Cloudflare#Authoritative DNS

Cloudflare was founded on July 26, 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn.{{cite news |last1=Lagorio-Chafkin |first1=Christine |title=Why the CEO of a $350 Million Internet Security Company Practices Radical Transparency |url=https://www.inc.com/christine-lagorio/what-i-know-cloudflare-matthew-prince.html |publisher=Inc. |date=6 November 2020}}{{Cite web |title=Cloudflare, in its IPO filing, thanks a third co-founder: Lee Holloway |url=https://techcrunch.com/2019/08/15/cloudflare-has-a-third-cofounder-lee-holloway-whos-credited-with-making-the-company-what-is-today/ |access-date=2021-05-06 |website=TechCrunch |date=August 15, 2019 |language=en-US }} Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that served as some inspiration for the basis of Cloudflare.{{Cite news |last=Kleinman |first=Zoe |date=25 September 2016 |title=The firm that protects both banks and the Eurovision Song contest |work=BBC News |url=https://www.bbc.com/news/business-37348016 |access-date=4 September 2022}} From 2009, the company was venture-capital funded.{{Cite web |last=Kawamoto |first=Dawn |date=March 12, 2019 |title=Cloudflare's $150 million funding round puts its IPO plans in question |url=https://www.bizjournals.com/sanfrancisco/news/2019/03/12/cloudflare-150-million-funding-ipo-in-question.html |access-date=March 12, 2019 |website=San Francisco Business Times}} {{subscription required|s}} On August 15, 2019, Cloudflare submitted its S-1 filing for an initial public offering on the New York Stock Exchange under the stock ticker NET.{{Cite web |last=Shieber |first=Jonathan |date=August 15, 2019 |title=Cloudflare files for initial public offering |url=http://techcrunch.com/2019/08/15/cloudflare-files-for-initial-public-offering/ |access-date=August 22, 2019 |website=TechCrunch |language=en-US }} It opened for public trading on September 13, 2019, at $15 per share.{{Cite web |last=Loizos |first=Connie |date=September 13, 2019 |title=Cloudflare co-founder Michelle Zatlyn on the company's IPO today, its unique dual class structure, and what's next |url=http://techcrunch.com/2019/09/13/cloudflare-cofounder-michelle-zatlyn-on-the-companys-successful-ipo-and-whats-next/ |access-date=September 16, 2019 |website=TechCrunch |language=en-US }}

In 2020, Cloudflare co-founder and COO Michelle Zatlyn was named president, making her one of the few female presidents of a publicly traded technology company in the U.S.{{Cite web |last=Mehta |first=Stephanie |date=December 17, 2020 |title=Exclusive: Cloudflare promotes Michelle Zatlyn to president, a gain for women in tech |url=https://www.fastcompany.com/90587133/exclusive-cloudflare-promotes-michelle-zatlyn-to-president-a-gain-for-women-in-tech |access-date=December 20, 2020 |website=Fast Company |language=en-US}}

