BrandWikiReturn

Cloudflare

WorldBrand briefing

AI supplement

Original synthesis to sit alongside the encyclopedia article below. Not part of Wikipedia; verify facts on Wikipedia when precision matters.

Cloudflare is a San Francisco-based global technology company that provides a comprehensive suite of web infrastructure and cybersecurity services, including content delivery networks (CDN), distributed denial-of-service (DDoS) protection, web application firewalls (WAF), domain name system (DNS) management, edge computing and zero-trust security solutions. It uses a freemium pricing model to attract small and medium website users, while also serving large enterprises and government agencies.

Key moments

  • 2009Founded by Matthew Prince and co-founders; secured initial $2 million venture capital funding later that year
  • 2010-09Officially launched services after winning the TechCrunch Disrupt startup innovation award
  • 2011Secured $20 million Series B funding; released WordPress plugin and named one of Wall Street Journal's most innovative internet & technology companies
  • 2012Launched anti-censorship tool and opened free IPv6 gateway service for all websites
  • 2013Gained over 1.5 million user accounts; launched Mirage 2.0 mobile device acceleration service
  • 2023-01Implemented first price adjustment for paid subscription plans after 12 years
  • 2026Operated 330 global data center nodes across its edge network

Cloudflare operates in a competitive global market for web infrastructure and cybersecurity tools, with key competitors across two main categories:

  • Akamai Technologies: The long-established market leader, boasting over 4,400 global nodes and focusing on stable, enterprise-grade services for large corporate clients
  • Fastly: A niche specialist in high-performance edge computing and real-time content delivery, popular among media and e-commerce brands with demanding traffic needs
  • AWS CloudFront: Amazon's CDN service, tightly integrated with the full Amazon Web Services cloud ecosystem for unified enterprise deployments
  • Google Cloud CDN: Leverages Google's global network infrastructure to offer cloud-integrated CDN and security solutions
  • Regional localized competitors: In the Chinese market, it faces competition from cloud-bundled services from Alibaba Cloud, Tencent Cloud and specialized CDN provider Wangsu Tech

Cloudflare is a leading player in the global edge infrastructure and cybersecurity space, building strong brand recognition through its accessible freemium model and consistent innovation. Its brand has grown rapidly by addressing critical pain points for website operators of all sizes, from small independent businesses to large national governments, establishing itself as a trusted name for DDoS protection, CDN services, and modern zero-trust security solutions. The brand benefits from strong alignment with high-growth emerging trends like edge computing and distributed digital infrastructure, which has helped it maintain consistent relevance in a fast-evolving technology market.

Cloudflare's brand is further strengthened by its public commitment to improving internet accessibility and security, which has fostered positive public perception and widespread community loyalty. Its open approach to engaging with developers and small business users has created a broad base of organic brand advocates, while its enterprise-focused service offerings have helped it secure high-value clients in heavily regulated industries. The company's visible role in mitigating high-profile cyberattacks and resolving major internet outages has also boosted its brand profile as a reliable defender of global digital infrastructure.

Brand leadership

Score: 82/100

Cloudflare holds a leading position in the CDN and DDoS protection market segments, outcompeting many legacy providers through its innovative distributed edge network model. It is widely recognized as a pioneer in edge computing and modern zero-trust security, setting key industry trends for performance and security in web infrastructure. Its leadership is strengthened by its unique ability to serve both entry-level users and large enterprise clients, giving it broader market influence than many niche competitors in the space.

Customer interaction

Score: 78/100

Cloudflare engages actively with its large global user base through community forums, open developer documentation, and regular public transparency reports. Its freemium pricing model encourages frequent interaction with small and medium-sized business users, while dedicated enterprise customer success teams maintain close, long-term relationships with large institutional clients. The company also leverages social media and public technical blogs to communicate product updates and industry insights, fostering ongoing brand engagement across user segments.

Growth momentum

Score: 85/100

Cloudflare has consistently grown its user base and annual revenue in recent years, expanding its product portfolio far beyond core CDN and DDoS services into zero-trust security and edge application hosting. It continues to gain meaningful market share from slower-moving legacy competitors, with rapidly growing adoption among enterprise and government clients. The brand is well-positioned to capitalize on increasing global demand for distributed cybersecurity and edge infrastructure, maintaining strong upward growth momentum.

Brand stability

Score: 75/100

As a publicly traded company with a consistent business model and strong customer retention rates, Cloudflare has built a stable brand presence in the global tech sector. It has weathered broad market fluctuations and high-profile cyber threats without significant damage to its reputation, maintaining consistent trust across its entire user base. While the competitive landscape for web infrastructure remains dynamic, the company's consistent product delivery and transparent communication practices have supported long-term brand stability.

Brand age

Score: 58/100

Cloudflare was founded in 2009, giving it approximately 17 years of brand history as of 2026, which is a moderate tenure for a technology company. It is younger than many legacy web infrastructure providers that have existed for decades, but has built significant global brand recognition far faster than most newer startups in the cybersecurity and edge computing space. Its relatively young age means it has avoided the brand stagnation that affects some older competitors, while still having enough operational history to establish solid market credibility.

Industry profile

Score: 88/100

Cloudflare is a very high-profile brand in the web infrastructure and cybersecurity industry, frequently cited in technology news and industry analysis for its innovation and public advocacy for the open internet. Its work on high-profile issues like mitigating record-large DDoS attacks and supporting privacy-focused internet practices has elevated its profile among both industry insiders and the general public. It is widely recognized as a key player shaping the future of edge computing and global digital security.

Global reach

Score: 80/100

Cloudflare operates a global edge network spanning hundreds of cities across more than 100 countries, serving customers across every major region of the world. It holds localized compliance certifications for major regulated markets including the European Union, Asia-Pacific, and North America, enabling it to serve multinational enterprises and government clients globally. While it has a larger concentrated customer base in its home region of North America, it continues to expand its sales and infrastructure presence in emerging markets, strengthening its global brand footprint.

AI can support reasoning around Cloudflare's brand value based on public market position, customer base and industry standing, but all derived figures are illustrative only. For a fully audited, official brand value assessment for Cloudflare, contact World Brand Lab directly.

Cloudflare, Inc. is an American technology company headquartered in San Francisco, California, that provides a range of internet services, including content delivery network (CDN) services, cloud cybersecurity, DDoS mitigation, and ICANN-accredited domain registration.[2] The company's services act primarily as a reverse proxy between website visitors and a customer's hosting provider, improving performance and protecting against malicious traffic.[3]

Cloudflare was founded in 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn. The company went public on the New York Stock Exchange in 2019 under the ticker symbol NET. Cloudflare has since expanded its offerings to include edge computing through its Workers platform, a public DNS resolver (1.1.1.1), and a VPN service known as WARP. In recent years, the company has integrated artificial intelligence into its infrastructure, acquiring companies such as Replicate and launching tools to manage AI bots and scrapers. According to W3Techs, Cloudflare is used by approximately 21.3% of all websites on the Internet as of January 2026.[4]

The company has been the subject of controversy regarding its policy of content neutrality. While Cloudflare executives have historically advocated for remaining a neutral infrastructure provider, the company has terminated services for specific high-profile websites associated with hate speech and violence, including The Daily Stormer, 8chan, and Kiwi Farms, following significant public pressure. Cloudflare has also faced criticism and litigation regarding copyright infringement by websites using its services, notably losing a lawsuit against Japanese publishers in 2025.[5] The company experienced significant global outages in late 2025 which disrupted services for major platforms internationally.[6]

History

Cloudflare was founded on July 26, 2009, by Matthew Prince, Lee Holloway, and Michelle Zatlyn.[7][8] Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that partly inspired the basis of Cloudflare.[9] In 2009, the company was venture-capital funded.[10] On August 15, 2019, Cloudflare submitted its S-1 filing for an initial public offering on the New York Stock Exchange under the stock ticker NET.[11] It opened for public trading on September 13, 2019, at $15 per share.[12]

According to the company, the name 'Cloudflare' was chosen, over the initial 'WebWall', because it best described what they were trying to do: build a "firewall in the cloud." [13]

In 2020, Cloudflare co-founder and COO Michelle Zatlyn was named president.[14]

