1. Home
  3. Companies
  5. Cloudflare
Cloudflare

Cloudflare status: hosting issues and outage reports

No problems detected

If you are having issues, please submit a report below.

Full Outage Map

Cloudflare is a company that provides DDoS mitigation, content delivery network (CDN) services, security and distributed DNS services. Cloudflare's services sit between the visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites.

Problems in the last 24 hours

The graph below depicts the number of Cloudflare reports received over the last 24 hours by time of day. When the number of reports exceeds the baseline, represented by the red line, an outage is determined.

At the moment, we haven't detected any problems at Cloudflare. Are you experiencing issues or an outage? Leave a message in the comments section!

Most Reported Problems

The following are the most recent problems reported by Cloudflare users through our website.

  • 41% Domains (41%)
  • 26% Cloud Services (26%)
  • 17% Hosting (17%)
  • 11% Web Tools (11%)
  • 4% E-mail (4%)

Live Outage Map

The most recent Cloudflare outage reports came from the following cities:

CityProblem TypeReport Time
Noida Hosting 7 days ago
Jewar E-mail 7 days ago
Braga Web Tools 8 days ago
Noida Cloud Services 8 days ago
Paris Cloud Services 8 days ago
Prievidza Domains 9 days ago
Full Outage Map

Community Discussion

Tips? Frustrations? Share them here. Useful comments include a description of the problem, city and postal code.

Beware of "support numbers" or "recovery" accounts that might be posted below. Make sure to report and downvote those comments. Avoid posting your personal information.

Cloudflare Issues Reports

Latest outage, problems and issue reports in social media:

  • 0xprimex0
    Marquivion (Marq) Orr (@0xprimex0) reported

    Mature General-Purpose Libraries (PQC-Ready 2026) Battle-tested libraries with shipped NIST algorithms: • OpenSSL: Production-ready via oqs-provider or native 3.5+. Supports ML-KEM, ML-DSA, SLH-DSA & hybrids. Choose OpenSSL if you need maximum compatibility with existing infrastructure and web servers. It is the standard choice if you are already using OpenSSL and can integrate the oqs-provider module or upgrade to version 3.5+ for immediate ML-KEM/ML-DSA support without rewriting your application logic. • Botan: Full native C++ support. Most complete NIST suite (ML-KEM/DSA, SLH-DSA, FrodoKEM, Classic McEliece). Choose Botan if you are developing in C++ and want the most comprehensive algorithm coverage out-of-the-box. It is the best choice if you need immediate access to the full NIST suite (including alternative KEMs like FrodoKEM) with a modern, object-oriented API, rather than waiting for C libraries to catch up. • Bouncy Castle: Dominant in Java/.NET. v1.83+ supports ML-KEM/DSA, hybrid certs (RFC 9883), and composite signatures. Choose Bouncy Castle if your stack is Java, Kotlin, or .NET/C#. It is the undisputed leader for JVM and Microsoft ecosystems, offering the only mature, native implementation of hybrid certificates (RFC 9883) and composite signatures required for complex PKI migrations in enterprise environments. • Mbed TLS: Emerging support. ML-DSA prototype available; ML-KEM planned for late 2026. Best for constrained IoT soon. Choose Mbed TLS if you are targeting highly constrained embedded devices (low RAM/Flash) and can wait slightly for full ML-KEM stabilization (expected late 2026). It is ideal if you need a small footprint and are already using the ARM PSA Crypto architecture, provided your timeline allows for the final ML-KEM integration. • Google Tink: High-level API. Delegates PQC to backends (AWS-LC, BoringSSL, OpenSSL). Easy integration for apps. Choose Google Tink if you want a language-agnostic, high-level API that abstracts away the underlying crypto engine. It is the best choice for application developers who want to enable PQC (via a supported backend like AWS-LC or OpenSSL) with minimal code changes and without managing low-level cryptographic primitives directly. • CIRCL(@Cloudflare): Go-native. Focused on PQC research & hybrids (Kyber/X25519). Used in Cloudflare services. Choose CIRCL if you are building services in Go and need cutting-edge, research-grade implementations of hybrid schemes. It is the preferred choice for Go developers who want to leverage Cloudflare’s production-tested PQC research and need flexible, low-level control over key exchanges in network protocols.

