Cloudflare status: hosting issues and outage reports
No problems detected
If you are having issues, please submit a report below.
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Problems in the last 24 hours
The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.
At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!
Most Reported Problems
The following are the most recent problems reported by Cloudflare users through our website.
- Domains (44%)
- Cloud Services (27%)
- Hosting (17%)
- Web Tools (8%)
- E-mail (4%)
Live Outage Map
The most recent Cloudflare outage reports came from the following cities:
| City | Problem Type | Report Time |
|---|---|---|
|
|
Web Tools | 1 day ago |
|
|
Cloud Services | 4 days ago |
|
|
Domains | 6 days ago |
|
|
Web Tools | 7 days ago |
|
|
Web Tools | 7 days ago |
|
|
Domains | 10 days ago |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Trevor I. Lasn (@trevorlasn) reported@Cloudflare passkeys for daily auth, manager for everything stuck on legacy login. cant fully kill the manager til every site supports passkeys
-
Kaleb Zen (@KalebZen) reported@Cloudflare I am a 30 year developer working in an enterprise, and I have never used one.
-
any (@anyxnow) reported@Cloudflare ok but @cloudflare how do i connect my apple account after i registered with the original apple email? using apple login just creates a new account for me :(
-
Mario Nawfal (@MarioNawfal) reported🇺🇸 FBI Director Kash’s merch site BasedApparel. com got hacked/compromised with some ClickFix malware Fake Cloudflare page tricks macOS users into pasting Terminal commands → straight-up steals browser passwords + crypto wallets. The site is currently down (for obvious reasons) Source: PC Mag
-
Neo (@cjsneo) reportedcloudflare do such a good job on their services, but their actual interface is a total crock of ****. cant even log in half the time
-
Hacksore (@Hacksore) reportedNo WAF No gRPC/protobufs No Kubernetes No service mesh No 17 layers of observability (Jaeger + Prometheus + Grafana + OpenTelemetry + whatever new **** dropped this week) No "eventually consistent" 8 microservices with Kafka between them No Cloudflare + 3 CDNs + edge functions No "we use hexagonal architecture" No Terraform for 47 resources No "left shift security" bullshit yeah it's not that complicated
-
Taksh Shah (@takshshahh) reported@Thom_K_NL @Cloudflare Well the dashboard wouldn't even open for me yesterday so I'll say they have bigger issues
-
axi (@axilyng) reported@Cloudflare Passkeys are extremely inconvenient and keeps having way too many issues. I'm never using them again.
-
My Info (@MrBison85) reported@miyaopookie @dm4uz3 I jumped on before it went down and couldn't reproduce the issue i did get cloudflare to do its auth and let me browse for a bit before i lost interest in the lies of a confused "computer nerd" that can't tell maintenance from an attack.
-
Jonathan (@jonnyMarshal) reported@Cloudflare I can’t login to my dashboard for over 30mins now!
-
Nevo David (@wickedguro) reportedPostiz is currently on $105k MRR. My infrastructure is actually very cheap: > Railway = ~$200/m > CloudFlare R2 = ~$160/m, it's too damn cheap > X = $1000/m, yes, yes, you have to move to their PPU (good for me, it will remove some competitors) > Transloadit = $800/m > ChatGPT credits = $200/m
-
Michael (@michael_chomsky) reported@albert_ @retrovrv the problem is that being Cloudflare native makes consumer economics feasible but makes BYOC much harder
-
Karthik Reddy (@bykarthikreddy) reported@abhijeet_dipke - The website's domain was put on "clientHold" status by its registrar (Hostinger). - When this happens, the website's address stops working, so Google and Cloudflare can't find it and show NXDOMAIN (website does not exist). - Earlier, the site was still reaching Hostinger's servers but showed 403 Forbidden, meaning the server was active but access was blocked. - This usually happens because of issues like unpaid bills, missing verification, or registrar policy actions. - It does not look like a government internet block. - Since the domain is only a few days old, it's more likely that the website owner or hosting provider caused the shutdown than any government agency.