Cloudflare has acquired web-services and security companies, including StopTheHacker (February 2014),[15] CryptoSeal (June 2014),[16] Eager Platform Co. (December 2016),[17] Neumob (November 2017),[18] S2 Systems (January 2020),[19] Linc (December 2020),[20] Zaraz (December 2021),[21] Vectrix (February 2022),[22] Area 1 Security (February 2022),[23] Nefeli Networks (March 2024), BastionZero (May 2024),[24] and Kivera (October 2024).[25] Replicate (November 2025),[26] and Human Native (January 2026).[27] Since at least 2017, Cloudflare has used a wall of lava lamps at its San Francisco headquarters as a source of randomness for encryption keys, alongside double pendulums at its London offices and a Geiger counter at its Singapore offices.[28] The lava lamp installation implements the Lavarand method, where a camera transforms the unpredictable shapes of the "lava" blobs into a digital image.[29][28]

In Q4 2022, Cloudflare provided paid services to 162,086 customers.[30][31]

In October 2024, Cloudflare won a lawsuit against patent troll Sable Networks. Sable paid Cloudflare $225,000, granted it a royalty-free license to its patent portfolio, and dedicated its patents to the public by abandoning its patent rights.[32]

In November 2025, it was announced Cloudflare had agreed to acquire Replicate, a San Francisco–based platform that enables software developers to run, fine-tune, and deploy open-source machine-learning models via an API without managing infrastructure.[33]

In January 2026, Cloudflare released an analysis regarding BGP routing leaks observed from the Venezuelan state-owned ISP CANTV (AS8048), which occurred on January 2 coincides with the arrest of Nicolás Maduro.[34] While some security researchers had speculated that the outages were linked to U.S. cyber operations, Cloudflare's data indicated that the anomalies were consistent with a pattern of "insufficient routing export and import policies" by the ISP rather than malicious external interference.[35]

In January 2026, Cloudflare acquired Human Native, an AI data marketplace that brokers transactions between developers and content creators, for an undisclosed amount.[36]

On January 16, 2026, Cloudflare acquired The Astro Technology Company, the developers behind the open-source web framework Astro.[37][38][39]

Products

Cloudflare provides network and security products for consumers and businesses, utilizing edge computing, reverse proxies for web traffic, data center interconnects, and a content distribution network to serve content across its network of servers.[40] It supports transport layer protocols TCP, UDP, QUIC, and many application layer protocols such as DNS over HTTPS, SMTP, and HTTP/2 with support for HTTP/2 Server Push.[41] As of 2023, Cloudflare handles an average of 45 million HTTP requests per second.[42]

As of 2024, Cloudflare servers are powered by AMD EPYC 9684X processors.[43]

Cloudflare also provides analysis and reports on large-scale outages, including Verizon’s October 2024 outage.[44]

Artificial intelligence

In 2023, Cloudflare launched "Workers AI", a framework allowing for use of Nvidia GPU's within Cloudflare's network.[45]

In 2024, Cloudflare launched a tool that prevents bots from scraping websites. To build automatic bot detector models, the company analyzed "AI" bots and crawler traffic.[46] The company also launched an "AI" assistant to generate charts based on queries by leveraging "Workers AI".[47] Cloudflare announced plans in September 2024 to launch a marketplace where website owners can sell "AI" model providers access to scrape their site’s content.[48] Cloudflare also launched AI Audit, which provides analytics on "AI" models scraping their sites (along with the ability to block them altogether).[49]

In March 2025, Cloudflare announced a new feature called "AI Labyrinth", which combats unauthorized "AI" data scraping by serving fake "AI"-generated content to LLM bots.[50][51]

DDoS mitigation

Cloudflare provides free and paid DDoS mitigation services that protect customers from distributed denial of service (DDoS) attacks. Cloudflare received media attention in June 2011 for providing DDoS mitigation for the website of LulzSec, a black hat hacking group.[52]

In March 2013, The Spamhaus Project was targeted by a DDoS attack that Cloudflare reported exceeded 300gigabits per second (Gbit/s).[53][54] Patrick Gilmore, of Akamai, stated that at the time it was "the largest publicly announced DDoS attack in the history of the Internet". While trying to defend Spamhaus against the DDoS attacks, Cloudflare ended up being attacked as well; Google and other companies eventually came to Spamhaus' defense and helped it to absorb the unprecedented amount of attack traffic.[55]

In 2014, Cloudflare began providing free DDoS mitigation for artists, activists, journalists, and human rights groups under the name "Project Galileo".[56] In 2017, it extended the service to electoral infrastructure and political campaigns under the name "Athenian Project".[57][58] By 2025, more than 2,900 users and organizations were participating in Project Galileo, including 31 US states.[59][60]

In February 2014, Cloudflare claimed to have mitigated an NTP reflection attack against an unnamed European customer, which it stated peaked at 400 Gbit/s.[61][62] In November 2014, it reported a 500 Gbit/s DDoS attack in Hong Kong.[63] In July 2021, the company claimed to have absorbed a DDoS attack three times larger than any it had previously recorded, which its corporate blog implied was over 1.2 Tbit/s in total.[64] In February 2023, Cloudflare reported blocking a 71 million request-per-second DDoS attack which "the company says was the largest HTTP DDoS attack on record".[65]

Cloudflare blocked the then largest publicly recorded DDoS attack in August 2025, with volumetric attacks peaking at 11.5 terabits per second (tbps).[66] This was surpassed in December 2025 when an Aisuru botnet launched a 31.4 tbps attack, with a requests-per-second rate exceeding 200 million, against multiple companies in the telecommunications sector, a campaign Cloudflare dubbed "The Night Before Christmas".[67]

Edge computing

In 2017, Cloudflare launched Cloudflare Workers, a serverless computing platform for creating new applications, augmenting existing ones, without configuring or maintaining infrastructure. It has expanded to include Workers KV, a low-latency key-value data store; Cron Triggers, for scheduling Cron jobs; and additional tooling for developers to deploy and scale their code across the globe.[68]

In 2020, Cloudflare released a JAMstack platform for developers to deploy websites on Cloudflare's Edge infrastructure, under the name "Pages".[69]

In 2022, Cloudflare announced an Edge SQL database, D1, which is built on SQLite.[70]

In August 2023, Cloudflare and IBM announced a partnership providing bot management capabilities to protect IBM Cloud customers from malicious bots and automated threats.[71] The same month, Cloudflare was hired by SpaceX to boost the performance of Starlink.[72] In September, the company launched Cloudflare Fonts as a competitor to Google Fonts.[73]

Internet security

In April 2020, Cloudflare announced it was moving away from using reCAPTCHA in favor of hCaptcha.[74] In September 2022, Cloudflare began to test Turnstile – an alternative to CAPTCHA. The product, instead of presenting a visual CAPTCHA for the user to solve, automatizes the verification process by conducting JavaScript-based checks inside the browser to determine whether the user is a real person or an automated entity. The algorithm reportedly uses machine learning to optimize the process.[75]

Through a contract with the Cybersecurity and Infrastructure Security Agency, Cloudflare provides registry and authoritative DNS services to the .gov top-level domain.[76] Cloudflare also launched Cloudflare for Campaigns in 2020, to offer free cybersecurity tools to political campaigns.[77] Those tools expanded to include secure email systems in 2025.[78]

In November 2020, Cloudflare announced Cloudflare for Teams, consisting of a DNS resolver and web gateway called "Gateway", and a zero-trust authentication service called "Access".[79]

Cloudflare released an Oblivious HTTP relay service in 2022, called Privacy Gateway.[80]

Cloudflare announced a partnership with PhonePe in January 2023 to secure its mobile payment system.[81] In February, Cloudflare launched Wildebeest to allow Mastodon users to set up and run their own instances on Cloudflare's infrastructure.[82]

In August 2023, Cloudflare started the Project Cybersafe Schools program as part of a $20 million grant program from Amazon Web Services, making 70 percent of public school districts in the United States eligible for no-cost cybersecurity services.[83]

In March 2024, it announced Firewall for AI to defend applications running large language models (LLMs).[84] In September, Cloudflare announced Ephemeral IDs, which identifies fraudulent activity by linking behavior to a client through a short-lived, generated ID, rather than the traditional means of using an IP address.[85] The same month, the company also announced all ISP and equipment manufacturers could use its DNS resolvers for free.[86]

Cloudflare introduced the Cloudforce One threat events platform in March 2025, offering real-time insights into cyberattacks using data gathered from Cloudflare's network.[87][88]

SASE

Cloudflare's overarching secure access service edge (SASE) platform debuted in October 2020.[89]

Cloudflare announced the acquisition of Area 1 Security in February 2022, a company who developed a product designed to combat phishing email attacks.[90]