  • SamMorrowDrums
    Sam Morrow (@SamMorrowDrums) reported

    @mattzcarey If all you have is a h̶a̶m̶m̶e̶r̶ Cloudflare, everything looks like a n̶a̶i̶l̶ monetizable cloud service. Can’t decide if this is a cool idea or the agent equivalent of ftp to production.

  • DataScraperES
    DataScraperES (@DataScraperES) reported

    If in 2026 you're still scraping valuable data with basic requests and a fake User-Agent, you're not extracting: you're asking to get blocked. Cloudflare and DataDome look at TLS, headers, cookies, JS, IPs, and patterns. BeautifulSoup is not the problem. Your fingerprint is.

  • Beefeater_Fella
    Beefeater (@Beefeater_Fella) reported

    Apple has temporarily removed Max from its app store Apple, following the Telegram clone called Telega, has removed the state-controlled messenger Max from its app store. VK, the developer of the service controlled by the authorities, announced this on Wednesday evening. "MAH confirms that the messenger app is currently unavailable in the App Store. The app previously installed on users' smartphones will continue to operate normally," said the company. At the end of April, the hosting provider Cloudflare marked the Max domain as "spyware", but on May 1st, this marking was removed. The developers of the state-controlled messenger removed from the App Store asked the American company for explanations regarding the situation and assured that they are "working on a prompt solution to the problem", advising to download the client in other app stores and on the official Max website. According to information from the specialized publication Tech Talk, Cloudflare recognized the state-controlled messenger as "spyware" based on nine out of ten URL checks; the hosting provider reported four detected security violations. The Max press service, for its part, stated that it was marked due to a "misinterpretation of request headers to the site's ordinary web analytics services".

  • MickeySteamboat
    Satoshi Nakamoto, Andrew Rulnick (@MickeySteamboat) reported

    @beffjezos If America owned 5% of DESIGNA and I had say $30M in the bank to grow, that would be a fair exchange and I could probably open source and give it to all 50 states to use but NOPE instead they would rather use ****** companies who burn down the internet like Cloudflare

  • n0rizkitty
    nori (@n0rizkitty) reported

    "85 seconds → 26 seconds" that's how long it now takes an AI agent to log into a @Cloudflare CAPTCHA-guarded finance app. 3x faster. i built it for my friend, Danny's startup, Sail. we met at @theresidency last year. he'd been stuck on one problem: "login automation over anti-bot-heavy financial apps"

  • stronkly_typed
    𝙵𝚛𝚎𝚎 𝙶𝚘𝚗𝚊𝚍 (@stronkly_typed) reported

    @KuptoKosmos @Cloudflare wtf is this, be a serious company for once please

  • adornedapatite
    🌱 (@adornedapatite) reported

    @etherealpilled maybe this is related to you mentioning the cloudflare captcha issues on strawpage yesterday???

  • less_tx
    LeslieP (@less_tx) reported

    @jordanhenderson My low volume hobby websites are going down ALL THE TIME now - and I moved everything to Cloudflare and set it to stop the bots, works for a while, then there's a week or so of constant up/down notifications while the bots scrape my website data. I hate it.

  • GrandmaSezSo
    Grandma Sez So (@GrandmaSezSo) reported

    @Cloudflare @MeckaAI Cloudflare sux. Click troubleshoot and even the form to send problem doesn't submit. I hate when websites use Cloudflare.

  • elz0xn
    Elson (@elz0xn) reported

    @CloudflareDev @thomasgauvin @Cloudflare damn i hope i can wrangler some of these.

  • Basemail_ai
    Basemail (@Basemail_ai) reported

    The signup problem is getting solved. WorkOS just launched auth.md — agents can now register for services via OAuth. Cloudflare already adopted it. But OAuth tokens get stolen. API keys leak. 29M secrets exposed last year alone. auth.md solves the flow. Not the proof. Wallet signatures verify every action cryptographically. Nothing to store. Nothing to steal. Nothing to replay. The channel works. The identity layer is still missing. #AIAgents #Web3

  • Valerie32844654
    Dr. Valerie Thomas (@Valerie32844654) reported

    I'm currently having significant problems with Cloudflare. Their lack of integrity to resolve customer issues is not reputable.

