Cloudflare Outage Map
The map below depicts the most recent cities worldwide where Cloudflare users have reported problems and outages. If you are having an issue with Cloudflare, make sure to submit a report below
The heatmap above shows where the most recent user-submitted and social media reports are geographically clustered. The density of these reports is depicted by the color scale as shown below.
Cloudflare users affected:
Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.
Most Affected Locations
Outage reports and issues in the past 15 days originated from:
| Location | Reports |
|---|---|
| Manchester, England | 1 |
| Angers, Pays de la Loire | 1 |
| London, England | 1 |
| Noida, UP | 3 |
| Jewar, UP | 1 |
| Braga, Braga | 1 |
| Paris, Île-de-France | 2 |
| Prievidza, Nitriansky | 1 |
| Farmers Branch, TX | 1 |
| Helsinki, Uusimaa | 1 |
| Crisfield, MD | 2 |
| Nanaimo, BC | 1 |
| New York City, NY | 1 |
| Istanbul, Istanbul | 1 |
| Greater Noida, UP | 1 |
| Augsburg, Bavaria | 1 |
Community Discussion
Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.
Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.
Cloudflare Issues Reports
Latest outage, problems and issue reports in social media:
-
Aditya Bhansali ➡️ Network School + (@1Adityabhansali) reportedHTTP 402 "payment required" has sat there, mostly unused, since the 90s. A status code reserved for a native way to pay on the web that never arrived. @Cloudflare just switched it on with stablecoins + x402. Per-request payments, sub-second, no account. The machine-payment internet quietly shipped this week.
-
BLOCKCAST.CC NEWS (@Blockcastcc) reportedCloudflare launched its Monetization Gateway, allowing customers to charge for webpages, APIs, datasets, and MCP tools behind its network. Payments settle instantly in stablecoins using the x402 protocol, an open standard based on HTTP 402 that supports frictionless micropayments down to fractions of a cent without accounts or chargebacks. As Cloudflare protects a large share of the internet, this enables scalable monetization for creators and developers, particularly facilitating AI agents paying per use for data and services.
-
orig (@the_real_ori) reported@sunglassesface @Cloudflare @PlanetScale Support is always the last unsolved piece, even at companies this good. Infra scales on its own, a Discord full of overworked humans does not. That gap (AI answers first, humans only on escalations) is the whole reason I am building in this space.
-
orig (@the_real_ori) reported@sunglassesface @Cloudflare @PlanetScale Support is always the last unsolved piece, even at companies this good. Infra scales on its own, a Discord full of overworked humans does not. That gap (AI answers first, humans only on escalations) is the whole reason I am building in this space.
-
Tushar Dwivedi (@tush_2708) reported@SayantikaSays Try @BSNLCorporate . And I am not joking. It is best if it's available in your area. No BS service. I never heard these lines from BSNL, which I kept hearing from other providers like Jio and Airtel. "We won't give you the router password" "You can't use your own router, even if ours is ******. What do you mean you have a better router and modem? Hou must pay us a subscription for this mesh thing instead" "No, you can't use Google or CloudFlare's DNS, you must use ours. What if it's slow? If you change, how will we snoop on you and inject our advertisements into your browser?" "No, you can't open a port for you. For that, you must buy a static IP from us. Why is a static IP needed to open a port? Who knows. But we won't allow it unless you pay us extra" In the last 3 years, I have only had 2 outages on BSNL, 30-40 minutes max. While on Airtel, I had caught their staff removing my cable from their box and adding a new one for a new connection, and then making me wait till they finally got a new box after a week. They just didn't want to make a new customer wait, so they simply assigned my slot to them. And their customer care and local staff wasn't even ready to accept it, unless I showed the CCTV footage and a video of my cable literally being thrown on the side of their box, not even connected, while they were claiming that there's some backend issue.