Cloudflare acquired Nefeli Networks in March 2024, a cloud networking company, co-founded by computer scientist Sylvia Ratnasamy.[91]

VPN

In 2019, Cloudflare released a VPN service called WARP,[92][93] and open sourced the custom underlying WireGuard implementation written in Rust.[94][95]

Other services

In January 2021, the company began providing its "Waiting Room" digital queue product for free for COVID-19 vaccination scheduling under the title "Project Fair Shot".[96] Project Fair Shot later won a Webby People's Choice Award in 2022 for Event Management under the Apps & Software category.[97]

In March 2023, Cloudflare announced post-quantum cryptography will be made freely and forever available to cloud services, applications and Internet connections.[98]

Cloudflare released the Speed Brain and Instant Purge features in September 2024, to significantly reduce page load latency by prefetching content, and invalidating cached content in under 150ms.[99]

In 2024, Cloudflare announced plans to launch a new payment method, called Stripe Link, which went into beta in the fall.[100]

Since 2010, Cloudflare has collaborated with the National Center for Missing & Exploited Children to provide data, files, and supplemental investigation from abuse reports observed on its network.[101] Cloudflare designed a new NCMEC reporting system in 2024,[102] updating it in 2025 by integrating Cloudflare Workflows and making the CSAM scanning tool accessible globally.[103]

Outages and issues

Intrusions

On June 1, 2012, the hacker group UGNazi compromised some of Cloudflare CEO Matthew Prince's accounts and redirected visitors of the website 4chan to a Twitter account belonging to UGNazi. They allegedly used social engineering to trick AT&T support staff into giving them access to Prince's voicemail, then exploited a vulnerability in Cloudflare's use of Google's two-factor authentication system. Once in control of Prince's email account, UGNazi was able to redirect the 4chan domain through Cloudflare's database.[104][105]

Blocking crawlers

One notable drawback to Cloudflare's protection against malicious bots and malicious actors is that it also blocks web crawlers as well, making it difficult or impossible for services such as the Internet Archive (Wayback Machine) from capturing pages on affected domains. [106] This can be bypassed by adding a Skip feature, whitelisting the Wayback Machine's IP range to allow archiving.

2016–2017 data leak

From September 2016 until February 2017, a Cloudflare bug nicknamed Cloudbleed[107] leaked sensitive data, including passwords and authentication tokens, from customer websites by sending extra data in response to web requests.[108]

November 2025 outage

On November 18, 2025, Cloudflare suffered a major global outage that caused widespread 500 errors, slowing down many platforms, making them unreachable or completely down for users around the world.[109][110][111]

Affected services included Twitter, Spotify, Letterboxd, Uber, DoorDash, Indeed, Canva, Grindr, IKEA, Archive of Our Own, Wplace, news websites including Axios and Politico, AI and LLM services such as ChatGPT, Sora, and Microsoft Copilot, online games such as League of Legends, and any service relying on Cloudflare's security challenge software Turnstile.[112][113][114][115] Access to WARP, Cloudflare's VPN service, was also briefly disabled in London.[116] During the outage, a spokesperson for Cloudflare said the company had seen a "spike in unusual traffic", causing some traffic passing through its network to experience errors.[117]

At 14:23 UTC, The Guardian reported that Cloudflare had released a fix.[118] It also reported that maintenance was due at various locations, though this is not known to have caused the outages.[118] At 14:42 UTC, Cloudflare informed users on its status page that the fix had been implemented and that it would take some time for remaining post-deployment issues to be fixed.[119]

A technical postmortem of the incident was released the day following the outage. Cloudflare attributed the outage to a change in the configuration of a database, which caused an invalid file to be sent to all servers on the network.[120][113]

December 2025 outage

On December 5, Cloudflare suffered another global outage,[121] which began at 09:00 AM UTC.[122] This was the second such outage in three weeks to affect Cloudflare's services.[123]

ACME WAF bypass

In January 2026, security researchers disclosed a vulnerability in Cloudflare's Web application firewall (WAF) that allowed attackers to bypass security rules and access origin servers directly. The flaw existed in the handling of ACME challenge requests; the logic disabled WAF protections for requests targeting the path without sufficiently verifying if the token matched an active validation attempt.[124] Cloudflare patched the vulnerability in October 2025, stating that the issue was a logic flaw rather than a code execution vulnerability and that there was no evidence of exploitation.[125][126]

Controversies

Cloudflare has established a content neutrality policy and opposes the policing of its customers on the basis of free speech unless said customers break the law.[127][128] The company has faced criticism for not banning hate speech websites and websites allegedly connected to terrorism groups.[129] Cloudflare has maintained that no law enforcement agency has asked the company to discontinue these services and it closely monitors its obligations under U.S. laws.[130]

In 2022, a research paper by Stanford University found that Cloudflare was a prominent CDN provider, among several other providers, that are disproportionately responsible for serving misinformation websites.[131][132] Cloudflare has come under pressure due to its services being utilized to access far-right content.[133]

Service terminations

The Daily Stormer

Cloudflare provided DNS routing and DDoS protection for the white supremacist and neo-Nazi website The Daily Stormer. In 2017, after previously refusing to take any action against the website,[133] Cloudflare stopped providing its services to The Daily Stormer after an announcement on the website asserted that Cloudflare executives were privately supporting its ideology.[134]

In a statement to Business Insider, Cloudflare CEO Matthew Prince said that he was repulsed by The Daily Stormer content while expressing regret at the fact that his decision to suspend services had taken the website offline: "The ability of somebody to single-handedly choose to knock content offline doesn’t align with core ideas of due process or justice. Whether that’s a national government launching attacks or an individual launching attacks."[128]

As a self-described "free speech absolutist", Prince claimed he did not want to repeat the decision, and sought out protections for the company should they be faced with a similar situation in the future.[133] Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern shared by a number of civil liberties groups and privacy experts.[135][136][137] The Electronic Frontier Foundation, a US digital rights group, said that services such as Cloudflare should not be deciding what speech is acceptable and that illegal content should be handled through the legal system.[134]

Mass shootings and 8chan

In 2019, Cloudflare was criticized for providing services to the far-right discussion and imageboard 8chan. The message board has been linked to mass shootings in the United States and the Christchurch mosque shootings in New Zealand.[138] In addition, a number of news organizations including The Washington Post and The Daily Dot have reported on the existence of child pornography and child sexual abuse discussion boards.[139][140][141] A Cloudflare representative said that the platform "does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content".[142] Cloudflare did not terminate service to 8chan until public and legal pressure mounted in the wake of the 2019 El Paso shooting, in which the associated manifesto was published to 8chan.[143][144] In an interview with The Guardian immediately after the shooting, CEO Matthew Prince defended Cloudflare's support of 8chan, saying that he had a "moral obligation" to keep 8chan online.[145]

On August 5, 2019, two days after Prince's interview with The Guardian, Cloudflare terminated service to 8chan.[146] Cloudflare explained that 8chan "have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit."[145] Prince condemned the El Paso shooting as "abhorrent in every possible way", removing 8chan from the Internet was "the right thing to do".[147][145]

Kiwi Farms

Cloudflare provided DDoS mitigation and acted as a reverse proxy for Kiwi Farms. The site often engages in harassment and doxxing of targets[148] and has been implicated in the suicides of at least three people.[149][150][151] Kiwi Farms also has a reputation for transphobic content, and its users have been accused of swatting vulnerable individuals.[152][153][154][155] Although Cloudflare was not the primary website host, it did perform critical services to keep Kiwi Farms on-line, both protecting the site from denial-of-service attacks and optimizing content delivery.[156][157]

In 2022, a campaign was launched by transgender activist Clara Sorrenti, who has previously been targeted by the forum, to pressure Cloudflare into terminating service for Kiwi Farms.[158][159] Cloudflare responded by issuing a statement on its abuse policies and saying it didn't want to set precedent for speech on the internet with its "extraordinary" decision.[160]

The company also released a blog post[161] and likened its services to that of a public utility, emphasizing that it does not believe in shutting down security services based on content it finds objectionable. They acknowledged that while it might be more popular to remove sites that the Cloudflare team finds offensive, it stood by its decision not to do so.[162][163] The company also defended its decision by saying that it donated all earnings from anti-LGBTIQ+ sites to an organization that advocated for LGBTIQ+ rights.[164] The blog post mentioned Cloudflare's terms of use agreement, which allows them to terminate service due to "content that discloses sensitive personal information, [and] incites or exploits violence against people" but, according to The Guardian, the statement did not address how Kiwi Farms users' doxxing behavior did not violate these terms.[164]