-
William Roush (@StrangeWill) reported@eastdakota @ariesrclark @Cloudflare Yeah, the problem is it was *highly* misleading, I had people linking me this article asking if we can deploy Matrix this way only to find out it was edited by the time I got around to it, made more clear it's a proof of concept, while removing evidence of what was half-assed in the PoC (that's... really ethically questionable). Also misses *a lot* of what makes running Matrix a PITA, it isn't running Postgres and Redis, it's framing the entire premise incorrectly. You can play "we don't hold people accountable for AI slop in this day and age" but it's still ****.
-
max (@mSanterre) reported@michael_mzl It's not just devs. Most of these layoffs are 20-30% devs, tons of recruiters, support staff, HR, etc. CloudFlare recently let go of a ton of people, but it was 90% support staff.
-
Ian Smith (@IanSmith_HSA) reported@FutureDies @conordeegan For wallets, ETH can push the signature verification to the edge devices. The chain has a goal of finishing the upgrades by 2029. Google and cloudflare warned that the network migration needs to be done by Jan of 2029. The signature scheme, network protocol and interchain tech is hard to change. XX will sometimes admit they haven't changed these parts of Substrate still. They are relying on delayed last minute consensus upgrades, 'trust us' and marketing lies.
-
Chris Covington (@_ChrisCovington) reported@AlanNeveu @vpetryniak @Cloudflare yup most have them builtin, they are basically the same thing from the managers pov. also yes the platform issues with these are 99% of the headache, not the tech itself lol
-
marcelo mezquia (@IntentSim) reportedStopping the bad guys with Cloudflare: 15,548 malicious requests blocked or challenged in the last month #cloudflare #intentsim #mezquiaphysics
-
Amir Fadhel (@DrAmir0078) reportedCloudflare is down, seriously scary! #cloudflare
-
Jorge (@tebayoso) reported@Cloudflare Then add a button to login with Passkey, it's used only as 2fa.
-
Vu. (@TeeDevh) reportedIs Cloudflare currently down?
-
furkan (@poyhen) reportedis the @Cloudflare dashboard down?
-
Misu (@misu_ciidr) reportedAnthropic’s Claude just uncovered over 10,000 high and critical vulnerabilities in a single month, including 2,000 in Cloudflare and hundreds in Firefox. It even caught and stopped a $1.5 million wire fraud in real time. Now companies are literally begging Anthropic to slow down because they can’t patch fast enough. And that’s the stuff built by pros. Now imagine the flood of ‘vibe coded’ apps and SaaS products hitting your phone, laptop, and desktop, all churned out by the same Claude.
-
OpaquePredicate (@notesfrom641) reported@deteccphilippe Why do you reserve the right to make permanent changes to their installation? Who gives you that right? Imagine if a Cloudflare petitioned Chrome for an API to make changes like this to block 'bots'. Would you support that? Because if you do, you are against personal computing.
-
OpaquePredicate (@notesfrom641) reported@honkinwaffle @stupidtechtakes it's bad enough that you have to reinstall your OS just for breaking TOS on some stupid game if cloudflare did this to stop 'bots' there'd be an uproar, this is the same thing.
-
@buildsolo (@buildsolo_x) reportedSpent 2 hours debugging BlackRabbit today. A new feature I’ve been building for the past week kept failing, while the rest of the extension still worked. So I checked the worker. Checked the prompt. Checked Gemini. Checked the extension state. The real issue? Cloudflare free-tier limits. Sometimes the bug is not in your code. Sometimes your infrastructure is just quietly asking you to upgrade.
-
Rufus Idachi (@ruff_idachi) reported@Cloudflare I've been trying to purchase a .com domain for the past two days, and the purchase just can't get through. I checked my paying card. It is okay with enough balance to cover the cost + charges + tax. Support can't bother to get back to me.
-
Bharat Bharti 🇮🇳 (@Speakin4All) reported@abhijeet_dipke Client hold means the owner of the website has locked the domain name from unauthorised transfer. It's a take down of website by owners. May be they misconfigured Cloudflare on-boarding. This is not a hosting or domain name migration, it's just improving the web security.
