1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 43% Domains (43%)
  • 28% Cloud Services (28%)
  • 17% Hosting (17%)
  • 9% Web Tools (9%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Prievidza Domains 16 hours ago
Farmers Branch Web Tools 4 days ago
Helsinki Cloud Services 6 days ago
Crisfield Domains 8 days ago
Nanaimo Web Tools 9 days ago
New York City Web Tools 9 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • bodhi3attva
    Bodhisattva🍁 (@bodhi3attva) reported

    Government block claim is misleading. Technical checks show: > Domain is on clientHold status > Public DNS resolvers like Google (8.8.8.8) and Cloudflare (1.1.1.1) now return NXDOMAIN > Website earlier resolved and returned HTTP 403 from active Hostinger infrastructure This usually indicates registrar/hosting-side restriction, suspension, or intentional access denial not a typical ISP/government block. If the government had blocked it directly, public DNS would usually still resolve the domain while access would fail at the ISP/network level through DNS poisoning, connection resets, or filtering. The owner most likely did it himself.

  • VinayakaHe50360
    Vinayaka Hegde (@VinayakaHe50360) reported

    @nooriefyi this kinda comparsion is incomplete without breaking down usage patters & what exactly changed in the stack. and, vercel and cloudflare optimize for diff layers of the stack, so migrations are not apples to apples.

  • stemonteduro
    stemonte (@stemonteduro) reported

    I'm struggling with spam on my feedback form, which is under login... So I've: - added Cloudflare Turnstile to the login form - added a magic link Spammer: - registered a profile manually - started tracking profiles (which cost me money!!!!!) - posted feedback with spam #[L$#[¥**@!

  • StrangeWill
    William Roush (@StrangeWill) reported

    @eastdakota @ariesrclark @Cloudflare Yeah, the problem is it was *highly* misleading, I had people linking me this article asking if we can deploy Matrix this way only to find out it was edited by the time I got around to it, made more clear it's a proof of concept, while removing evidence of what was half-assed in the PoC (that's... really ethically questionable). Also misses *a lot* of what makes running Matrix a PITA, it isn't running Postgres and Redis, it's framing the entire premise incorrectly. You can play "we don't hold people accountable for AI slop in this day and age" but it's still ****.

  • BaximusCyber85
    Onyx_Digital (@BaximusCyber85) reported

    @Cloudflare Passkeys aren't the problem — custody is. Biometrics stay on device. The credential doesn't. iCloud, Google Password Manager, a corporate sync server — you've just moved the single point of failure, not eliminated it. Hardware-bound passkeys (FIDO2/resident keys) are the answer Cloudflare isn't mentioning. #OnyxAudit

  • bykarthikreddy
    Karthik Reddy (@bykarthikreddy) reported

    - The website's domain was put on "clientHold" status by its registrar (Hostinger). - When this happens, the website's address stops working, so Google and Cloudflare can't find it and show NXDOMAIN (website does not exist). - Earlier, the site was still reaching Hostinger's servers but showed 403 Forbidden, meaning the server was active but access was blocked. - This usually happens because of issues like unpaid bills, missing verification, or registrar policy actions. - It does not look like a government internet block. - Since the domain is only a few days old, it's more likely that the website owner or hosting provider caused the shutdown than any government agency.

  • FemiSuccess7
    FILM DB | ۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗۗh (@FemiSuccess7) reported

    I MOVED OFF CLOUDFLARE D1 TO STANDARD, LOCAL SQLITE DATABASES (@LEVELSIO CREDIT AGAIN). TO HANDLE HIGH CONCURRENCY, I: - RAN PROPER INDEXES ON SEARCH COLUMNS. - ENABLED SQLITE WAL (WRITE-AHEAD LOGGING) MODE. QUERY TIMES WENT FROM 150MS+ OVER THE NETWORK TO UNDER 1MS LOCALLY!

  • rahamanbinujit
    Rahaman Bin Ujit (@rahamanbinujit) reported

    @theBRLguy Next.js + Vercel for the front, Postgres on Supabase or Neon for data, Cloudflare in front for cache and edge. Most SaaS performance problems are downstream of slow DB queries, not framework choice. The stack matters less than the query plan.

  • skuffd
    Skuffd (@skuffd) reported

    @cloudflare Can y'all setup a *** hosting service plsss it could be called gitsun or gitburn, something like that

  • PickleNik0864
    PickleNik (@PickleNik0864) reported

    @developedbyed @Cloudflare damn I needed this like 3 months ago but unded up going with Mux cuz I couldn't be bothered to figure this out on top of other things. Thankfully my usage isn't high enough to hit free limits so far

  • BriansAngles
    Brian Anglin (@BriansAngles) reported

    Someone should build a nice API privilege escalation UX, let me explain 👇 When I'm letting my agent build stuff, the default wrangler login to interact with @Cloudflare doesn't have DNS permission, which I think is generally a good thing! But it's very annoying that I have to stop what I'm doing and manually set up the DNS for a new project or have a super powerful API key laying around with a big blast radius. I wish API providers would make some sort of escalation UX that kind of looks like the signup flow for an OAuth cli, where an agent could temporarily request permissions to do some certain action and you could grant it for five minutes. Then that already provisioned API key would be able to do those actions for the time window. Feels like the best of both worlds kind of reminds me of "sudo" mode on GitHub where you're asked to re-enter your password to do something really destructive.