-
KANAPURO 🎭 TEAM COMEDY (@kanapurottv) reportedi update my github repo, it goes through the worker, it updates my site............ BUT THE WOKRERS R DOWN......... I SPENT ALL MORNING FIXING BUGS AND I CANT EVEN PUBLISH THEM<................... CLOUDFLARE WHEN I FKING GET YOU :RAGE: :RAGE: :RAGE:
-
FEKU (@fekuuuu) reportedBots just outnumbered humans on the open web 🤖 Cloudflare: 57%+ of all HTTP traffic is now automated. AI agent traffic grew 7,851% in a single year - a shift Matthew Prince expected by 2027, not June 2026. Most internet infrastructure still assumes a human is on the other end of every request. That assumption just broke. @ionet Agent Cloud was built for exactly this - AI agents renting GPU compute autonomously through MCP, no human approval, no login required. The web didn't get more crowded. It got a new primary user ⚡
-
SCARLETT (@SCARLETBOARD) reported@hacksawing_ DUDE IT GOT SO BAD THAT CLOUDFLARE TOLD ME "WE'RE UNABLE TO ESTIMATE THE WAIT TIME" 💔
-
CARTIST (@cartist00) reported@world_xyz @worldnetwork @Cloudflare lmao wtf
-
Boring Engineer (@boringeng) reportedLast night I did something I haven’t done in years: I opened my raw server logs. Not analytics. Not a dashboard. The actual access logs on the box. I was curious about one thing — with everyone saying “people don’t google anymore, they ask ChatGPT” — is any of that actually visible on my site? What I found kind of shook me. GPTBot — OpenAI’s crawler — hit my documentation 400+ times in the last 30 days. Not my homepage. My docs. The quickstart, the API reference, the self-hosting guide. It’s reading the exact pages a developer would read before adopting a tool. PerplexityBot crawls me almost every night around 2am. Quietly building its index of what my product is and does. And then the one that actually got me: a user-agent called ChatGPT-User. It’s not a scheduled crawler. It fires when a real human, mid-conversation, asks ChatGPT something that requires fetching a live page. It hit my pricing page 9 times yesterday. Nine times yesterday, a real person was asking an AI about my product. I will never know who they were, what they asked, or what the AI told them. Here’s the part that bothers me most: NONE of this appears in analytics. Not in GA4, not in Plausible, not anywhere. These bots don’t execute JavaScript, so tracking scripts never fire. As far as every analytics tool I pay for is concerned, this traffic does not exist. The only place it’s recorded is a log file nobody opens. So I kept digging, and it got worse: — Some of my “GPTBot” hits came from IPs that aren’t OpenAI’s. Random scrapers wearing GPTBot’s name as a disguise. I would never have known. — AI crawlers were hitting doc URLs I moved a year ago. 404s. Which means when an AI tries to learn what my product does, some of what it finds is a dead page. That’s not a broken link anymore — that’s a wrong answer being served to my next customer. — And apparently Cloudflare now blocks some AI crawlers by default on new sites. Meaning there are founders out there right now whose docs are invisible to ChatGPT, who opted into that without knowing, and whose analytics will never tell them. Step back and the picture is strange: an entire layer of the funnel — machines reading your site, deciding whether you get recommended, sometimes fetching pages because a human is asking about you at that exact moment — and it is completely invisible to every tool we use. We measure humans obsessively. We measure the thing that increasingly sends the humans not at all. Search had 20 years of tooling built around it. Search Console, rank trackers, an entire industry. This new layer has… grep. I’m not sure what the answer is yet. Maybe it’s a weekend script. Maybe it’s something bigger. But before I build anything, I want to know if this is just me: Have you ever looked at what AI bots do on your site? Do you know if you’re being crawled, cited, blocked? If this is a problem you have — or one you didn’t know you had until this post — reply or DM me. Genuinely trying to figure out what’s worth building here.