Cloudflare has acquired web-services and security companies, including StopTheHacker (February 2014),{{Cite web |date=2020-01-07 |title=Fresh off IPO, this high-profile Bay Area cloud company just snapped up a browser isolation company |url=https://www.bizjournals.com/sanfrancisco/news/2020/01/07/fresh-off-its-ipo-this-high-profile-bay-area-cloud.html |access-date=2021-05-12 |website=bizjournals.com}} CryptoSeal (June 2014),{{cite news |last1=Tung |first1=Liam |title=CloudFlare acquires VPN service CryptoSeal, shuts it down |url=https://www.zdnet.com/article/cloudflare-acquires-vpn-service-cryptoseal-shuts-it-down/ |publisher=ZDNet |date=19 June 2014}} Eager Platform Co. (December 2016),{{Cite web |date=2016-12-13 |title=Cloudflare acquires app platform Eager, will sunset service in Q1 2017 |url=https://venturebeat.com/2016/12/13/cloudflare-acquires-app-platform-eager-will-sunset-service-in-q1-2017/ |access-date=2021-05-12 |website=VentureBeat |language=en-US}} Neumob (November 2017),{{Cite web |last=Miller |first=Ron |date=November 14, 2017 |title=Neumob acquisition gives Cloudflare missing mobile component – TechCrunch |url=https://techcrunch.com/2017/11/14/cloudflare-expands-into-mobile-performance-with-neumob-acquisition/ |access-date=September 18, 2020 |website=TechCrunch}} S2 Systems (January 2020),{{Cite web |last=Miller |first=Ron |date=January 7, 2020 |title=Cloudflare acquires stealthy startup S2 Systems, announces Cloudflare for Teams – TechCrunch |url=https://techcrunch.com/2020/01/07/cloudflare-acquires-stealthy-startup-s2-system-announces-cloudflare-for-teams/?guccounter=1 |access-date=September 17, 2020 |website=TechCrunch}} Linc (December 2020),{{Cite web |last=Wiggers |first=Kyle |date=December 22, 2020 |title=Cloudflare acquires Linc to automate web app deployment |url=https://venturebeat.com/2020/12/22/cloudflare-acquires-linc-to-automate-web-app-deployment/ |access-date=December 22, 2020 |website=VentureBeat}} Zaraz (December 2021),{{Cite web |date=2021-12-08 |last=Sawers |first=Paul |title=Cloudflare acquires Zaraz to speed up websites and solve third-party bloat |url=https://venturebeat.com/enterprise/cloudflare-acquires-zaraz-to-speed-up-websites-and-solve-third-party-bloat/ |website=VentureBeat}} Vectrix (February 2022),{{Cite web |date=2022-02-11 |title=Cloudflare Acquires Vectrix to Help Businesses Gain Visibility and Control of Their Applications |url=https://itsecuritywire.com/news/cloudflare-acquires-vectrix-to-help-businesses-gain-visibility-and-control-of-their-applications/ |access-date=2022-02-11 |website=ITSecurityWire |language=en-US}} Area 1 Security (February 2022),{{cite web|url=https://www.computerworld.com/article/3646533/noteworthy-tech-acquisitions-2022.html?page=2|title=Noteworthy tech acquisitions 2022|website=Computerworld|date=March 23, 2022|author=Charlotte Trueman|access-date=March 25, 2022}} Nefeli Networks (March 2024), BastionZero (May 2024),{{cite news | last=Novinson |first=Michael |title=Cloudflare Buys BastionZero to Guard Critical Infrastructure |url=https://www.databreachtoday.com/cloudflare-buys-bastionzero-to-guard-critical-infrastructure-a-25365 |website=Data Breach Today |date=2024-05-30 |access-date=2024-05-31}} and Kivera (October 2024).{{Cite news |title=Cloudflare Acquires Kivera to Deliver Simple, Preventive Cloud Security |url=https://finance.yahoo.com/news/cloudflare-acquires-kivera-deliver-simple-130000704.html |archive-url=https://web.archive.org/web/20241008215200/https://finance.yahoo.com/news/cloudflare-acquires-kivera-deliver-simple-130000704.html |archive-date=October 8, 2024 |access-date=2025-01-30 |work=Yahoo Finance |language=en-US |url-status=live }}

Since at least 2017, Cloudflare has been using a wall of lava lamps in their San Francisco headquarters as a source of randomness for encryption keys, alongside double pendulums in its London offices and a geiger counter in its Singapore offices.{{Cite web |last=Schwab |first=Katharine |date=2017-08-18 |title=The Hardest Working Office Design In America Encrypts Your Data–With Lava Lamps |url=https://www.fastcompany.com/90137157/the-hardest-working-office-design-in-america-encrypts-your-data-with-lava-lamps |access-date=2022-04-16 |website=Fast Company |language=en-US}} The lava lamp installation implements the Lavarand method, where a camera transforms the unpredictable shapes of the "lava" blobs into a digital image.{{Cite web |date=2017-11-06 |title=LavaRand in Production: The Nitty-Gritty Technical Details |url=http://blog.cloudflare.com/lavarand-in-production-the-nitty-gritty-technical-details/ |access-date=2022-04-16 |website=The Cloudflare Blog |language=en}}