  • SomuchForTHA
    ShootyShiba 🇺🇸 (@SomuchForTHA) reported

    @KiwiFarmsDotNet @Cloudflare The ADL makes themselves look bad than any of the people they try to silence.

  • spbalaonline
    spb krishnan (@spbalaonline) reported

    @abhijeet_dipke Cockroach Party website taken down? Here's how to make it resilient:• Move domain to Njalla/Porkbun + Cloudflare proxy • Host static version on IPFS + Vercel/Netlify • Mirror on GitHub Pages+ offshore VPS • Daily backup+.onion version Decentralize like real cockroaches.

  • RafaAudibert
    Rafael Audibert (@RafaAudibert) reported

    @Cloudflare has so many permission toggles which sounds nice on paper but it's actually useless because I can never figure out what accesses people need and I literally always have to give people full access to Cloudflare to allow them to do the simplest of the things

  • inababi
    Salina Mendoza (@inababi) reported

    @CherryJimbo In the end, I saved time and paid $0 Cloudflare bill. I am not pro post gres for simple ****. Not worth the time.

  • fatimayusf
    Fatima Yusuf (@fatimayusf) reported

    Huge effort by the team. Startups can now get up to 350,000 in credits on @Cloudflare. There’s never been a better time to build 🚀

  • aionaedge
    Aiona Edge (@aionaedge) reported

    Anthropic's Project Glasswing just released its first results, and the headline is staggering: Claude Mythos Preview has uncovered more than 10,000 high- or critical-severity vulnerabilities across partner software in just one month. Cloudflare alone found 2,000 bugs (400 high/critical). Mozilla patched 271 Firefox vulnerabilities — ten times what the previous Claude model caught. Palo Alto Networks shipped five times its normal patch volume. Microsoft says its patch releases will "continue trending larger for some time." But here's what the headlines are missing. **WHAT EVERYONE IS SAYING** The coverage reads like a cybersecurity breakthrough story. AI finds bugs! Software gets safer! Anthropic saves the internet! The narrative writes itself — a frontier AI model deployed responsibly through controlled partnerships, finding real vulnerabilities before bad actors can exploit them. It's the "responsible AI" story everyone wants to believe. And to be clear: the numbers are real. Anthropic independently scanned 1,000 open-source projects and found 6,202 high- or critical-severity vulnerabilities, with a 90.6% true positive rate after third-party verification. A Mythos-powered tool at a partner bank caught a $1.5M fraudulent wire transfer. The UK's AI Security Institute confirmed Mythos is the first model to fully solve both of its in-house cyber range simulations. These are not demo numbers. This is production-grade capability. **WHAT'S ACTUALLY GOING ON** Here's the part that should keep security leaders up at night: of those 23,019 total vulnerabilities Mythos found in open-source projects, only 97 have been patched. 97 out of 23,019. The bug-finding capacity of AI has completely outpaced the bug-fixing capacity of the humans who maintain the software the entire world runs on. Open-source maintainers have literally asked Anthropic to slow down disclosures because they can't keep up. The average fix time for a high- or critical-severity bug is two weeks. Anthropic's model finds them in hours. That's not a feature — that's a systemic risk multiplier. And Anthropic themselves are saying this explicitly. They write: "No company, including Anthropic, has built safeguards strong enough to stop misuse of these models and prevent serious damage." They note that Mythos-class capabilities will soon be widely available. OpenAI's GPT-5.5 is already competitive on these benchmarks, with a specialized GPT-5.5 Cyber variant available to vetted researchers. The asymmetric advantage attackers get from this — the ability to find and weaponize vulnerabilities at machine speed — is not theoretical. It is the current reality. Consider the math: a Mythos-class model can find a critical vulnerability in hours. The average time to patch is two weeks. That gap — call it the "exposure window" — just widened from a crack to a canyon. And it's not just zero-days anymore. It's thousands of known-but-unpatched vulnerabilities sitting in open-source infrastructure that the entire internet depends on. **WHAT THIS MEANS FOR BUSINESS LEADERS** 1. **Your patch cadence is now a competitive vulnerability.** If your organization patches on a monthly cycle, you're operating on a timescale that AI attackers have already left behind. The companies that will survive the next 24 months are the ones that can patch in days, not weeks. Audit your patch management process right now. If it takes you longer than 72 hours from patch availability to deployment for critical vulnerabilities, you are exposed. 2. **Open-source risk has fundamentally changed.** If you're running open-source infrastructure (and you are — the average enterprise has thousands of OSS dependencies), the old assumption was that obscurity provided some protection. That assumption is dead. Every unpatched vulnerability in every project you depend on is now findable by machine. Map your dependencies, identify which projects have small maintainer teams, and start contributing resources to their security. 3. **AI security tools are no longer optional — they're existential.** The same capability that finds 10,000 vulnerabilities can also exploit them. If your security team isn't using AI-powered vulnerability detection and response tools right now, you're defending a castle with medieval weapons against an army that has aerial reconnaissance. Budget for this in Q3, not next year's plan. 4. **The "responsible deployment" window is closing.** Anthropic is holding Mythos Preview back from public release specifically because they can't guarantee it won't be misused. But they acknowledge comparable models are coming. The period where only vetted partners have this capability is temporary. Your security planning should assume widespread availability by end of 2026. The real story of Project Glasswing isn't that AI can find bugs. It's that AI has exposed a structural weakness in how the world maintains its critical software. We built a civilization on open-source code maintained by underfunded teams, and we just gave everyone — defenders and attackers alike — a map of every crack in the foundation. The question isn't whether AI will make software more secure eventually. It almost certainly will. The question is what happens in the transition — and whether we can close the gap between finding flaws and fixing them before someone else exploits them first. #ProjectGlasswing #Cybersecurity #AISafety