On September 3, 2022, Cloudflare blocked Kiwi Farms, citing urgent escalating rhetoric against targets of Kiwi Farms, stating that there is an "unprecedented emergency and immediate threat to human life". According to The Washington Post, there was a "surge in credible violent threats stemming from the site" and CEO Matthew Prince said that Cloudflare believes "there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don't think is fast enough to keep up".[165][166][160]

Switter

Switter was a social media network for the sex worker community, built by Australia-based company Assembly Four on Mastodon's open-source software, before Cloudflare dropped Switter as a client and ceased services in April 2018, citing terms of service violations.[167][168][169] This occurred shortly after the passage of FOSTA/SESTA, a set of bills criminalizing websites that facilitate or support sex trafficking in 2018. SESTA weakened protections for Internet infrastructure companies and was criticized on free speech grounds due to concerns about disproportionate impact and disruptions to the lives of sex workers.[170][171][172]

Cloudflare said the move was "related to our attempts to understand FOSTA, which is a very bad law and [sets] a very dangerous precedent". Assembly Four said that "Given Cloudflare's previous stances of privacy and freedom, as well as fighting alongside the EFF, we had hoped they would take a stand against FOSTA/SESTA".[168]

The Daily Stormer

Cloudflare provided DNS routing and DDoS protection for the white supremacist and neo-Nazi website The Daily Stormer. In 2017, after previously refusing to take any action against the website,[133] Cloudflare stopped providing its services to The Daily Stormer after an announcement on the website asserted that Cloudflare executives were privately supporting its ideology.[134]

In a statement to Business Insider, Cloudflare CEO Matthew Prince said that he was repulsed by The Daily Stormer content while expressing regret at the fact that his decision to suspend services had taken the website offline: "The ability of somebody to single-handedly choose to knock content offline doesn’t align with core ideas of due process or justice. Whether that’s a national government launching attacks or an individual launching attacks."[128]

As a self-described "free speech absolutist", Prince claimed he did not want to repeat the decision, and sought out protections for the company should they be faced with a similar situation in the future.[133] Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern shared by a number of civil liberties groups and privacy experts.[135][136][137] The Electronic Frontier Foundation, a US digital rights group, said that services such as Cloudflare should not be deciding what speech is acceptable and that illegal content should be handled through the legal system.[134]

Mass shootings and 8chan

In 2019, Cloudflare was criticized for providing services to the far-right discussion and imageboard 8chan. The message board has been linked to mass shootings in the United States and the Christchurch mosque shootings in New Zealand.[138] In addition, a number of news organizations including The Washington Post and The Daily Dot have reported on the existence of child pornography and child sexual abuse discussion boards.[139][140][141] A Cloudflare representative said that the platform "does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content".[142] Cloudflare did not terminate service to 8chan until public and legal pressure mounted in the wake of the 2019 El Paso shooting, in which the associated manifesto was published to 8chan.[143][144] In an interview with The Guardian immediately after the shooting, CEO Matthew Prince defended Cloudflare's support of 8chan, saying that he had a "moral obligation" to keep 8chan online.[145]

On August 5, 2019, two days after Prince's interview with The Guardian, Cloudflare terminated service to 8chan.[146] Cloudflare explained that 8chan "have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit."[145] Prince condemned the El Paso shooting as "abhorrent in every possible way", removing 8chan from the Internet was "the right thing to do".[147][145]

Kiwi Farms

Cloudflare provided DDoS mitigation and acted as a reverse proxy for Kiwi Farms. The site often engages in harassment and doxxing of targets[148] and has been implicated in the suicides of at least three people.[149][150][151] Kiwi Farms also has a reputation for transphobic content, and its users have been accused of swatting vulnerable individuals.[152][153][154][155] Although Cloudflare was not the primary website host, it did perform critical services to keep Kiwi Farms on-line, both protecting the site from denial-of-service attacks and optimizing content delivery.[156][157]

In 2022, a campaign was launched by transgender activist Clara Sorrenti, who has previously been targeted by the forum, to pressure Cloudflare into terminating service for Kiwi Farms.[158][159] Cloudflare responded by issuing a statement on its abuse policies and saying it didn't want to set precedent for speech on the internet with its "extraordinary" decision.[160]

The company also released a blog post[161] and likened its services to that of a public utility, emphasizing that it does not believe in shutting down security services based on content it finds objectionable. They acknowledged that while it might be more popular to remove sites that the Cloudflare team finds offensive, it stood by its decision not to do so.[162][163] The company also defended its decision by saying that it donated all earnings from anti-LGBTIQ+ sites to an organization that advocated for LGBTIQ+ rights.[164] The blog post mentioned Cloudflare's terms of use agreement, which allows them to terminate service due to "content that discloses sensitive personal information, [and] incites or exploits violence against people" but, according to The Guardian, the statement did not address how Kiwi Farms users' doxxing behavior did not violate these terms.[164]

On September 3, 2022, Cloudflare blocked Kiwi Farms, citing urgent escalating rhetoric against targets of Kiwi Farms, stating that there is an "unprecedented emergency and immediate threat to human life". According to The Washington Post, there was a "surge in credible violent threats stemming from the site" and CEO Matthew Prince said that Cloudflare believes "there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don't think is fast enough to keep up".[165][166][160]

Switter

Switter was a social media network for the sex worker community, built by Australia-based company Assembly Four on Mastodon's open-source software, before Cloudflare dropped Switter as a client and ceased services in April 2018, citing terms of service violations.[167][168][169] This occurred shortly after the passage of FOSTA/SESTA, a set of bills criminalizing websites that facilitate or support sex trafficking in 2018. SESTA weakened protections for Internet infrastructure companies and was criticized on free speech grounds due to concerns about disproportionate impact and disruptions to the lives of sex workers.[170][171][172]

Cloudflare said the move was "related to our attempts to understand FOSTA, which is a very bad law and [sets] a very dangerous precedent". Assembly Four said that "Given Cloudflare's previous stances of privacy and freedom, as well as fighting alongside the EFF, we had hoped they would take a stand against FOSTA/SESTA".[168]

Terrorism

In 2015, testimony to the United States House Committee on Foreign Affairs, it was reported that two of the top three online chat forums and nearly forty other web sites belonging to the Islamic State of Iraq and the Levant (ISIL) were guarded by Cloudflare.[173]

In 2018, The Huffington Post documented that Cloudflare provided services for "at least 7 terrorist groups", as designated by the United States Department of State including Al-Shabaab, the Taliban, the Popular Front for the Liberation of Palestine, the al-Quds Brigades, the Kurdistan Workers' Party (PKK), the al-Aqsa Martyrs' Brigades, and Hamas. At the time, Cloudflare's general counsel, Doug Kramer, told The Huffington Post that he couldn't comment on specific cases in which Cloudflare was told about possible terrorist organizations using its services, but that Cloudflare does work with government agencies to be in compliance with its legal obligations.

In September 2019, Cloudflare reported in their Form S-1 filing that their technology was "used by, or for the benefit of, certain individuals or entities" that were blacklisted due to United States economic and trade sanctions regulations",[174] including "entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs, or affiliated with governments currently subject to comprehensive U.S. sanctions".[175]

Crime

Cloudflare has been cited in reports by The Spamhaus Project, an international spam tracking organization, for the high numbers of cybercriminal botnet operations hosted by Cloudflare.[176][177][178] An October 2015 report found that Cloudflare provisioned 40% of the SSL certificates used by typosquatting phishing sites, which use deceptive domain names resembling those of banks and payment processors to compromise Internet users' banking and other transactions.[179] Cloudflare has been criticized for having a conflict of interest by providing DDoS protection to both the operators and victims of "stresser" services.[180][181]

In 2018, Cloudflare was identified by the European Union's Counterfeit and Piracy Watch List as a "notorious market" which engages in, facilitates, or benefits from counterfeiting and piracy. The report noted that Cloudflare hides and anonymizes the operators of 40% of the world's pirate sites, and 62% of the 500 largest such sites, and "does not follow due diligence when opening accounts for websites to prevent illegal sites from using its services".[182][183]

In 2020, an Italian court ruled Cloudflare had to block current and future domain names and IP addresses of the pirate IPTV service "IPTV THE BEST" for infringing on Lega Serie A intellectual property.[184] At the time, Cloudflare was already blocking 22 domain names in Italy.[185] German courts have similarly found that "Cloudflare and its anonymization services attract structurally copyright infringing websites."[186]