{{As of|2022|alt=In Q4 2022,}} Cloudflare provided paid services to 162,086 customers.{{Cite web |last=Palumbo |first=Angela |date=2023-02-10 |title=Cloudflare Sales Guidance Looks Good. But It's Still Contending With a Spending Slowdown. |url=https://www.barrons.com/articles/cloudflare-earnings-stock-price-9aefd34a |access-date=2023-10-15 |website=Barron's |archive-url=https://archive.today/20230211000542/https://www.barrons.com/amp/articles/cloudflare-earnings-stock-price-9aefd34a |archive-date=2023-02-11 |url-status=live |url-access=subscription |language=en}}

Cloudflare provides network and security products for consumers and businesses, utilizing edge computing, reverse proxies for web traffic, data center interconnects, and a content distribution network to serve content across its network of servers.{{Cite web |last=Kincaid |first=Jason |date=September 27, 2010 |title=Cloudflare Wants To Be A CDN For The Masses (And Takes Five Minutes To Set Up) |url=https://techcrunch.com/2010/09/27/cloudflare-wants-to-be-a-cdn-for-the-masses-and-takes-five-minutes-to-set-up/ |access-date=September 26, 2020 |website=TechCrunch}} It supports transport layer protocols TCP, UDP, QUIC, and many application layer protocols such as DNS over HTTPS, SMTP, and HTTP/2 with support for HTTP/2 Server Push.{{Cite news |last=Osborne |first=Charlie |date=April 28, 2016 |title=Cloudflare figured out how to make the Web one second faster |work=ZDNet |url=https://www.zdnet.com/article/cloudflare-offers-http2-server-push-to-boost-internet-speeds/ |access-date=May 17, 2016}} {{As of|2023|post=,}} Cloudflare handles an average of 45 million HTTP requests per second.{{Cite web |last=Kerner |first=Sean Michael |date=14 March 2023 |title=Attackers Target Microsoft Exchange, According to Cloudflare Application Security Report |url=https://www.sdxcentral.com/articles/news/attackers-target-microsoft-exchange-according-to-cloudflare-application-security-report/2023/03/ |access-date=30 March 2023 |website=SDX Central}}

As of 2024, Cloudflare servers are powered by AMD EPYC 9684X processors.{{Cite web |author1=Aaron Klotz |date=2024-09-25 |title=Cloudflare switches to EPYC 9684X Genoa-X CPUs with 3D V-Cache — 145% faster than previous-gen Milan servers |url=https://www.tomshardware.com/pc-components/cpus/cloudflare-switches-to-epyc-9684x-genoa-x-cpus-with-3d-v-cache-145-faster-than-previous-gen-milan-servers |access-date=2025-02-21 |website=Tom's Hardware |language=en}}

Cloudflare also provides analysis and reports on large-scale outages, including Verizon’s October 2024 outage.{{cite web |last1=Kelly |first1=Ross |title=Scale of Verizon outage impact laid bare in Cloudflare report |url=https://www.techradar.com/pro/scale-of-verizon-outage-impact-laid-bare-in-cloudflare-report |website=TechRadar |access-date=25 February 2025 |language=en |date=7 October 2024}}

In 2023, Cloudflare launched Workers AI, a framework allowing for use of Nvidia GPU's within Cloudflare's network.{{Cite web |last=Moss |first=Sebastian |date=29 September 2023 |title=Cloudflare to deploy Nvidia GPUs at the Edge for generative AI inference - in up to 300 data centers |url=https://www.datacenterdynamics.com/en/news/cloudflare-to-deploy-nvidia-gpus-at-the-edge-for-generative-ai-inference-in-up-to-300-data-centers/ |access-date=9 July 2024 |website=Datacenter Dynamics}}