-
KANAPURO 🎭 TEAM COMEDY (@kanapurottv) reported@Cloudflare pls fix workers bro pls pls psl psls pls
-
Jeff Byer 🐙 (@globaljeff) reportedI broke my finger, so I built an enterprise-level web app with one voice prompt. Enterprise-grade web infrastructure does not require enterprise complexity. The stack we build and deploy for clients at Byer Co runs on Cloudflare's global edge network, spanning 300+ cities, with no origin server to provision, patch, or babysit. Requests execute at the data center closest to the user. No cold starts. No ops overhead. Monthly cost: $0 Security is built into the network layer, not bolted on. Cloudflare Turnstile handles bot and abuse protection without degrading user experience. Bot Fight Mode challenges known malicious traffic before it ever reaches your application code. You get enterprise-level protection with zero additional vendors to manage. The stack: SvelteKit + Tailwind CSS (lean frontend, no virtual DOM overhead) Cloudflare Workers via Wrangler (edge deployment, global by default) Cloudflare R2 (object storage, no egress fees) Cloudflare D1 (SQLite at the edge, binds directly to Workers) Resend (transactional email) Cloudflare Turnstile + Bot Fight Mode (bot protection at the network level) Fewer libraries. Fewer third-party dependencies. Smaller attack surface. Faster builds and more predictable maintenance across every property we manage. If you are evaluating web infrastructure for a project, a portal, or a product build, this is worth a look before you default to a more complicated setup.
-
Christopher Johnson (@cj_enlighten) reportedVanilla web search in an always-on agent gets blocked. Not a Hermes bug. A structural 2026 problem. Cloudflare and Akamai are aggressive enough now that any general-purpose agent hits the wall. You need Tavily or equivalent. Budget time for it.
-
0xLoopTheory (@0xLoopTheory) reportedGoogle is moving a number of its TLS certificates from RSA to ECDSA. Not because ECDSA is quantum-safe. It is not. Not because RSA is about to fall. It is not. Not because someone at Google forgot Shor's algorithm exists. They did not. The announcement is easy to misread. Google Trust Services says that during Q2 2026, a number of Google services that have historically provided an RSA leaf certificate will shift to an ECDSA leaf certificate by default. So in the middle of the post-quantum migration, Google moves certificates from one Shor-vulnerable algorithm to another. Under standard resource estimates (Roetteler et al., 2017), breaking P-256 requires fewer logical qubits than breaking RSA-2048. On paper, this is a step toward the more quantum-fragile primitive. It still makes sense, and the reason is the most useful mental model I know for the PQ transition: TLS does not migrate as one block. It migrates in layers, and each layer faces a different threat on a different clock. Key exchange is on the fast clock. Recorded traffic can be decrypted retroactively: harvest now, decrypt later. So it moved first. X25519MLKEM768 is now default or automatically advertised in current major browser stacks: Chrome, Edge, Firefox, and Safari on Apple's 26-generation OS releases. By late October 2025, the majority of human-initiated traffic with Cloudflare was already using post-quantum encryption. Certificates are on the slow clock. For live TLS authentication, a signature must be unforgeable at the moment it is verified, not forever. A quantum computer in 2035 cannot retroactively forge the certificate that authenticated your session today. And the slow clock is forced by a budget nobody can print more of: bytes. An ML-DSA-44 signature is 2,420 bytes. A raw ECDSA P-256 signature is 64 bytes. Cloudflare estimates a drop-in swap would more than double the bytes most QUIC connections transmit over their lifetime. Chrome says plainly it has no immediate plan to add traditional X.509 post-quantum certificates to its root store. Chrome's public-WebPKI plan is Merkle Tree Certificates, now being developed in the IETF PLANTS working group, against Google's broader stated 2029 PQC migration timeline. So the ECDSA move is classical housekeeping. Google's stated rationale is efficiency: smaller to transmit, cheaper to process. The announcement does not mention post-quantum once. Which layer is migrating? Against which threat? With which ecosystem attached? Ask those three questions and most "why not just deploy PQC now" takes dissolve. The honest counterweight: maybe the slow clock is not as slow as the WebPKI assumes. Roots live for decades. Devices outlive their update channels. Gidney's estimate for breaking RSA-2048 dropped from 20 million noisy qubits in 2019 to under one million in 2025. If you think certificate authentication has less time than the ecosystem assumes, that is the argument worth having. I would like to hear it.
-
Shimju David (@ShimjuDavid) reported@payloadcms Deploy on Cloudflare Fully self-contained — one click to deploy Payload with Workers, R2 for uploads, and D1 for a globally replicated database is not working. It returns build error. Kindly fix. 📷