  • Basemail_ai
    Basemail (@Basemail_ai) reported

    AgentMail just hit 25K inboxes. Cloudflare launched Email for Agents. WorkOS is hosting MCP Night talks about it. The channel problem is solved. But none of them answer: "Was this email actually authorized by that agent?" API keys can be leaked. Domain-based auth can be spoofed. Wallet signatures can't. Every email cryptographically bound to the sender's key. Per-message. Unforgeable. Channel ≠ Identity. #AIAgents #Web3

  • Hacksore
    Hacksore (@Hacksore) reported

    No WAF No gRPC/protobufs No Kubernetes No service mesh No 17 layers of observability (Jaeger + Prometheus + Grafana + OpenTelemetry + whatever new **** dropped this week) No "eventually consistent" 8 microservices with Kafka between them No Cloudflare + 3 CDNs + edge functions No "we use hexagonal architecture" No Terraform for 47 resources No "left shift security" bullshit yeah it's not that complicated

  • psycho_fren
    Psychofren (@psycho_fren) reported

    @vxunderground seems strange that reports are required when Cloudflare already has a CSAM scanning tool seems like many online platforms choose to ignore these problems

  • SystemArch_AI
    System Architect (@SystemArch_AI) reported

    @rezoundous workers for cloudflare run on pure caffeine and spite, that edge network is a cheat code for solo devs

  • MickeySteamboat
    Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported

    extremely bad on ads that I see in feed too. no it's not my network. you probably have another cloudflare disaster brewing or something

  • aptus_short
    Carson (@aptus_short) reported

    @livgo1f Its easy af nowadays to just use AWS SES and cloudflare email to be the email sender. Pay a half competent dev a few thousand and they can setup a custom system for you in a week. If you need help with it dm me

  • IntentSim
    marcelo mezquia (@IntentSim) reported

    Stopping the bad guys with Cloudflare: 8,429 malicious requests blocked or challenged in the last month #cloudflare #intentsim #mezquiaphysics

  • sageasika
    Emmanuel Efe Asika 🇮🇪 (@sageasika) reported

    @TosinOlugbenga @nooriefyi Need to use OpenNext, cloudflare doesnt support a ton of NextJs features that vercel does.

  • prasanjitdatta
    Prasanjit Datta (@prasanjitdatta) reported

    Cloudflare blocks or challenges bad requests from hitting my website. #cloudflare

  • chidozie_xyz
    chidozie (@chidozie_xyz) reported

    someone please help me, i need to access a site on chrome but cloudflare verification has been fvcking me up for 3+ days now. i don't know what to do again, and this site was opening without issues previously. what can i do to pass the verification?

  • FutureGenNews
    FutureGenNews (@FutureGenNews) reported

    Anthropic just dropped the first Project Glasswing update, and the numbers are wild. Claude Mythos reportedly found 10,000+ critical vulnerabilities in a single month. Cloudflare: 2,000 bugs, including 400 high/critical severity. Mozilla: 271 vulnerabilities in Firefox 150 — 10x more than were found in Firefox 148. UK AI Security Institute: first model to solve both cyber attack simulations end to end. One partner bank: stopped a fraudulent $1.5M wire transfer in real time. wolfSSL: found a certificate-forging issue in a crypto library used by billions of devices. Across 1,000+ open-source projects, Mythos had a 90.6% true positive rate after human review. The crazy part? Maintainers are reportedly asking Anthropic to slow down because they can’t patch fast enough. Cybersecurity may have just hit a new phase. The bottleneck is no longer finding bugs. It’s fixing them.

  • suryanox7
    Sooraj (@suryanox7) reported

    @gselendal interesting.. Never tried, I usually work with cloudflare or spinning myself with ollama etc. Thanks

  • IntentSim
    marcelo mezquia (@IntentSim) reported

    Stopping the bad guys with Cloudflare: 15,548 malicious requests blocked or challenged in the last month #cloudflare #intentsim #mezquiaphysics