In 2024, Cloudflare launched a tool that prevents bots from scraping websites. To build automatic bot detector models, the company analyzed AI bots and crawler traffic.{{Cite web |last=Wiggers |first=Kyle |date=2024-07-03 |title=Cloudflare launches a tool to combat AI bots |url=https://techcrunch.com/2024/07/03/cloudflare-launches-a-tool-to-combat-ai-bots/ |access-date=2024-07-16 |website=TechCrunch |language=en-US}}The company also launched an AI assistant to generate charts based on queries by leveraging Workers AI.{{Cite web |last=Arghire |first=Ionut |date=2024-03-05 |title=Cloudflare Introduces AI Security Solutions |url=https://www.securityweek.com/cloudflare-introduces-ai-security-solutions/ |access-date=2025-02-09 |website=SecurityWeek |language=en-US}}Cloudflare announced plans in September 2024 to launch a marketplace where website owners can sell AI model providers access to scrape their site’s content.{{Cite web |last=Zeff |first=Maxwell |date=2024-09-23 |title=Cloudflare's new marketplace will let websites charge AI bots for scraping |url=https://techcrunch.com/2024/09/23/cloudflares-new-marketplace-will-let-websites-charge-ai-bots-for-scraping/?guccounter=1&guce_referrer=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbS8&guce_referrer_sig=AQAAAL8WG2Lq-W2DW05kMfkZ1P08HjvrIi6NXrNMHgSYsxv30Hjip68ZE6CSlLLl3QHER9xRuoqSlhziAt2ulIsM-pMHnEzpwyvuYIKg2DALgn8SqjR4V92oUkFqatBTiB7B83IA0yIYMKz7KlCceZ3ZPereJdjamPHN8iJGOgjfksHX |access-date=2025-03-25 |website=TechCrunch |language=en-US}}Cloudflare also launched AI Audit, which provides analytics on AI models scraping their sites (along with the ability to block them altogether).{{cite web |last1=Wheatley |first1=Mike |title=Cloudflare debuts tools for website owners to charge AI companies that scrape their content |url=https://siliconangle.com/2024/09/23/cloudflare-debuts-tools-website-owners-charge-ai-companies-scrape-content/ |website=SiliconANGLE |access-date=14 May 2025 |date=23 September 2024}}

Cloudflare provides free and paid DDoS mitigation services that protect customers from distributed denial of service (DDoS) attacks. Cloudflare received media attention in June 2011 for providing DDoS mitigation for the website of LulzSec, a black hat hacking group.{{Cite web |last=Hesseldahl |first=Arik |date=June 10, 2011 |title=Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers |url=http://allthingsd.com/20110610/web-security-start-up-Cloudflare-gets-buzz-courtesy-of-lulzsec-hackers/ |url-status=dead |archive-url=https://web.archive.org/web/20110612090614/http://allthingsd.com/20110610/web-security-start-up-Cloudflare-gets-buzz-courtesy-of-lulzsec-hackers/ |archive-date=June 12, 2011 |access-date=August 15, 2011 |website=All Things Digital}}

In March 2013, The Spamhaus Project was targeted by a DDoS attack that Cloudflare reported exceeded 300{{nbsp}}gigabits per second (Gbit/s).{{Cite news |last=Storm |first=Darlene |date=March 27, 2013 |title=Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps |work=Computerworld |url=http://www.computerworld.com/article/2474809/cybercrime-hacking/biggest-ddos-attack-in-history-slows-internet--breaks-record-at-300-gbps.html |access-date=August 22, 2019}}{{Cite news |last1=Markoff |first1=John |last2=Perlroth |first2=Nicole |date=March 26, 2013 |title=Online Dispute Becomes Internet-Snarling Attack |work=The New York Times |url=https://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html |access-date=August 22, 2019}} Patrick Gilmore, of Akamai, stated that at the time it was "the largest publicly announced DDoS attack in the history of the Internet". While trying to defend Spamhaus against the DDoS attacks, Cloudflare ended up being attacked as well; Google and other companies eventually came to Spamhaus' defense and helped it to absorb the unprecedented amount of attack traffic.{{cite news |last1=Gayomali |first1=Chris |title=The biggest cyberattack in Internet history is happening right now |url=https://theweek.com/articles/466160/biggest-cyberattack-internet-history-happening-right-now |publisher=The Week |date=9 January 2015}}