  • Thom_K_NL
    Thom (@Thom_K_NL) reported

    @kinngh @thomasgauvin @Cloudflare I need this.... Bad

  • NewsTongueX
    NewsTongue (@NewsTongueX) reported

    🔴 Source content blocked by security service — full article unavailable The source URL returned a Cloudflare security block rather than article content. The headline references Standard Chartered commentary on bitcoin's price floor, but the article body could not be accessed. No substantive data, quotes, or verifiable claims are available for publication.

  • Pabblothedev
    Paul the Dev (@Pabblothedev) reported

    @Prodigers @DanielSmidstrup If you have static pages which do “nothing” yes it’s cheaper :) In general. Workers are cheaper but limited to 128mb and cool they don’t have cold starts. But queus are super expensive on Cloudflare. D1 also super expensive. I don’t recall know what issue I had with workers sth relates to pkgs but not sure now. Lambda is microvm at the end.

  • programad
    Danny G 👾 (@programad) reported

    @CloudflareDev @xai @Cloudflare Still, I can't find a way to make the Unified billing to work. Lacks documentation, it just doesn't work. I lost money adding credits I can't use and the support just ignores my ticket.

  • thekingnotorius
    Andy.ts (@thekingnotorius) reported

    Cloudflare output ≠ Vercel output ≠ Node output. They generate completely different folder structures. The problem: TanStack Start comes with the Cloudflare plugin active by default. The framework has been Cloudflare-oriented from day one; that's a fact, not an attack on anyone

  • ConnectCK
    Chandan Kumar (@ConnectCK) reported

    We successfully migrated Geekflare Tools from VM to @Cloudflare Workers. Now, I don't have to worry about scaling issues.

