84 million requests a second means even rare bugs appear often. We'll reveal how we discovered a race condition in the Go arm64 compiler and got it fixed.| The Cloudflare Blog
To help protect against account compromise via credential stuffing attacks, Cloudflare will notify dashboard users when we detect that a password was found in an external data breach.| The Cloudflare Blog
Today, we are taking some big steps forward in our mission to help build a better Internet. Cloudflare is giving everyone free access to 10+ different website and network security products and features.| The Cloudflare Blog
Researchers from UC Riverside and Tsinghua University found a new way to revive a decade-old DNS cache poisoning attack. Read our deep dive into how the SAD DNS attack on DNS resolvers works, how we protect against this attack in 1.1.1.1, and what the future holds for DNS cache poisoning attacks.| The Cloudflare Blog
The Cloudflare Data Platform, launching today, is a fully-managed suite of products for ingesting, transforming, storing, and querying analytical data, built on Apache Iceberg and R2 storage.| The Cloudflare Blog
Generative AI tools present a trade-off of productivity and data risk. Cloudflare One’s new AI prompt protection feature provides the visibility and control needed to govern these tools, allowing organizations to confidently embrace AI.| The Cloudflare Blog
This guide provides best practices for Security and IT leaders to securely adopt generative AI using Cloudflare’s SASE architecture as part of a strategy for AI Security Posture Management (AI-SPM).| The Cloudflare Blog
It turns out we've all been using MCP wrong. Most agents today use MCP by exposing the "tools" directly to the LLM. We tried something different: Convert the MCP tools into a TypeScript API, and then ask an LLM to write code that calls that API. The results are striking.| The Cloudflare Blog
Today, we’re launching Cloudflare Email Service. Send and receive email directly from your Workers with native bindings—no API keys needed. We're unifying email sending and routing into a single service built for developers. Sign up for the private beta.| The Cloudflare Blog
The website from which you got to this page is protected by Cloudflare. Email addresses on that page have been hidden in order to keep them from being accessed by malicious bots. You must enable Javascript in your browser in order to decode the e-mail address.| blog.cloudflare.com
Cloudflare has made it even easier to enable our free child safety tooling for all customers.| The Cloudflare Blog
After a year since we started enabling Automatic SSL/TLS, we want to talk about these results, why they matter, and how we’re preparing for the next leap in Internet security.| The Cloudflare Blog
We are proposing—as starting points—responsible AI bot principles that emphasize transparency, accountability, and respect for content access and use preferences.| The Cloudflare Blog
The recent Salesloft breach taught us one thing: companies do not have visibility over data in SaaS applications. Cloudflare is committing to providing additional security tools for SaaS applications| The Cloudflare Blog
To prepare for a future where powerful quantum computers come online, we've upgraded our WARP client with post-quantum cryptography.| The Cloudflare Blog
Cloudflare’s Content Signals Policy gives creators a new tool to control use of their content.| The Cloudflare Blog
Today, we are announcing a new approach to catching bots: using models to provide behavioral anomaly detection unique to each bot management customer and stop sophisticated bot attacks.| The Cloudflare Blog
Introducing VibeSDK, an open-source AI "vibe coding" platform that anyone can deploy to build their own custom platform. Comes ready with code generation, sandbox environment, and project deployment.| The Cloudflare Blog
Cloudflare Confidence Scorecards are now live in the Application Library. Get transparent risk ratings for SaaS and Gen-AI apps.| The Cloudflare Blog
Today, Cloudflare is proud to announce support for two cornerstone frameworks in the modern web ecosystem: we’re partnering with Webflow to sponsor Astro, and with Netlify to sponsor TanStack.| The Cloudflare Blog
Cloudflare is partnering with Coinbase to create the x402 Foundation and adding x402 support to the Agents SDK & MCP Servers.| The Cloudflare Blog
We are excited to announce that Project Galileo will now include access to Cloudflare's Bot Management and AI Crawl Control services.| The Cloudflare Blog
