Cloudflare is launching an experiment with Chrome to evaluate fast, scalable, and quantum-ready Merkle Tree Certificates, all without degrading performance or changing WebPKI trust relationships.| The Cloudflare Blog
Today, there's no way to audit a site’s client-side code as it changes, making it hard to trust sites that use cryptography. We preview a specification we coauthored that adds auditability to the web.| The Cloudflare Blog
The Data Localization Suite helps businesses get the performance and security benefits of Cloudflare’s global network while making it easy to set rules and controls at the edge about where their data is stored and protected.| The Cloudflare Blog
On June 27, 2024, a small number of users globally may have noticed that 1.1.1.1 was unreachable or degraded. The root cause was a mix of BGP (Border Gateway Protocol) hijacking and a route leak.| The Cloudflare Blog
Cloudflare investigated CPU performance benchmark results for Workers, uncovering and fixing issues in infrastructure, V8 garbage collection, and OpenNext optimizations. These improvements have made Cloudflare Workers faster for all customers.| The Cloudflare Blog
Cloudflare’s DDoS defenses have automatically and successfully detected and mitigated a 3.8 terabit per second DDoS attack — the largest attack on record — as part of a month-long campaign of over a hundred hyper-volumetric L3/4 DDoS attacks.| The Cloudflare Blog
84 million requests a second means even rare bugs appear often. We'll reveal how we discovered a race condition in the Go arm64 compiler and got it fixed.| The Cloudflare Blog
To help protect against account compromise via credential stuffing attacks, Cloudflare will notify dashboard users when we detect that a password was found in an external data breach.| The Cloudflare Blog
Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.| The Cloudflare Blog
Researchers from UC Riverside and Tsinghua University found a new way to revive a decade-old DNS cache poisoning attack. Read our deep dive into how the SAD DNS attack on DNS resolvers works, how we protect against this attack in 1.1.1.1, and what the future holds for DNS cache poisoning attacks.| The Cloudflare Blog
The Cloudflare Data Platform, launching today, is a fully-managed suite of products for ingesting, transforming, storing, and querying analytical data, built on Apache Iceberg and R2 storage.| The Cloudflare Blog
Generative AI tools present a trade-off of productivity and data risk. Cloudflare One’s new AI prompt protection feature provides the visibility and control needed to govern these tools, allowing organizations to confidently embrace AI.| The Cloudflare Blog
This guide provides best practices for Security and IT leaders to securely adopt generative AI using Cloudflare’s SASE architecture as part of a strategy for AI Security Posture Management (AI-SPM).| The Cloudflare Blog
It turns out we've all been using MCP wrong. Most agents today use MCP by exposing the "tools" directly to the LLM. We tried something different: Convert the MCP tools into a TypeScript API, and then ask an LLM to write code that calls that API. The results are striking.| The Cloudflare Blog
Today, we’re launching Cloudflare Email Service. Send and receive email directly from your Workers with native bindings—no API keys needed. We're unifying email sending and routing into a single service built for developers. Sign up for the private beta.| The Cloudflare Blog
Cloudflare launched 15 years ago this week. We like to celebrate our birthday by launching new products that give back to the Internet, which will do a lot of this week. But on this occasion we've also been thinking a lot about what's changed on the Internet and what has not.| The Cloudflare Blog
Cloudflare Workers now features a built-in RPC (Remote Procedure Call) system for use in Worker-to-Worker and Worker-to-Durable Object communication, with absolutely minimal boilerplate. We've designed an RPC system so expressive that calling a remote service can feel like using a library.| The Cloudflare Blog
Cap'n Web is a new open source, JavaScript-native RPC protocol for use in browsers and web servers. It provides the expressive power of Cap'n Proto, but with no schemas and no boilerplate.| The Cloudflare Blog
We're excited to announce our support of two independent, open source projects: Ladybird, an ambitious project to build a completely independent browser from the ground up, and Omarchy, an opinionated Arch Linux setup for developers.| The Cloudflare Blog
Cloudflare launches AI Crawl Control (formerly AI Audit) and introduces easily customizable 402 HTTP responses. Instead of blocking crawlers outright, content creators can now send "Payment Required" responses with custom messages, creating direct communication channels for AI partnerships.| The Cloudflare Blog
GenAI tools bring power — and risk. Cloudflare CASB now scans ChatGPT, Claude, and Gemini for misconfigurations, sensitive data exposure, and compliance issues, helping organizations adopt AI with confidence.| The Cloudflare Blog
Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages, with limited support and practical use cases. This post explores its potential and current limitations.| The Cloudflare Blog
Oblivious DoH (ODoH) makes secure DNS over HTTPS (DoH) queries into private queries which prevent the leakage of client IP addresses to resolvers. The new proposed ODoH standard addresses this problem and today we are enabling users to use this protocol with 1.1.1.1| The Cloudflare Blog
A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake.| The Cloudflare Blog
The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found.| The Cloudflare Blog
Cloudflare Radar now shows how often a given AI model sends traffic to a site relative to how often it crawls that site. This information can help site owners make decisions about which AI bots to allow or block, and enables users to understand how AI usage in aggregate impacts Internet traffic.| The Cloudflare Blog
We significantly sped up our privacy proxy service by fixing a 40ms delay in "double-spend" checks. The issue stemmed from how Nagle's algorithm and delayed ACKs interacted with a third-party dependency.| The Cloudflare Blog
On August 21, 2025, an influx of traffic directed toward clients hosted in AWS us-east-1 caused severe congestion on links between Cloudflare and us-east-1. In this post, we explain what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.| The Cloudflare Blog