In 2014, Cloudflare began providing free DDoS mitigation for artists, activists, journalists, and human rights groups under the name "Project Galileo".{{Cite magazine |last=Newman |first=Lily Hay |date=June 12, 2019 |title=Cloudflare's Five-Year Project to Protect Nonprofits Online |language=en |magazine=Wired |url=https://www.wired.com/story/cloudflare-project-galileo-protect-nonprofits/ |access-date=August 5, 2019 |issn=1059-1028}} In 2017, they extended the service to electoral infrastructure and political campaigns under the name "Athenian Project".{{Cite news |last=Melendez |first=Steven |date=11 June 2020 |title=Amid pandemic and protests, Cloudflare is defending vulnerable websites |publisher=Fast Company |url=https://www.fastcompany.com/90515280/amid-pandemic-and-protests-cloudflare-is-defending-vulnerable-websites |access-date=3 February 2021}}{{Cite news |last=Hatmaker |first=Taylor |date=19 July 2018 |title=Cloudflare Recruits State and Local Governments for Free Election Site Security Programs |publisher=TechCrunch |url=https://techcrunch.com/2018/07/19/cloudflare-athenian-project/ |access-date=28 January 2021}} By 2020, more than 1,000 users and organizations were participating in Project Galileo, including 31 US states.{{Cite web |last=Melendez |first=Steven |date=2020-06-11 |title=Amid pandemic and protests, Cloudflare is defending vulnerable websites |url=https://www.fastcompany.com/90515280/amid-pandemic-and-protests-cloudflare-is-defending-vulnerable-websites |access-date=2021-05-12 |website=Fast Company |language=en-US}}{{Cite web |date=2022-11-03 |title=After a series of cyberattacks, states look to secure election results websites |url=https://www.nbcnews.com/tech/security/states-look-secure-election-results-websites-ahead-midterms-rcna50441 |access-date=2023-08-09 |website=NBC News |language=en}}

In February 2014, Cloudflare claimed to have mitigated an NTP reflection attack against an unnamed European customer, which they stated peaked at 400 Gbit/s.{{cite news |last1=Musil |first1=Steven |title=Record-breaking DDoS attack in Europe hits 400 Gbit/s |url=https://www.cnet.com/news/privacy/record-breaking-ddos-attack-in-europe-hits-400gbps/ |publisher=CNET |date=11 February 2014}}{{Cite news |last=Gallagher |first=Sean |date=February 11, 2014 |title=Biggest DDoS ever aimed at Cloudflare's content delivery network |work=Ars Technica |url=https://arstechnica.com/security/2014/02/biggest-ddos-ever-aimed-at-cloudflares-content-delivery-network/ |access-date=May 17, 2016}} In November 2014, it reported a 500 Gbit/s DDoS attack in Hong Kong.{{Cite news |last=Olson |first=Parmy |date=November 20, 2014 |title=The Largest Cyber Attack in History Has Been Hitting Hong Kong Sites |work=Forbes |url=https://www.forbes.com/sites/parmyolson/2014/11/20/the-largest-cyber-attack-in-history-has-been-hitting-hong-kong-sites/#5b0c02b13fc4 |access-date=August 22, 2019}} In July 2021, the company claimed to have absorbed a DDoS attack three times larger than any they'd previously recorded, which their corporate blog implied was over 1.2 Tbit/s in total.{{Cite web |last=Greig |first=Jonathan |title=Cloudflare says it stopped the largest DDoS attack ever reported |url=https://www.zdnet.com/article/cloudflare-says-it-stopped-the-largest-ddos-attack-ever-reported/ |access-date=2021-11-19 |website=ZDNet |language=en}} In February 2023, Cloudflare reported blocking a 71 million request-per-second DDoS attack which "the company says was the largest HTTP DDoS attack on record".{{cite web |last1=Arghire |first1=Ionut |title=Record-Breaking 71 Million RPS DDoS Attack Seen by Cloudflare |url=https://www.securityweek.com/record-breaking-71-million-rps-ddos-attack-seen-by-cloudflare/ |website=SecurityWeek |access-date=18 February 2023 |date=14 February 2023}}

Cloudflare blocked the largest publicly recorded DDoS attack in October 2024, with volumetric attacks peaking at 5.6 terabits per second.{{Cite web |last=Otto |first=Greg |date=January 22, 2025 |title=Cloudflare detected (and blocked) the biggest DDoS attack on record |url=https://cyberscoop.com/cloudflare-biggest-ddos-attack-mirai-variant-botnet/ |access-date=2024-01-31 |website=cyberscoop.com |language=en-US}}