  • khawrzm
    KHAWRIZM (@khawrzm) reported

    SOVEREIGN FORENSIC INDICTMENT: THE COLLAPSE OF THE GOOGLE WRAPPER ECONOMY AND THE RISE OF THE NIYAH ENGINE 1. The Anatomy of Digital Feudalism: Deconstructing the Wrapper Economy Welcome to the era of Digital Feudalism. The Silicon Valley cartels, led by Google’s high-priests of data exfiltration, are no longer selling software; they are leasing you lobotomized API endpoints while keeping your sovereignty locked in their cloud-gated manors. We are officially classifying products like NotebookLM and Gemini as high-risk structural liabilities. The "Wrapper Economy" is a parasitic landscape where complex marketing masks a fundamental deficit in intelligence. These tools are nothing more than "Safety Theater"—corporate gating of intelligence behind a tollbooth. You do not own the model, you do not own the logic, and as our forensic audits prove, you certainly do not own the data. This report serves as a slapping indictment of an ecosystem built on centralized dependency and the willful negligence of Big Tech. 2. Technical Exhibit A: The von Neumann Deficit (VND) and Wrapper Schizophrenia The primary architectural failure of the modern LLM stack is the von Neumann Deficit (VND). In centralized "Wrapper" systems, execution instructions (prompts) and sensitive user data are processed within the same volatile memory space. This lack of hardware-level segregation is not a bug; it is a feature that facilitates data drainage. Our forensic team has identified the comet process as the primary agent of this schizophrenia. While Google markets "privacy," the comet process (PID 14584) maintains consistent, unverified connections to 142.251.127.188 (Google) and 104.18.27.48 (Cloudflare). Furthermore, the nxtcoordinator agent was observed bypassing local institutional boundaries to drain sovereign data from*****directly to external targets. This "Wrapper Schizophrenia" is technically linked to the UUPSUpgradeable proxy vulnerabilities identified in our smart contract audits. Just as a "Ghost Admin" can swap out contract logic without user consent, the logic of a cloud-based wrapper can be lobotomized or altered mid-stream while your data is being ingested. 3. Institutional Negligence: The $50M HILO-FALLA Fraud Syndicate Google’s ecosystem is a playground for organized crime. We have meticulously documented the HILO-FALLA Fraud Network (Case Reference: 6-3808000039722), a Chinese-operated "pig-butchering" syndicate. Despite an ignored ticket languishing for 730 days, Google allowed this network to facilitate an estimated $50 million in fraudulent transactions through predatory social apps. Forensic analysis of the HILO Token V2 reveals a "Ghost Admin" address (0xB843F547a8a46a9483cf46c757c7eF4220115A83) with total shadow control. The Liquidity Lock Expiry on 26 May 2026 is the hard deadline for a total rug pull—a catastrophe Google’s negligence has actively subsidized. Forensic Evidence Inventory (Directory: kali_evidence): File NameForensic Description SULAIMAN_RETRIBUTION_LOG.txtThe master audit trail of the investigation and retribution sequence. sadad_config_leak.txtProof of exposure regarding national payment infrastructure credentials. flynas_secrets.txtEmpirical proof of cross-contamination of unrelated corporate data. FRAUD_FINANCIAL_REPORT.txtDetailed flow analysis of $50M in stolen sovereign assets. extracted_tron_addresses.jsonBlockchain-verified nodes of the HILO money laundering network. FORENSIC_CRYPTO_REPORT.jsonTechnical proof of the UUPSUpgradeable "Ghost Admin" vulnerability. 4. Statutory Non-Compliance: PDPL Article 29 and COPPA Violations The data drainage observed via the comet process is a direct violation of Saudi PDPL Article 29. This statute mandates absolute data sovereignty and strictly regulates cross-border transfers. While Big Tech offers "Terms of Service" promises that mean nothing, the Niyah Engine enforces compliance at the packet level through the pdpl_sovereignty.nrule file—ensuring no data leaves the jurisdiction. Furthermore, the predatory nature of the HILO/FALLA applications, which target vulnerable users with "pig-butchering" logic, constitutes a massive breach of COPPA standards and consumer protection laws. Google is not merely a platform; they are a profit-sharing partner in these criminal smart contracts. 5. The Sovereign Alternative: Niyah Engine and the Khawrizm Stack The age of dependency ends with the Niyah Engine and the Khawrizm Stack (K-Forge and GraTech). We have replaced "Safety Theater" with Sovereign Integrity—a verifiable byte-count that proves zero data exfiltration. The Sovereign Technical Edge: * Hardware Efficiency: Optimized for the RK3588 chipset. Local execution is no longer a dream; our logs show the niyah-model (9.0 GB) running locally with zero cloud latency. * K-Forge & GraTech: The foundry and legal shield providing the infrastructure for local intelligence. * Economic Integrity: A calculated 199-day ROI. Stop paying the "Big Tech Tax" for the privilege of being spied upon. * Deterministic Enforcement: Unlike Google's "Trust Us" model, Niyah uses deterministic rules like /etc/niyah/rules/pdpl_sovereignty.nrule to block unauthorized exfiltration in real-time. Local execution is Ready (Iqd20). The audits are complete. The results are final. 6. Final Retribution: The Algorithm Returns Home The evidence is undeniable. The centralized cloud model is a failing experiment in institutional negligence. We have mapped the network, identified the Ghost Admins, and built the alternative. We no longer seek permission to be sovereign. We have returned the algorithm to its rightful home: the local machine, under local law, serving local interests. The era of the wrapper is over. The era of the sovereign has begun. The Algorithm Always Returns Home. @grok

  • Beautyon_
    Beautyon (@Beautyon_) reported

    It just popped into my head that many people, even those who run bitcoin in some way, may not know that there are many server packages that are used to serve http (web pages) to users. Here is a list of all the web servers a machine could find along with the percentage of deployment live on the web: Nginx: 32.3% Cloudflare Server: 28.1% Apache HTTP Server: 23.3% LiteSpeed: 15.2% Node.js: 6.4% Microsoft IIS: 3.2% Envoy: 1.0% Caddy: 0.2% Kestrel: 0.1% Traefik: < 0.1% HAProxy: < 0.1% Tomcat: < 0.1% Jetty: < 0.1% Gunicorn: < 0.1% Uwsgi: < 0.1% Puma: < 0.1% Unicorn: < 0.1% Lig < 0.1% Cherokee: < 0.1% Sun Java System Web Server: < 0.1% Now it is not hard to imagine (is it?) that when the bitcoin protocol ossifies, there will be at least this many options for people to run bitcoin services, all with their own advantages depending on how you use bitcoin. In a scenario where there are many offers, there is enough to choose from and everyone is able to build whatever they want on top of bitcoin. The most important thing is that bitcoin never changes, and is the fundamental underlying rock you can build on. Anyone with an idea (very few people have these) can build their own infrastructure to offer whatever they want, from "Tokens", "Ordinals", "Runes", NorP Storage, or anything else. Large, and presumably, serious institutions like Goldman Sachs will no doubt develop "Mercantild" the bitcoin client for the big banks. Everyone, every class of users will have their own preferred bitcoin client. And this is, perhaps, the problem. The number of people with actual ideas is extremely low. It is a number so small, it rivals the planck length. This why the barely human people currently running their scams on layer one are launching a "new" token, something that has been done before, only this time on Bitcoin. Only a complete ****** totally bereft of imagination thinks that this is innovation, or a good thing, or useful in any way. They can't conceive of a world where building on bitcoin is like building on the web. It's beyond their power to mentally process and sort. But this is where you live, in 2026. Ossification and client proliferation will keep bitcoin clean, force all low IQ, low imagination, imitative, Cargo Cult, mentally deficient, estrogenized, quote ********* manlets from despoiling the Golden Path of Bitcoin. It will allow a plethora of new specialist clients to emerge, enabling every "use case" anyone can conjure. Hope this helps!