We are incredibly excited to announce our most ambitious intern program yet: Cloudflare aims to hire as many as 1,111 interns over the course of 2026.| The Cloudflare Blog
In 2026, Cloudflare is opening our San Francisco, Austin, London, and Lisbon offices to builders and Startups. Participants of Workers Launchpad and Cloudflare for Startups Program will be eligible| The Cloudflare Blog
We're expanding Cloudflare for Startups to include non-profits, civil society, and public interest orgs.| The Cloudflare Blog
Students in the United States over the age of 18 with a .edu email can now get one year of free access to Cloudflare developer features. Build, experiment, and launch projects with production-grade| The Cloudflare Blog
Workers Launchpad program offers resources and mentorship for founders building on the Cloudflare network. Learn more about prior cohorts, where Launchpad alumni are today, and the participants| The Cloudflare Blog
Cloudflare launched 15 years ago this week. We like to celebrate our birthday by launching new products that give back to the Internet, which will do a lot of this week. But on this occasion we've also been thinking a lot about what's changed on the Internet and what has not.| The Cloudflare Blog
Cloudflare Workers now features a built-in RPC (Remote Procedure Call) system for use in Worker-to-Worker and Worker-to-Durable Object communication, with absolutely minimal boilerplate. We've designed an RPC system so expressive that calling a remote service can feel like using a library.| The Cloudflare Blog
Cap'n Web is a new open source, JavaScript-native RPC protocol for use in browsers and web servers. It provides the expressive power of Cap'n Proto, but with no schemas and no boilerplate.| The Cloudflare Blog
We're excited to announce our support of two independent, open source projects: Ladybird, an ambitious project to build a completely independent browser from the ground up, and Omarchy, an opinionated Arch Linux setup for developers.| The Cloudflare Blog
Cloudflare launches AI Crawl Control (formerly AI Audit) and introduces easily customizable 402 HTTP responses. Instead of blocking crawlers outright, content creators can now send "Payment Required" responses with custom messages, creating direct communication channels for AI partnerships.| The Cloudflare Blog
GenAI tools bring power — and risk. Cloudflare CASB now scans ChatGPT, Claude, and Gemini for misconfigurations, sensitive data exposure, and compliance issues, helping organizations adopt AI with confidence.| The Cloudflare Blog
Multi-Path TCP (MPTCP) leverages multiple network interfaces, like Wi-Fi and cellular, to provide seamless mobility for more reliable connectivity. While promising, MPTCP is still in its early stages, with limited support and practical use cases. This post explores its potential and current limitations.| The Cloudflare Blog
Oblivious DoH (ODoH) makes secure DNS over HTTPS (DoH) queries into private queries which prevent the leakage of client IP addresses to resolvers. The new proposed ODoH standard addresses this problem and today we are enabling users to use this protocol with 1.1.1.1| The Cloudflare Blog
A deep dive into the Encrypted Client Hello, a standard that encrypts privacy-sensitive parameters sent by the client, as part of the TLS handshake.| The Cloudflare Blog
The Domain Name System (DNS) is the address book of the Internet. When you visit cloudflare.com or any other site, your browser will ask a DNS resolver for the IP address where the website can be found.| The Cloudflare Blog
Cloudflare Radar now shows how often a given AI model sends traffic to a site relative to how often it crawls that site. This information can help site owners make decisions about which AI bots to allow or block, and enables users to understand how AI usage in aggregate impacts Internet traffic.| The Cloudflare Blog
We significantly sped up our privacy proxy service by fixing a 40ms delay in "double-spend" checks. The issue stemmed from how Nagle's algorithm and delayed ACKs interacted with a third-party dependency.| The Cloudflare Blog
On August 21, 2025, an influx of traffic directed toward clients hosted in AWS us-east-1 caused severe congestion on links between Cloudflare and us-east-1. In this post, we explain what the failure was, why it occurred, and what we’re doing to make sure this doesn’t happen again.| The Cloudflare Blog