In 2017, Cloudflare launched Cloudflare Workers, a serverless computing platform for creating new applications, augmenting existing ones, without configuring or maintaining infrastructure. It has expanded to include Workers KV, a low-latency key-value data store; Cron Triggers, for scheduling Cron jobs; and additional tooling for developers to deploy and scale their code across the globe.{{Cite web |title=Cloudflare creates Workers Unbound platform for serverless development |url=https://datacenternews.asia/story/cloudflare-creates-workers-unbound-platform-for-serverless-development |access-date=2021-05-26 |website=datacenternews.asia |language=en}}

In 2020, Cloudflare released a JAMstack platform for developers to deploy websites on Cloudflare's Edge infrastructure, under the name "Pages".{{Cite web |last=Dillet |first=Romain |date=17 December 2020 |title=Cloudflare launches Cloudflare Pages, a platform to deploy and host JAMstack sites |url=https://techcrunch.com/2020/12/17/cloudflare-launches-cloudflare-pages-a-platform-to-deploy-and-host-jamstack-sites/ |access-date=2021-05-26 |publisher=TechCrunch |language=en-US }}

In 2022, Cloudflare announced an Edge SQL database, D1, which is built on SQLite.{{Cite web |title=Cloudflare gets serious about infrastructure services |url=https://techcrunch.com/2022/05/11/with-new-serverless-database-cloudflare-gets-serious-about-infrastructure-services/ |access-date=2022-05-12 |website=TechCrunch |date=May 11, 2022 |language=en-US }}

In August 2023, Cloudflare and IBM announced a partnership providing bot management capabilities to protect IBM Cloud customers from malicious bots and automated threats.{{cite web |last1=Kerner |first1=Sean Michael |title=IBM and Cloudflare partner to protect user sites against malicious bots |url=https://www.sdxcentral.com/articles/news/ibm-and-cloudflare-partner-to-protect-user-sites-against-malicious-bots/2023/08/ |website=SDX Central |date=August 8, 2023 |access-date=13 June 2024}}

Also in August 2023, Cloudflare was hired by SpaceX to boost the performance of Starlink,{{Cite web |date=2023-08-23 |title=SpaceX working with Cloudflare to speed up Starlink service- The Information |url=https://finance.yahoo.com/news/spacex-working-cloudflare-speed-starlink-194833246.html |access-date=2024-05-17 |website=Yahoo Finance |language=en-US}} and in September launched Cloudflare Fonts as a competitor to Google Fonts.{{Cite web |author1=Craig Hale |date=2023-09-27 |title=Cloudflare launches new fight against Google over...fonts? |url=https://www.techradar.com/pro/cloudflare-launches-new-fight-against-google-overfonts |access-date=2024-09-06 |website=TechRadar |language=en}}

In April 2020, Cloudflare announced it was moving away from using reCAPTCHA in favor of hCaptcha.{{Cite web |date=2020-01-08 |title=Cloudflare moves from reCAPTCHA to hCaptcha |url=https://www.thankyourobot.com/2020/04/cloudflare-moves-from-recaptcha-to.html |access-date=2021-02-11 |website=Thank You Robot |language=en-US}} In September 2022, Cloudflare began to test Turnstile – an alternative to CAPTCHA. The product, instead of presenting a visual CAPTCHA for the user to solve, automatizes the verification process by conducting JavaScript-based checks inside the browser to determine whether the user is a real person or an automated entity. The algorithm reportedly uses machine learning to optimize the process.{{cite web |last1=Shakir |first1=Umar |title=Turnstile is Cloudflare's latest attempt to rid the web of CAPTCHAs |url=https://www.theverge.com/2022/9/28/23367035/cloudflare-turnstile-captcha-bot-blocker-beta |website=The Verge |access-date=28 September 2022}} Turnstile is GDPR-compliant, offering a more private alternative to Google's reCAPTCHA, which has been scrutinized for its data collection.{{Cite web |date=2025-03-23 |title=Cloudflare Turnstile vs Google reCAPTCHA [5 Key Differences] |url=https://nexterwp.com/blog/cloudflare-turnstile-vs-google-recaptcha/#Pros-and-Cons-of-Cloudflare-Turnstile |access-date=2025-04-15 |website=nexterwp.com |language=en-US}}