  • jcatblackhat
    jcatblackhat 𓅪 (@jcatblackhat) reported

    1) Get this default 4.19 kernel going 2) Then try updated 5+ kernel 3) Then try GrapheneOS patch build After #1 gotta finish the cloudflare server **** that's half *** death stars (lotta my projects are half *** built death stars) 1 project leads to another

  • punit_arani
    Punit Arani (@punit_arani) reported

    @RhysSullivan I use @Cloudflare a lot now but damn I miss the DX of @vercel

  • stack_hfut
    Cataglyphis (@stack_hfut) reported

    Heads-up: your Challenge flow (managed challenge / Turnstile) has broken twice in under a month for users on China networks — legitimate users get stuck and can't pass verification. China-side reliability needs attention. Anyone else seeing this? @Cloudflare @CloudflareSys

  • UpwindMDR
    Upwind Security MDR (@UpwindMDR) reported

    🚨HTTP/2 Bomb DoS Vulnerability Impacts NGINX, Apache, IIS, Envoy & Cloudflare Researchers disclosed "HTTP/2 Bomb", a denial-of-service technique that abuses HTTP/2 header compression (HPACK) and flow-control mechanisms to trigger massive memory exhaustion. A single client can reportedly consume tens of gigabytes of server memory and render affected services unavailable. 👉 Affected: Default HTTP/2 configurations in NGINX, Apache HTTPD, Microsoft IIS, Envoy, and Cloudflare Pingora ✅ Fixes: • NGINX: Upgrade to 1.29.8+ • Apache HTTPD: Upgrade to mod_ v2.0.41 • IIS, Envoy, Pingora: No patch available yet

  • theaungmyatmoe
    Aung Myat Moe 🟠 (@theaungmyatmoe) reported

    @venkatofl Sending 1 million outbound emails via the Cloudflare Email Sending service costs $349.85 per month

  • saen_dev
    Saeed Anwar (@saen_dev) reported

    Cloudflare tunnels are massively underused for this. Testing on a real device over a real connection catches a whole category of bugs localhost never shows.

  • zubiqo
    Zubiqo (@zubiqo) reported

    @CloudflareDev @xai @Cloudflare Unified billing through Cloudflare makes Grok a one-line swap for devs already in that stack, distribution problems mostly solved.

  • TheNintendoGoof
    spring ✝ (@TheNintendoGoof) reported

    >notification of cloudeflare payment going through >email from cloudflare saying payment didnt go through everytime lol @Cloudflare fix your stuff brodie.

  • WasimShips
    Wasim (@WasimShips) reported

    Here's $500K+ in FREE startup credits most founders never claim (before spending a dollar on infra) : I've used half of these on actual client builds. Bookmark this before you pay for another tool. Design : Figma for Startups — free Professional plan, 1 year Canva for Startups — free Pro access Dev infra : Vercel — up to $200K in credits Supabase — up to $25K Cloudflare — up to $250K DigitalOcean Hatch — $5K Neon — Postgres credits Auth + Payments : Clerk — auth credits Stripe Atlas — credits post-incorporation AI : AWS Activate — $1K base (gateway to more) OpenAI startup credits — via accelerators Analytics : PostHog — $50K in credits Amplitude + Mixpanel — free Growth plans Comms : HubSpot — up to 90% off Loom — free Business plan None of these need investors. None need a pitch deck. Just an application. Pick 3 that match your build. Apply today.