Fogos.pt, a volunteer-run wildfire tracker in Portugal, grew from a side project into a critical national resource used by citizens, media, and government. During 2025 fire season it was hit by DDoS attacks, but stayed online thanks to Cloudflare’s protections under Project Galileo.How a volunteer-run wildfire site in Portugal stayed online during DDoS attacks| The Cloudflare Blog
We believe the true dream of cloud computing is that your code lives in the network itself. Your code doesn't run in "us-west-4", it runs everywhere.| The Cloudflare Blog
Get the latest news on how products at Cloudflare are built, technologies used, and join the teams helping to build a better Internet.| The Cloudflare Blog
In Q2 2025, we observed Internet disruptions around the world resulting from government-directed shutdowns, power outages, cable damage, a cyberattack, and technical problems, as well as several with unexplained causes.| The Cloudflare Blog
Perplexity is repeatedly modifying their user agent and changing IPs and ASNs to hide their crawling activity, in direct conflict with explicit no-crawl preferences expressed by websites.| The Cloudflare Blog
Build and deploy real-time, decentralized Authenticated Transfer Protocol (ATProto) apps on Cloudflare Workers.| The Cloudflare Blog
You can now build and deploy remote MCP servers to Cloudflare, and we handle the hard parts of building remote MCP servers for you. Unlike local MCP servers you may have previously used, remote MCP servers are Internet-accessible. People simply sign in and grant permissions to MCP clients using familiar authorization flows.| The Cloudflare Blog
Cloudflare's SASE platform now offers egress policies by hostname, domain, content category, and application in open beta. This makes it easy to author simple and secure policies that control the source IP addresses that an organization's Internet traffic uses to connect to external services.| The Cloudflare Blog
In Q3, DDoS attacks increased by 111% YoY, Cloudflare auto-mitigated a 2.5 Tbps attack targeting a Minecraft server as multi-terabit scale DDoS attacks become increasingly frequent. Read more in our 2022 Q3 DDoS Report| The Cloudflare Blog
On July 14th, 2025, Cloudflare made a change to our service topologies that caused an outage for 1.1.1.1 on the edge, resulting in downtime for 62 minutes for customers using the 1.1.1.1 public DNS Resolver as well as intermittent degradation of service for Gateway DNS. We’re deeply sorry for this outage. This outage was the result of an internal configuration error and not the result of an attack or a BGP hijack. In this blog post, we’re going to talk about what the failure was, why it o...| The Cloudflare Blog
Nearly half of observed login attempts across websites protected by Cloudflare involved leaked credentials. The pervasive issue of password reuse is enabling automated bot attacks and account takeovers on a massive scale.| The Cloudflare Blog
Most of today's cryptography is designed to be secure against an adversary with enormous amounts of computational power.| The Cloudflare Blog
It’s Content Independence Day: Cloudflare, along with a majority of the world's leading publishers and AI companies, is changing the default to block AI crawlers unless they pay creators for content.| The Cloudflare Blog
Pay per crawl is a new feature to allow content creators to charge AI crawlers for access to their content.| The Cloudflare Blog
Cloudflare Containers are now available in public beta. Deploy simple, global, and programmable containers alongside your Workers.| The Cloudflare Blog
Cloudflare Workers now support FinalizationRegistry, but just because you can use it doesn’t mean you should. Dive into the tricky world of JavaScript and WebAssembly memory management and see why newer features make life a lot easier.| The Cloudflare Blog
Today, June 12, 2025, Cloudflare suffered a significant service outage that affected a large set of our critical services, including Workers KV, WARP, Access, Gateway, Images, Stream, Workers AI, Turnstile and Challenges, AutoRAG, and parts of the Cloudflare Dashboard.| The Cloudflare Blog
For the third consecutive year, Gartner has named Cloudflare to the Gartner® Magic Quadrant™ for Security Service Edge (SSE) report.| The Cloudflare Blog
We're excited to announce a contribution to improving privacy for everyone on the Internet. Encrypted Client Hello, a new standard that prevents networks from snooping on which websites a user is visiting, is now available on all Cloudflare plans.| The Cloudflare Blog