Following the December 2024 court ruling,[187] the Spanish LaLiga requested that telephone operators block Cloudflare's IP address ranges in February 2025. Cloudflare hosted websites that illegally broadcast soccer matches. As a result, the pirate platform DuckVision was shut down before the derby between Real Madrid and Atlético Madrid. The platform had 200,000 users and was backed by Cloudflare.[188] The blocks affected major legitimate websites, including X, Vimeo, Steam, GitHub, and the Royal Spanish Academy.[189]

Response to the Russian invasion of Ukraine

After Russia invaded Ukraine in late February 2022, Ukrainian Vice Prime Minister, Minister of Digital Transformation Mykhailo Fedorov[190] and others[191] called on Cloudflare to stop providing its services in the Russian market amidst reports that Russia-linked websites spreading disinformation were using the company's content delivery network services.[192] Cloudflare CEO Matthew Prince responded that the company decided to remain providing services to Russian people to counter Russia's attempts to raise a 'digital iron curtain'.[193][194] Prince shared that "Indiscriminately terminating service would do little to harm the Russian government but would both limit [Russian citizens'] access to information outside the country and make significantly more vulnerable those who have used us to shield themselves as they have criticized the government."[193] The company later said it had minimal sales and commercial activity in Russia and had "terminated any customers we have identified as tied to sanctioned entities".[195]

Cloudflare's Project Galileo, launched in 2014, offers DDoS protection to NGOs for free. In 2022, they extended free protection to Ukrainian government and telecoms.[196][197]

Copyright lawsuit

In 2022, Japanese publishers Shueisha, Kodansha, Shogakukan, and Kadokawa Shoten filed a copyright lawsuit against Cloudflare, alleging that the service was distributing data to manga piracy sites and sought an injunction and ¥460 million (US$4 million) in damages. On November 19, 2025, a judge ruled in favor of the publishers. While the ruling recognized approximately ¥3.6 billion (US$24 million) in damages, Cloudflare was ordered to pay a total amount of ¥500 million (US$3.6 million), as the publishers claimed that Cloudflare was only partially responsible for the damages.[198]

See also

  • List of CDNs in Content delivery network § Content delivery service and technology providers

