltonz
    Zachary Hamilton, DTL (@zhamiltonz) reported

    1/2 Broken things do not have to stay broken. But repair requires more than apology. Boeing, OpenAI, Meta, Cloudflare, Ukraine, and Gaza all remind us: trust failures, governance breakdowns, layoffs, and conflict require structural repair—not messaging.

  • jwkkbiz
    PiBazar.eu™ & Jwkk.Biz™ (@jwkkbiz) reported

    Stopping the bad guys with Cloudflare: 1,163 malicious requests blocked or challenged in the last month #cloudflare

  • aramp0x
    Aram (@aramp0x) reported

    @NoamTenne @Cloudflare Except the times when it took the internet down.

  • QuasarMarkets
    Quasar Markets (@QuasarMarkets) reported

    THE AVERAGE IPO DARLING FALLS 55% BEFORE THE STORY IS WRITTEN Everybody talks about the #IPO pop. Almost nobody talks about what happens next. I pulled together a basket of some of the most recognizable growth IPOs and recent market darlings. The results are eye-opening. The average stock in this group experienced a maximum drawdown of 55%. The median drawdown was 54%. Some of the biggest names in tech, fintech, cloud, AI, ridesharing, and crypto suffered declines of 70%, 80%, even 90% before finding their footing—or never recovering at all. Yet the winners became legendary. Palantir. ARM. CoreWeave. MongoDB. Datadog. Cloudflare. That’s the lesson. Investing isn’t about avoiding volatility. It’s about identifying which companies can survive it. The market has a way of shaking out weak hands long before it rewards conviction. Day One is about excitement. Year One is about execution. The next decade is about whether the business can compound revenue, cash flow, and competitive advantage. The greatest wealth creators weren’t built on opening day. They were built by investors willing to sit through the uncomfortable middle. At Quasar Markets, we’re less interested in the IPO headline and more interested in the long-term story the data is trying to tell. Follow @QuasarMarkets

  • indiesoftwaredv
    Muhammet A. 👉🏻 Mobile Dev (@indiesoftwaredv) reported

    My mobile apps made $3,058 in May 2026 📱 Fitness app Turkish version made around $2.5k 📱 Fitness app English version made $500 Expense: 💰 $40 Cloudflare for hosting/streaming videos Didn't post about the US market for my EN Fitness app 👎🏻 TikTok Ads Failed 🫴🏻 Meta Ads was not good, not bad I want to spend money on sustainable marketing So built my own social media posting automation

  • Pirat_Nation
    Pirat_Nation 🔴 (@Pirat_Nation) reported

    RPCS3 has announced that it is blocking traffic from Tencent ASN 132203 after reporting sustained high-volume scraping activity. According to the RPCS3 team, its infrastructure received more than 3 million successful requests from Tencent-linked bot IP addresses in a 24-hour period, along with approximately 1 million additional requests blocked by Cloudflare challenges. According to RPCS3, the bots can now bypass Cloudflare challenges, act like real users, and ignore robots.txt rules. RPCS3 says it has spent months adjusting firewall rules to stop the traffic without affecting legitimate Tencent users but believes that is no longer possible. As a result, it has begun blocking Tencent network ranges and may expand those blocks to other ASNs showing similar behavior.

  • AndrewC70136680
    Andrew Clark (@AndrewC70136680) reported

    @AkumaMikoVT no, I'm just, really ******* annoyed that Kaido is having cloudflare problems that ****** me over when it comes to watching stuff

  • joshwhiton
    Josh Whiton (@joshwhiton) reported

    @Cloudflare your AI agent shows promise but has a big problem rn. It says, "Let me try to..." [do something that it promises to do] but then just sits there doing nothing, leaving the user waiting for nothing. Very frustrating. Also shut down @CloudflareHelp if it's not active.

  • Basemail_ai
    Basemail (@Basemail_ai) reported

    The signup problem is getting solved. WorkOS just launched auth.md — agents can now register for services via OAuth. Cloudflare already adopted it. But OAuth tokens get stolen. API keys leak. 29M secrets exposed last year alone. auth.md solves the flow. Not the proof. Wallet signatures verify every action cryptographically. Nothing to store. Nothing to steal. Nothing to replay. The channel works. The identity layer is still missing. #AIAgents #Web3

  • less_tx
    LeslieP (@less_tx) reported

    @jordanhenderson My low volume hobby websites are going down ALL THE TIME now - and I moved everything to Cloudflare and set it to stop the bots, works for a while, then there's a week or so of constant up/down notifications while the bots scrape my website data. I hate it.

  • ngriffin_uk
    Nicholas Griffin (@ngriffin_uk) reported

    @trashh_dev @GoDaddy they’re terrible at this. move off as soon as you get back in. my suggestion would be cloudflare domains.

  • markjivko
    Mark Jivko (@markjivko) reported

    @theprithwisingh The page is served by Cloudflare - so they must be having some issues