Bots now browse like humans. We're proposing bots use cryptographic signatures so that website owners can verify their identity. Explanations and demonstration code can be found within the post.| The Cloudflare Blog
You'll soon be able to deploy JavaScript to Cloudflare's edge, written against an API similar to Service Workers.| The Cloudflare Blog
The idea behind graceful upgrades is to swap out the configuration and code of a process while it is running, without anyone noticing it. If this sounds error prone, dangerous, undesirable and in general a bad idea – I’m with you.| The Cloudflare Blog
Recently at I gave a short talk titled "Linux at Cloudflare". The talk ended up being mostly about BPF. It seems, no matter the question - BPF is the answer. Here is a transcript of a slightly adjusted version of that talk.| The Cloudflare Blog
An experiment that uses hardware security keys (like a YubiKey) to replace CAPTCHAs completely. The idea is rather simple: if a real human is sitting at their keyboard or uses their phone, they can touch their security key’s button or bring it near their phone to demonstrate that they are human.| The Cloudflare Blog
We’re teaming up with Anthropic, Asana, Atlassian, Block, Intercom, Linear, PayPal, Sentry, Stripe, and Webflow to launch new remote MCP servers, built on Cloudflare, to enable Claude users to manage projects, generate invoices, and even deploy applications — without ever leaving the chat interface.| The Cloudflare Blog
Cloudflare Containers are coming this June. Run new types of workloads on our network with an experience that is simple, scalable, global and deeply integrated with Workers.| The Cloudflare Blog
Almost nine years ago, Cloudflare was a tiny company and I was a customer not an employee. Cloudflare had launched a month earlier and one day alerting told me that my little site, jgc.org, didn’t seem to have working DNS any more.| The Cloudflare Blog
How Cloudflare uses generative AI to slow down, confuse, and waste the resources of AI Crawlers and other bots that don’t respect “no crawl” directives.| The Cloudflare Blog
On Thursday, February 6, 2025, we experienced an outage with our object storage service (R2) and products that rely on it. Here's what happened and what we're doing to fix this going forward.| The Cloudflare Blog
Durable Objects provide a truly serverless approach to storage and state: consistent, low-latency, distributed, yet effortless to maintain and scale. They also enable coordination and real-time collaboration between clients.| The Cloudflare Blog
Today we’re announcing Private Access Tokens, a completely invisible, private way to validate that real users are visiting your site.| The Cloudflare Blog
On Thanksgiving Day, November 23, 2023, Cloudflare detected a threat actor on our self-hosted Atlassian server. Our security team immediately began an investigation, cut off the threat actor’s access, and no Cloudflare customer data or systems were impacted by this event.| The Cloudflare Blog
We have a cloud computing platform called Workers. Unlike essentially every other cloud computing platform I know of, it doesn’t use containers or virtual machines. We believe that is the future of Serverless and cloud computing in general, and I’ll try to convince you why.| The Cloudflare Blog
On January 19, 2025, ByteDance shut down access to TikTok and other owned/operated apps for US users, causing an 85% traffic plunge and a rapid shift to alternatives like RedNote.| The Cloudflare Blog
Traditional cloud storage is inherently slow because it is accessed over a network and must synchronize many clients. But what if we could instead put your application code deep into the storage layer, such that your code runs where the data is stored? Durable Objects with SQLite do just that.| The Cloudflare Blog
To help preserve a safe Internet for content creators, we’ve just launched a brand new “easy button” to block all AI bots. It’s available for all customers, including those on our free tier.| The Cloudflare Blog
Cloudflare launched nearly twelve years ago. Over that time, our set of services has become much more complicated. With that complexity we have developed policies around how we handle abuse of different features Cloudflare provides| The Cloudflare Blog
One of our large scale data infrastructure challenges here at Cloudflare is around providing HTTP traffic analytics to our customers. HTTP Analytics is available to all our customers via two options:| The Cloudflare Blog