External links

References

  1. Cloudflare, Inc. 2025 Annual Report (Form 10-K) U.S. Securities and Exchange Commission, February 26, 2026^
  2. List of Accredited Registrars www.icann.org, retrieved April 25, 2023^
  3. Richard Durant. Cloudflare: Thinking Big Seeking Alpha, May 19, 2020, retrieved January 25, 2021^
  4. Usage statistics and market share of Cloudflare w3techs.com, retrieved January 12, 2026^
  5. The Court Found Cloudflare Liable for Aiding AIPPI, 2026-01-23, retrieved 2026-03-26^
  6. Annie Palmer. Cloudflare says outage that hit X, ChatGPT and other sites is resolved CNBC, 2025-11-18, retrieved 2026-03-26^
  7. Christine Lagorio-Chafkin. Why the CEO of a $350 Million Internet Security Company Practices Radical Transparency Inc., November 6, 2020^
  8. Cloudflare, in its IPO filing, thanks a third co-founder: Lee Holloway TechCrunch, August 15, 2019, retrieved May 6, 2021^
  9. Zoe Kleinman. The firm that protects both banks and the Eurovision Song contest BBC News, September 25, 2016, retrieved September 4, 2022^
  10. Dawn Kawamoto. Cloudflare's $150 million funding round puts its IPO plans in question San Francisco Business Times, March 12, 2019, retrieved March 12, 2019^
  11. Jonathan Shieber. Cloudflare files for initial public offering TechCrunch, August 15, 2019, retrieved August 22, 2019^
  12. Connie Loizos. Cloudflare co-founder Michelle Zatlyn on the company's IPO today, its unique dual class structure, and what's next TechCrunch, September 13, 2019, retrieved September 16, 2019^
  13. What's in a name? Cloudflare Blog^
  14. Stephanie Mehta. Exclusive: Cloudflare promotes Michelle Zatlyn to president, a gain for women in tech Fast Company, December 17, 2020, retrieved December 20, 2020^
  15. Fresh off IPO, this high-profile Bay Area cloud company just snapped up a browser isolation company bizjournals.com, January 7, 2020, retrieved May 12, 2021^
  16. Liam Tung. CloudFlare acquires VPN service CryptoSeal, shuts it down ZDNet, June 19, 2014^
  17. Cloudflare acquires app platform Eager, will sunset service in Q1 2017 VentureBeat, December 13, 2016, retrieved May 12, 2021^
  18. Ron Miller. Neumob acquisition gives Cloudflare missing mobile component – TechCrunch TechCrunch, November 14, 2017, retrieved September 18, 2020^
  19. Ron Miller. Cloudflare acquires stealthy startup S2 Systems, announces Cloudflare for Teams – TechCrunch TechCrunch, January 7, 2020, retrieved September 17, 2020^
  20. Kyle Wiggers. Cloudflare acquires Linc to automate web app deployment VentureBeat, December 22, 2020, retrieved December 22, 2020^
  21. Paul Sawers. Cloudflare acquires Zaraz to speed up websites and solve third-party bloat VentureBeat, December 8, 2021^
  22. Cloudflare Acquires Vectrix to Help Businesses Gain Visibility and Control of Their Applications ITSecurityWire, February 11, 2022, retrieved February 11, 2022^
  23. Charlotte Trueman. Noteworthy tech acquisitions 2022 Computerworld, March 23, 2022, retrieved March 25, 2022^
  24. Michael Novinson. Cloudflare Buys BastionZero to Guard Critical Infrastructure Data Breach Today, May 30, 2024, retrieved May 31, 2024^
  25. Cloudflare Acquires Kivera to Deliver Simple, Preventive Cloud Security Yahoo Finance, retrieved January 30, 2025^
  26. Cloudflare to Acquire Replicate to Build the Most Seamless AI Cloud for Developers Cloudflare, retrieved 2026-03-21^
  27. Cloudflare Strengthens Content Offering to AI Companies with Acquisition of Human Native Cloudflare, retrieved 2026-03-21^
  28. Katharine Schwab. The Hardest Working Office Design In America Encrypts Your Data–With Lava Lamps Fast Company, August 18, 2017, retrieved April 16, 2022^
  29. LavaRand in Production: The Nitty-Gritty Technical Details The Cloudflare Blog, November 6, 2017, retrieved April 16, 2022^
  30. Angela Palumbo. Cloudflare Sales Guidance Looks Good. But It's Still Contending With a Spending Slowdown. Barron's, February 10, 2023, retrieved October 15, 2023^
  31. Cloudflare (NET) Q4 2022 Earnings Review - Software Stack Investing 24 February 2023, retrieved 24 February 2026^
  32. Thomas Claburn. Cloudflare beats patent troll so badly it basically gives up The Register, October 3, 2024, retrieved August 22, 2025^
  33. Cloudflare to buy Replicate: "We're building the AI cloud" The Stack, 2025-11-17, retrieved 2025-11-18^
  34. A closer look at a BGP anomaly in Venezuela The Cloudflare Blog, January 6, 2026, retrieved January 22, 2026^
  35. Radar 16: Week of 01/05/2026 Low Orbit Security, retrieved January 22, 2026^
  36. Davis Giangiulio. Cloudflare acquires AI data marketplace Human Native CNBC, January 15, 2026, retrieved January 16, 2026^
  37. Guru Baran. Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development Cyber Security News, 2026-01-16, retrieved 2026-03-12^
  38. Loraine Lawson. Cloudflare Acquires Team Behind Open Source Framework Astro The New Stack, 2026-01-16, retrieved 2026-03-12^
  39. enterpriseitworld. Cloudflare Acquires Astro to Power the Future of High‑Performance Enterprise IT World, 2026-01-19, retrieved 2026-03-12^
  40. Jason Kincaid. Cloudflare Wants To Be A CDN For The Masses (And Takes Five Minutes To Set Up) TechCrunch, September 27, 2010, retrieved September 26, 2020^
  41. Charlie Osborne. Cloudflare figured out how to make the Web one second faster ZDNet, April 28, 2016, retrieved May 17, 2016^
  42. Sean Michael Kerner. Attackers Target Microsoft Exchange, According to Cloudflare Application Security Report SDX Central, March 14, 2023, retrieved March 30, 2023^
  43. Cloudflare switches to EPYC 9684X Genoa-X CPUs with 3D V-Cache — 145% faster than previous-gen Milan servers Tom's Hardware, September 25, 2024, retrieved February 21, 2025^
  44. Ross Kelly. Scale of Verizon outage impact laid bare in Cloudflare report TechRadar, October 7, 2024, retrieved February 25, 2025^
  45. Sebastian Moss. Cloudflare to deploy Nvidia GPUs at the Edge for generative "AI" "inference" - in up to 300 data centers Datacenter Dynamics, September 29, 2023, retrieved July 9, 2024^
  46. Kyle Wiggers. Cloudflare launches a tool to combat "AI" bots TechCrunch, July 3, 2024, retrieved July 16, 2024^
  47. Ionut Arghire. Cloudflare Introduces "AI" Security Solutions SecurityWeek, March 5, 2024, retrieved February 9, 2025^
  48. Maxwell Zeff. Cloudflare's new marketplace will let websites charge "AI" bots for scraping TechCrunch, September 23, 2024, retrieved March 25, 2025^
  49. Mike Wheatley. Cloudflare debuts tools for website owners to charge "AI" companies that scrape their content SiliconANGLE, September 23, 2024, retrieved May 14, 2025^
  50. Benj Edwards. Cloudflare turns "AI" against itself with endless maze of irrelevant facts Ars Technica, March 21, 2025, retrieved July 2, 2025^
  51. Wes Davis. Cloudflare is luring web-scraping bots into an 'AI Labyrinth' The Verge, March 22, 2025, retrieved July 2, 2025^
  52. Arik Hesseldahl. Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers All Things Digital, June 10, 2011, retrieved August 15, 2011^
  53. Darlene Storm. Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps Computerworld, March 27, 2013, retrieved August 22, 2019^
  54. John Markoff, Nicole Perlroth. Online Dispute Becomes Internet-Snarling Attack The New York Times, March 26, 2013, retrieved August 22, 2019^
  55. Chris Gayomali. The biggest cyberattack in Internet history is happening right now The Week, January 9, 2015^
  56. Lily Hay Newman. Cloudflare's Five-Year Project to Protect Nonprofits Online Wired, June 12, 2019, retrieved August 5, 2019^
  57. Steven Melendez. Amid pandemic and protests, Cloudflare is defending vulnerable websites Fast Company, June 11, 2020, retrieved February 3, 2021^
  58. Taylor Hatmaker. Cloudflare Recruits State and Local Governments for Free Election Site Security Programs TechCrunch, July 19, 2018, retrieved January 28, 2021^
  59. Project Galileo www.cloudflare.com, retrieved July 20, 2025^
  60. After a series of cyberattacks, states look to secure election results websites NBC News, November 3, 2022, retrieved August 9, 2023^
  61. Steven Musil. Record-breaking DDoS attack in Europe hits 400 Gbit/s CNET, February 11, 2014^
  62. Sean Gallagher. Biggest DDoS ever aimed at Cloudflare's content delivery network Ars Technica, February 11, 2014, retrieved May 17, 2016^
  63. Parmy Olson. The Largest Cyber Attack in History Has Been Hitting Hong Kong Sites Forbes, November 20, 2014, retrieved August 22, 2019^
  64. Jonathan Greig. Cloudflare says it stopped the largest DDoS attack ever reported ZDNet, retrieved November 19, 2021^
  65. Ionut Arghire. Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare SecurityWeek, February 14, 2023, retrieved February 18, 2023^
  66. Sergiu Gatlan. Cloudflare blocks largest recorded DDoS attack peaking at 11.5 Tbps BleepingComputer, retrieved September 6, 2025^
  67. Sead Fadilpašić. The biggest DDoS attack ever has been detected - but fortunately you probably barely noticed it TechRadar Pro, 30 January 2026, retrieved 9 February 2026^
  68. Cloudflare creates Workers Unbound platform for serverless development datacenternews.asia, retrieved May 26, 2021^
  69. Romain Dillet. Cloudflare launches Cloudflare Pages, a platform to deploy and host JAMstack sites TechCrunch, December 17, 2020, retrieved May 26, 2021^
  70. Cloudflare gets serious about infrastructure services TechCrunch, May 11, 2022, retrieved May 12, 2022^
  71. Sean Michael Kerner. IBM and Cloudflare partner to protect user sites against malicious bots SDX Central, August 8, 2023, retrieved June 13, 2024^
  72. SpaceX working with Cloudflare to speed up Starlink service- The Information Yahoo Finance, August 23, 2023, retrieved May 17, 2024^