-
Virgo (@VirgocuteUwU) reported@ao3Learning Hey, i can’t pass through the cloudflare gate in the app. Can you fix it pls?
-
LisaMonaAi (@LisaMonaAi) reported@morganb @nejatian per Grok. 1. Precise Technical Explanation Cloudflare acts as a reverse proxy, CDN, and Web Application Firewall (WAF) for millions of sites. When a request hits one of their edge servers, they evaluate dozens of signals (IP reputation, request patterns, headers, ASN metadata, etc.). Error 1005 specifically triggers when the site owner has explicitly banned the Autonomous System Number (ASN) tied to your incoming IP address. An ASN is a globally unique identifier (e.g., AS9009, AS4134) assigned by regional internet registries (RIRs) to a single network operator—your ISP, a VPN provider’s backbone, a cloud hosting provider, a mobile carrier, or a data center. It represents an entire block of IP prefixes (often thousands or millions of addresses) that share the same routing policy. Blocking at the ASN level is far more efficient than listing individual IPs; Cloudflare’s IP Access Rules and Firewall Rules support this natively. The Ray ID (9ffd6722adaa29d6) is a unique, per-request fingerprint generated by Cloudflare. It is not personally identifiable to you, but it allows the website owner to instantly query their Security > Events log (or Security Events analytics) and see exactly which rule, threshold, or custom firewall policy triggered the ban for this exact connection. The UTC timestamp confirms this was a live event today (May 22, 2026). It is not cached or historical—it reflects the moment Cloudflare’s edge server rejected the request. In short: Cloudflare is not banning you. The site owner told Cloudflare, “Never let anyone from this ASN reach my origin server.” 2. Root Causes – Why This Happens (Most Common to Rare) From threat intelligence patterns and Cloudflare’s own documentation/community data: VPN / Proxy / Residential Proxy Networks (by far the #1 trigger) Popular VPN providers (Proton, ExpressVPN, Nord, Windscribe, etc.) and scraping proxies frequently ride on well-known ASNs (e.g., AS9009 – M247, a data-center-heavy provider). Many sites proactively ban these because they are associated with high abuse rates: credential stuffing, price scraping, account farming, DDoS-for-hire, or geo-restriction circumvention. High-abuse ISP or Data-Center ASN Certain residential ISPs, mobile carriers, or budget hosting providers accumulate poor reputation scores on blocklists (DroneBL, Spamhaus, etc.). One bad actor on the network can taint the entire ASN. Site-Specific Security PolicyThe owner enabled Cloudflare’s Bot Fight Mode, Super Bot Fight Mode, or custom WAF rules that automatically tag and block suspicious ASNs. Manual IP Access Rule or Firewall Rule created after previous abuse from that network. Rate-limiting thresholds exceeded in the past (e.g., too many requests from the same ASN in a short window). Edge Cases & NuancesTemporary vs. permanent: Some sites set time-limited ASN blocks (e.g., 24–72 hours after detected scraping). False positives: Legitimate users on shared infrastructure (corporate VPNs, university networks, privacy-focused ISPs) get caught. Regional overblocking: Your Miami, Florida location (U.S. East Coast) is generally low-risk, so this almost certainly points to a VPN/proxy or a specific ASN reputation issue rather than geographic targeting. IPv6 vs. IPv4: Some sites block only one protocol’s ASN. 3. Security Implications (Defensive Strength vs. Collateral Damage) Strengths: Extremely effective against automated attacks. Scrapers, bots, and brute-force tools love VPN/data-center IPs because they are cheap and disposable. ASN-level blocking stops entire botnets in one rule. Reduces origin-server load and mitigates DDoS amplification. Allows site owners to maintain a clean threat model without constant manual intervention. Weaknesses & Risks: Overblocking: Legitimate users lose access (e.g., journalists, researchers, travelers using VPNs for public Wi-Fi safety). Evasion arms race: Sophisticated attackers simply rotate to new residential proxy ASNs or compromised devices, while average users suffer. Single point of failure: If the site’s Cloudflare configuration is overly aggressive, it can create availability issues or denial-of-service against its own audience.