Fogos.pt, a volunteer-run wildfire tracker in Portugal, grew from a side project into a critical national resource used by citizens, media, and government. During 2025 fire season it was hit by DDoS attacks, but stayed online thanks to Cloudflare’s protections under Project Galileo.How a volunteer-run wildfire site in Portugal stayed online during DDoS attacks| The Cloudflare Blog
We believe the true dream of cloud computing is that your code lives in the network itself. Your code doesn't run in "us-west-4", it runs everywhere.| The Cloudflare Blog
Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.| The Cloudflare Blog
In Q2 2025, we observed Internet disruptions around the world resulting from government-directed shutdowns, power outages, cable damage, a cyberattack, and technical problems, as well as several with unexplained causes.| The Cloudflare Blog
Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.| The Cloudflare Blog
You can now build and deploy remote MCP servers to Cloudflare, and we handle the hard parts of building remote MCP servers for you. Unlike local MCP servers you may have previously used, remote MCP servers are Internet-accessible. People simply sign in and grant permissions to MCP clients using familiar authorization flows.| The Cloudflare Blog
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS. We’re deeply sorry for this outage. This outage was the result of an internal configuration error and not the result of an attack or a BGP hijack. In this blog post, we’re going to talk about what the failure was, why it o...| The Cloudflare Blog
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.| The Cloudflare Blog
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power.| The Cloudflare Blog
It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for content.| The Cloudflare Blog
Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content.| The Cloudflare Blog
Cloudflare Containers are now available in public beta. Deploy simple, global, and programmable containers alongside your Workers.| The Cloudflare Blog
Cloudflare Workers now support FinalizationRegistry, but just because you can use it doesn’t mean you should. Dive into the tricky world of JavaScript and WebAssembly memory management and see why newer features make life a lot easier.| The Cloudflare Blog
Today, June 12, 2025, Cloudflare suffered a significant service outage that affected a large set of our critical services, including Workers KV, WARP, Access, Gateway, Images, Stream, Workers AI, Turnstile and Challenges, AutoRAG, and parts of the Cloudflare Dashboard.| The Cloudflare Blog
For the third consecutive year, Gartner has named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report.| The Cloudflare Blog
We're excited to announce a contribution to improving privacy for everyone on the Internet. Encrypted Client Hello, a new standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans.| The Cloudflare Blog
Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.| The Cloudflare Blog
You'll soon be able to deploy JavaScript to Cloudflare's edge, written against an API similar to Service Workers.| The Cloudflare Blog
The idea behind graceful upgrades is to swap out the configuration and code of a process while it is running, without anyone noticing it. If this sounds error prone, dangerous, undesirable and in general a bad idea – I’m with you.| The Cloudflare Blog
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk.| The Cloudflare Blog
An experiment that uses hardware security keys (like a YubiKey) to replace CAPTCHAs completely. The idea is rather simple: if a real human is sitting at their keyboard or uses their phone, they can touch their security key’s button or bring it near their phone to demonstrate that they are human.| The Cloudflare Blog
We’re teaming up with Anthropic, Asana, Atlassian, Block, Intercom, Linear, PayPal, Sentry, Stripe, and Webflow to launch new remote MCP servers, built on Cloudflare, to enable Claude users to manage projects, generate invoices, and even deploy applications — without ever leaving the chat interface.| The Cloudflare Blog
Cloudflare Containers are coming this June. Run new types of workloads on our network with an experience that is simple, scalable, global and deeply integrated with Workers.| The Cloudflare Blog
Almost nine years ago, Cloudflare was a tiny company and I was a customer not an employee. Cloudflare had launched a month earlier and one day alerting told me that my little site, jgc.org, didn’t seem to have working DNS any more.| The Cloudflare Blog
How Cloudflare uses generative AI to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives.| The Cloudflare Blog
On Thursday, February 6, 2025, we experienced an outage with our object storage service (R2) and products that rely on it. Here's what happened and what we're doing to fix this going forward.| The Cloudflare Blog
Durable Objects provide a truly serverless approach to storage and state: consistent, low-latency, distributed, yet effortless to maintain and scale. They also enable coordination and real-time collaboration between clients.| The Cloudflare Blog
Today we’re announcing Private Access Tokens, a completely invisible, private way to validate that real users are visiting your site.| The Cloudflare Blog
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.| The Cloudflare Blog
We have a cloud computing platform called Workers. Unlike essentially every other cloud computing platform I know of, it doesn’t use containers or virtual machines. We believe that is the future of Serverless and cloud computing in general, and I’ll try to convince you why.| The Cloudflare Blog
On January 19, 2025, ByteDance shut down access to TikTok and other owned/operated apps for US users, causing an 85% traffic plunge and a rapid shift to alternatives like RedNote.| The Cloudflare Blog
Traditional cloud storage is inherently slow because it is accessed over a network and must synchronize many clients. But what if we could instead put your application code deep into the storage layer, such that your code runs where the data is stored? Durable Objects with SQLite do just that.| The Cloudflare Blog
To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier.| The Cloudflare Blog
Cloudflare launched nearly twelve years ago. Over that time, our set of services has become much more complicated. With that complexity we have developed policies around how we handle abuse of different features Cloudflare provides| The Cloudflare Blog
One of our large scale data infrastructure challenges here at Cloudflare is around providing HTTP traffic analytics to our customers. HTTP Analytics is available to all our customers via two options:| The Cloudflare Blog