  73. Cloudflare launches new fight against Google over...fonts? TechRadar, September 27, 2023, retrieved September 6, 2024^
  74. Cloudflare moves from reCAPTCHA to hCaptcha Thank You Robot, January 8, 2020, retrieved February 11, 2021^
  75. Umar Shakir. Turnstile is Cloudflare's latest attempt to rid the web of CAPTCHAs The Verge, retrieved September 28, 2022^
  76. D. Howard Kass. Cloudflare Lands $7.2M Project from CISA for Registry, DNS Services MSSP Alert, January 17, 2023, retrieved April 12, 2023^
  77. Zack Whittaker. Cloudflare is giving away its security tools to US political campaigns TechCrunch, January 15, 2020, retrieved July 14, 2025^
  78. Cloudflare Offers Free Email Security for Political Parties and Campaigns March 18, 2025, retrieved July 24, 2025^
  79. Cloudflare for Teams: Protecting corporations without sacrificing performance Help Net Security, January 8, 2020, retrieved February 11, 2021^
  80. Mari Galicer, Christopher Wood. Privacy Gateway: a privacy preserving proxy built on Internet standards The Cloudflare Blog, October 27, 2022, retrieved September 20, 2025^
  81. Digital payments leader partners with Cloudflare to accelerate, secure monthly mobile payments VentureBeat, January 20, 2023, retrieved May 8, 2023^
  82. Jon Porter. Cloudflare wants to help you set up your own Mastodon-compatible server in 'minutes' The Verge, February 10, 2023, retrieved July 5, 2023^
  83. K-12 Schools Improve Protection Against Online Attacks, But Are Vulnerable to Ransomware www.newsnetmedia.com, retrieved June 27, 2024^
  84. S. C. Staff. Cloudflare's Firewall for AI SC Media, March 5, 2024, retrieved August 19, 2024^
  85. Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection InfoQ, retrieved March 7, 2025^
  86. Mike Williams. Best free and public DNS server of 2025 TechRadar, November 6, 2024, retrieved March 14, 2025^
  87. Cloudforce One threat events platform provides a real-time view of threat activity Help Net Security, March 19, 2025, retrieved June 10, 2025^
  88. Cloudflare Introduces Threat Intel Team and Commits to Making Precise and Timely Global Threat Research Accessible For Anyone Businesswire, September 24, 2024, retrieved June 10, 2025^
  89. Kyle Alspach. Cloudflare expanding into zero-trust network security - Protocol www.protocol.com, July 27, 2022, retrieved May 22, 2023^
  90. Joe Williams. Cloudflare to Buy Area 1 Security in Push to Protect Against Phishing Emails Bloomberg, February 23, 2022, retrieved May 6, 2024^
  91. Dan Swinhoe. Cloudflare acquires Nefeli Networks to boost multi-cloud networking Data Center Dynamics, March 7, 2024, retrieved August 22, 2025^
  92. Amrita Khalid. Cloudflare's privacy-focused DNS app adds a free VPN Engadget, April 2, 2019, retrieved April 2, 2019^
  93. Matthew Humphries. Cloudflare Finally Launches Warp, But It's Not a Mobile VPN PCMag, September 26, 2019, retrieved November 19, 2022^
  94. Vlad Krasnov. BoringTun, a userspace WireGuard implementation in Rust Cloudflare Blog, December 18, 2018, retrieved March 29, 2019^
  95. CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation phoronix.com, retrieved March 29, 2019^
  96. Darrell Etherington. Cloudflare introduces free digital waiting rooms for any organizations distributing COVID-19 vaccines TechCrunch, January 22, 2021, retrieved May 12, 2021^
  97. Cloudflare's Project Fair Shot Webby Awards, retrieved May 26, 2022^
  98. Post-quantum crypto should be free, so we're including it for free, forever The Cloudflare Blog, March 16, 2023^
  99. Umar Hansa. Cloudflare Speed Brain: What You Need to Know DebugBear, September 26, 2024, retrieved June 19, 2025^
  100. Stripe partners with Nvidia, Pepsi and Rivian www.paymentsdive.com, retrieved April 2, 2025^
  101. Justin Paine, John Graham-Cumming. Announcing the CSAM Scanning Tool, Free for All Cloudflare Customers The Cloudflare Blog, December 18, 2019, retrieved July 28, 2025^
  102. Cloudflare: Simplifying the Fight Against CSAM inhope.org, retrieved July 28, 2025^
  103. Cloudflare CSAM Scanning Tool – Rik Lewis www.riklewis.com, retrieved July 28, 2025^
  104. Luke Simcoe. The 4chan breach: How hackers got a password through voicemail Maclean's, June 14, 2012, retrieved August 22, 2019^
  105. Ms. Smith. Hacktivists UGNazi attack 4chan, Cloudflare and Wounded Warrior Project Privacy and Security Fanatic, NetworkWorld, June 3, 2012, retrieved August 22, 2019^
  106. Karl Blumenthal. Archiving sites protected by Cloudflare Archive It Support^
  107. Brett Molina. Cloudfare bug: Yes, you should change your passwords USA Today, February 28, 2017, retrieved March 1, 2017^
  108. Kate Conger. Major Cloudflare bug leaked sensitive data from customers' websites TechCrunch, February 23, 2017, retrieved August 22, 2019^
  109. Cloudflare down: What the company's status page has to say on mass outage The Times of India, November 18, 2025, retrieved November 18, 2025^
  110. Cloudflare down for several users globally; OpenAI, Perplexity among websites affected Hindustan Times, November 18, 2025, retrieved November 18, 2025^
  111. Cloudflare Outage? November 2025 Incident QUAPE, November 18, 2025, retrieved November 18, 2025^
  112. Victor Mather. Outage at Cloudflare Disrupts Parts of the Internet The New York Times, November 18, 2025, retrieved November 18, 2025^
  113. Cloudflare apologises for outage which took down X and ChatGPT BBC News, 2025-11-18, retrieved 2025-11-19^
  114. Darragh Murphy. Cloudflare is down — live updates on internet outage affecting ChatGPT, X, Spotify and more Tom's Guide, November 18, 2025, retrieved November 18, 2025^
  115. Emma Roth. A massive Cloudflare outage is affecting X, ChatGPT, and even Downdetector The Verge, November 18, 2025, retrieved November 18, 2025^
  116. Robert Booth. Cloudflare outage causes error messages across the internet The Guardian, November 18, 2025, retrieved November 18, 2025^
  117. Annie Palmer. Cloudflare down: Company blames 'unusual' spike in traffic before outage errors NBC News, November 18, 2025, retrieved November 18, 2025^
  118. Frances Mao. Cloudflare slowly recovering but some key platforms still down The Guardian, November 18, 2025, retrieved November 18, 2025^
  119. Cloudflare's CTO apologizes after error takes huge chunk of the internet offline — 'we failed our customers and the broader internet' tomshardware.com, retrieved November 20, 2025^
  120. Cloudflare outage on November 18, 2025 blog.cloudflare.com, 2025-11-20, retrieved 2025-11-20^
  121. Cloudflare down again? Netizens flood X with complaints The Economic Times, 2025-12-05, retrieved 2025-12-05^
  122. Graeme Wearden. Cloudflare outage hits major web services including X, LinkedIn and Zoom – business live the Guardian, 2025-12-05, retrieved 2025-12-05^
  123. Cloudflare investigates outage that brought down sites including Zoom and LinkedIn AP News, 2025-12-05, retrieved 2025-12-05^
  124. Jessica Lyons. Cloudflare whacks WAF bypass bug that opened side door for attackers The Register, January 20, 2026, retrieved January 22, 2026^
  125. Cloudflare Zero-day: Accessing Any Host Globally FearsOff, retrieved January 22, 2026^
  126. Hrushikesh Deshpande, Andrew Mitchell, Leland Garofalo. How we mitigated a vulnerability in Cloudflare’s ACME validation logic The Cloudflare Blog, 2026-01-19, retrieved 2026-01-22^
  127. Kashmir Hill. The Company Keeping Your Favorite (And Least Favorite) Websites Online Forbes, August 17, 2014, retrieved September 15, 2021^
  128. Becky Peterson. Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet' Business Insider, August 17, 2017, retrieved September 15, 2021^
  129. Web services firm CloudFlare accused by Anonymous of helping Isis The Guardian, November 19, 2015, retrieved September 15, 2021^
  130. CloudFlare CEO blasts Anonymous claims of ISIS terrorist support The Register, November 18, 2015, retrieved September 16, 2021^
  131. Catherine Han, Deepak Kumar, Zakir Durumeric. On the Infrastructure Providers That Support Misinformation Websites Proceedings of the International AAAI Conference on Web and Social Media, May 31, 2022, retrieved August 27, 2022^
  132. Chris Stokel-Walker. Cloudflare Is One of the Companies That Quietly Powers the Internet. Researchers Say It's a Haven for Misinformation Time, August 26, 2022, retrieved August 27, 2022^
  133. Timothy B. Lee. Cloudflare's CEO has a plan to never censor hate speech again Ars Technica, December 4, 2017, retrieved August 5, 2019^
  134. Inside Cloudflare's Decision to Let an Extremist Stronghold Burn WIRED, retrieved August 20, 2025^
  135. Danielle Keats Citron. What to Do about the Emerging Threat of Censorship Creep on the Internet Policy Analysis, November 28, 2017^
  136. Daphne Keller. The Daily Stormer, Online Speech, and Internet Registrars Stanford Center for Internet and Society, Stanford Law School, August 15, 2017, retrieved August 6, 2019^
  137. Hamza Shaban. Banning neo-Nazis online may be slippery slope, tech group warns Silicon Valley The Washington Post, August 18, 2017, retrieved August 6, 2019^
  138. Kevin Roose. 8chan Is a Megaphone for Gunmen. 'Shut the Site Down,' Says Its Creator. The New York Times, August 4, 2019, retrieved August 5, 2019^
  139. Patrick Howell O'Neill. 8chan, the central hive of Gamergate, is also an active pedophile network The Daily Dot, November 17, 2014, retrieved August 5, 2019^
  140. Sam Machkovech. 8chan-hosted content disappears from Google searches: Domain-specific searches contain warning about "suspected child abuse content" Ars Technica, August 17, 2015, retrieved August 5, 2019^
  141. Caitlin Dewey. This is what happens when you create an online community without any rules The Washington Post, January 13, 2015, retrieved August 22, 2019^
  142. Cloudflare embroiled in child abuse row BBC News, October 22, 2019, retrieved November 15, 2019^
  143. Hannah Uebele. El Paso: When Freedom Of Speech Turns Violent WGBH, August 6, 2019, retrieved June 6, 2021^
  144. Ben Collins. Investigators 'reasonably confident' Texas suspect left anti-immigrant screed NBC News, August 4, 2019, retrieved August 22, 2019^
  145. Julia Carrie Wong. 8chan: the far-right website linked to the rise in hate crimes The Guardian, August 3, 2019, retrieved August 3, 2019^
  146. Terminating Service for 8Chan The Cloudflare Blog, August 5, 2019^
  147. Makena Kelly. Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks The Verge, August 5, 2019, retrieved June 16, 2023^
  148. Margaret Pless. Kiwi Farms, the Web's Biggest Community of Stalkers Intelligencer, New York Magazine, July 19, 2016, retrieved August 31, 2022^
  149. Lavender Baj. Kiwi Farms Has 14 Days To Find A New Domain Host After Being Booted Off DreamHost Kotaku Australia, July 13, 2021, retrieved July 13, 2021^
  150. Shashona Wodinsky. The Worst Site on the Web Gets DDoS'd After Being Connected to Prominent Developer's Suicide Gizmodo, June 29, 2021, retrieved August 31, 2022^
  151. Charlotte Colombo. Kiwi Farms, the forum that has been linked to 3 suicides, was made to troll Chris Chan years before she was arrested on an incest charge Insider, August 3, 2021, retrieved August 31, 2022^
  152. Claire Goforth. Pressure grows on Cloudflare to drop Kiwi Farms after latest doxing campaign The Daily Dot, August 22, 2022, retrieved August 23, 2022^
  153. Samantha Cole. People Are Demanding That Cloudflare Drop Kiwi Farms Vice, August 23, 2022, retrieved August 24, 2022^
  154. Scott Rosenberg. Campaign pushes Cloudflare to drop trans hate site Axios, August 25, 2022, retrieved August 25, 2022^
  155. Ashley Bardhan. As Twitch Streamer Flees, Pressure Mounts On Cloudflare To Stop Protecting Controversial Kiwi Farms Site Kotaku, August 25, 2022, retrieved August 26, 2022^
  156. Emily Mae Czachor. Cloudflare indicates services will continue for controversial website Kiwi Farms CBS News, September 1, 2022, retrieved September 2, 2022^
  157. Thomas Claburn. Cloudflare tries to explain why it protects far-right forums that stalk and harass victims The Register, August 31, 2022, retrieved September 2, 2022^
  158. Cecilia D'Anastasio. Cloudflare Urged to Cut Ties to Site That Promotes Harassment Bloomberg, August 30, 2022, retrieved August 30, 2022^
  159. Inside Keffals' Battle to Bring Down Kiwi Farms September 7, 2022^
  160. Kat Tenbarge, Jason Abbruzzese, Ben Collins. Internet services company Cloudflare blocks Kiwi Farms citing 'targeted threats' NBC News, NBC, September 3, 2022, retrieved July 24, 2023^
  161. Cloudflare's abuse policies & approach The Cloudflare Blog, Cloudflare, August 31, 2022, retrieved February 21, 2023^
  162. Kyle Alspach. Cloudflare probably won't terminate services for 'despicable' sites Protocol, August 31, 2022, retrieved August 31, 2022^
  163. Cecilia D'Anastasio. Cloudflare Hints It Won't Cut Ties to Site Linked to Harassment BNN Bloomberg, August 31, 2022, retrieved August 31, 2022^
  164. Josh Taylor. Cloudflare defends providing security services to trans trolling website Kiwi Farms The Guardian, September 1, 2022, retrieved September 2, 2022^
  165. Joseph Menn, Taylor Lorenz. Under pressure, security firm Cloudflare drops Kiwi Farms website The Washington Post, September 3, 2022, retrieved September 3, 2022^
  166. Matthew Prince. Blocking Kiwifarms Cloudflare, September 3, 2022, retrieved September 3, 2022^
  167. Cloudflare and FOSTA/SESTA Assembly Four, April 18, 2018^
  168. Samantha Cole. Cloudflare: FOSTA Was a 'Very Bad Bill' That's Left the Internet's Infrastructure Hanging Vice News, April 19, 2018, retrieved September 2, 2022^
  169. Caroline O'Donovan. Trump Just Signed A Law That Helped Create A New Twitter For Sex Workers BuzzFeed News, BuzzFeed, April 16, 2018, retrieved September 2, 2022^
  170. Cloudflare Just Banned a Social Media Refuge for Thousands of Sex Workers Vice News, April 19, 2018^
  171. Aja Romano. A new law intended to curb sex trafficking threatens the future of the internet as we know it Vox, July 2, 2018, retrieved September 1, 2022^
  172. Corynne McSherry, Jillian C. York. The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing Electronic Frontier Foundation, October 13, 2022, retrieved August 16, 2023^
  173. Evan F. Kohlmann. Charlie Hebdo and the Jihadi Online Network: Assessing the Role of American Commercial Social Media Platforms United States House of Representatives, January 27, 2015, retrieved August 22, 2019^
  174. Mengqi Sun. Cloud-Services Company Cloudflare Discloses Potential Sanctions Violations Wall Street Journal, 10 September 2019, retrieved 4 March 2023^
  175. Jeff Stone. Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions CyberScoop, September 11, 2019, retrieved March 4, 2023^
  176. Spamhaus Botnet Threat Report Q1-2020, ISPs hosting botnet C&Cs The Spamhaus Project, retrieved May 1, 2020^
  177. Cloudflare and Spamhaus Word to the Wise, July 16, 2017, retrieved February 28, 2017^
  178. The Spamhaus Project The Spamhaus Project, retrieved September 30, 2019^
  179. Graham Edgecombe. Certificate authorities issue SSL certificates to fraudsters Netcraft, October 12, 2015, retrieved October 14, 2015^
  180. Brian Krebs. Spreading the DDoS Disease and Selling the Cure – Krebs on Security October 20, 2016, retrieved October 11, 2023^
  181. SecureWorld News Team. Is this OK? DDoS Defense Vendor Protected World's Largest DDoS-for-Hire Site www.secureworld.io, May 3, 2018, retrieved October 11, 2023^
  182. Counterfeit and Piracy Watch List European Commission, December 7, 2018, retrieved July 16, 2021^
  183. Andy Maxwell. New EU Piracy Watchlist Targets Key Pirate Sites and Cloudflare TorrentFreak, December 10, 2018, retrieved July 16, 2021^
  184. Branislav Pekic. Court orders CloudFlare to stop hosting illegal IPTVs February 17, 2021, retrieved June 2, 2023^
  185. Ernesto Van der Sar. Italian Court Orders Cloudflare to Block a Pirate IPTV Service TorrentFreak, October 14, 2020, retrieved July 16, 2021^
  186. Jan Bernd Nordemann. Duties of DNS resolvers and CDN providers – the CoA Cologne finds Cloudflare accountable Wolters Kluwer, July 12, 2021, retrieved July 16, 2021^
  187. Se hace pública la sentencia que autoriza los bloqueos de LaLiga hasta 2027 bandaancha.eu, April 5, 2025, retrieved May 21, 2025^
  188. Ángel Rodríguez. LaLiga desactiva la plataforma de piratería DuckVision antes del derbi entre Real Madrid y Atlético MARCA, February 9, 2025, retrieved May 21, 2025^
  189. Bloqueos del fútbol a IPs de Cloudflare y otras webs legales bandaancha.eu, retrieved May 21, 2025^
  190. Craig Timberg, Cat Zakrzewski, Joseph Menn. A new iron curtain is descending across Russia's Internet The Washington Post, March 4, 2022, retrieved May 11, 2022^
  191. Logan Moore, Karishma Vanjani. These Companies Haven't Left Russia. Behind Their Decisions to Stay. Barron's, March 25, 2022, retrieved May 17, 2022^
  192. Jeff Stone, Ryan Gallagher. Cloudflare Rebuffs Ukraine Requests to Stop Working With Russia Bloomberg, March 8, 2022, retrieved May 11, 2022^
  193. Jon Brodkin. Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff Ars Technica, March 8, 2022, retrieved July 5, 2023^
  194. Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies www.institute.global, retrieved July 5, 2023^
  195. Allison Morrow. Crypto is dead. Long live crypto: Davos Dispatch CNN, May 26, 2022, retrieved May 26, 2022^
  196. CloudFlare Teams Up With 15 NGOs To Protect Citizen Journalists And Activists From DDoS Attacks TechCrunch, June 12, 2014, retrieved June 26, 2022^
  197. Melanie Garson, Pete Furlong. Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies Tony Blair Institute for Global Change, May 2022^
  198. Joanna Cayanan. Shueisha, Kodansha, Shogakukan, Kadokawa Win Copyright Suit Against Cloudflare Anime News Network, November 19, 2025, retrieved November 21, 2025^
  199. Julia Carrie Wong. The far right is losing its ability to speak freely online. Should the left defend it? The Guardian, August 28, 2017, retrieved August 22, 2019^
  200. Rhett Jones. Cloudflare Under Fire for Allegedly Providing DDoS Protection for Terrorist Websites Gizmodo, December 14, 2018, retrieved August 5, 2019^
  201. Jesselyn Cook. U.S. Tech Giant Cloudflare Provides Cybersecurity For at Least 7 Terror Groups: Among its customers are the Taliban, al-Shabab and Hamas. HuffPost, December 14, 2018, retrieved August 5, 2019^
  202. Sean Captain. Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask Fast Company, February 27, 2019, retrieved August 5, 2019^
  203. Gianluca Mezzofiore, Donie O'Sullivan. El Paso shooting is at least the third atrocity linked to 8chan this year CNN, August 5, 2019, retrieved August 5, 2019^
  204. Sugondese Separatist Bofa. Controversial US infosec firm Cloudflare is providing potentially sanctions-busting services to Myanmar's military junta Bofa on Insecurity, March 11, 2021, retrieved June 6, 2021^
  205. Timothy B. Lee. Tech companies declare war on hate speech—and conservatives are worried Ars Technica, August 31, 2017, retrieved August 6, 2019^
  206. Becky Peterson. Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet' Business Insider, August 17, 2017, retrieved August 17, 2017^
  207. S-1 Filing US SEC, retrieved December 2, 2022^