Through a contract with the Cybersecurity and Infrastructure Security Agency, Cloudflare provides registry and authoritative DNS services to the .gov top-level domain.{{Cite web |last=Kass |first=D. Howard |date=2023-01-17 |title=Cloudflare Lands $7.2M Project from CISA for Registry, DNS Services |url=https://www.msspalert.com/cybersecurity-news/cloudflare-lands-7-2m-project-from-cisa-for-registry-dns-services/ |access-date=2023-04-12 |website=MSSP Alert |language=en-US}}

In November 2020, Cloudflare announced Cloudflare for Teams, consisting of a DNS resolver and web gateway called "Gateway", and a zero-trust authentication service called "Access".{{Cite web |date=2020-01-08 |title=Cloudflare for Teams: Protecting corporations without sacrificing performance |url=https://www.helpnetsecurity.com/2020/01/08/cloudflare-for-teams/ |access-date=2021-02-11 |website=Help Net Security |language=en-US}}

Cloudflare announced a partnership with PhonePe in January 2023 to secure its mobile payment system.{{Cite web |date=2023-01-20 |title=Digital payments leader partners with Cloudflare to accelerate, secure monthly mobile payments |url=https://venturebeat.com/data-infrastructure/digital-payments-leader-partners-with-cloudflare-to-accelerate-secure-monthly-mobile-payments/ |access-date=2023-05-08 |website=VentureBeat |language=en-US}} In February, Cloudflare launched Wildebeest to allow Mastodon users to set up and run their own instances on Cloudflare's infrastructure.{{Cite web |last=Porter |first=Jon |date=2023-02-10 |title=Cloudflare wants to help you set up your own Mastodon-compatible server in 'minutes' |url=https://www.theverge.com/2023/2/10/23593966/cloudflare-mastodon-server-wildebeest-instance-fediverse |access-date=2023-07-05 |website=The Verge |language=en-US}}

In August 2023, Cloudflare started the Project Cybersafe Schools program as part of a $20 million grant program from Amazon Web Services, making 70 percent of public school districts in the United States eligible for no-cost cybersecurity services.{{Cite web |title=K-12 Schools Improve Protection Against Online Attacks, But Are Vulnerable to Ransomware |url=https://www.newsnetmedia.com/story/50025852/k12-schools-improve-protection-against-online-attacks-but-are-vulnerable-to-ransomware |access-date=2024-06-27 |website=www.newsnetmedia.com |language=en}}

In March 2024, they announced Firewall for AI to defend applications running large language models (LLMs).{{Cite web |last=Staff |first=S. C. |date=2024-03-05 |title=Cloudflare's Firewall for AI |url=https://www.scmagazine.com/brief/cloudflares-firewall-for-ai |access-date=2024-08-19 |website=SC Media |language=en}}In September, Cloudflare announced Ephemeral IDs, which identifies fraudulent activity by linking behavior to a client through a short-lived, generated ID, rather than the traditional means of using an IP address.{{Cite web |title=Ephemeral IDs: Cloudflare's Latest Tool for Fraud Detection |url=https://www.infoq.com/news/2024/10/cloudflare-ephemeral-id/ |access-date=2025-03-07 |website=InfoQ |language=en}}The same month, the company also announced all ISP and equipment manufacturers could use their DNS resolvers for free.{{cite web |last1=Williams |first1=Mike |title=Best free and public DNS server of 2025 |url=https://www.techradar.com/news/best-dns-server |website=TechRadar |access-date=14 March 2025 |language=en |date=6 November 2024}}

Cloudflare introduced the Cloudforce One threat events platform in March 2025, offering real-time insights into cyberattacks using data gathered from Cloudflare's network.{{cite web |title=Cloudforce One threat events platform provides a real-time view of threat activity |url=https://www.helpnetsecurity.com/2025/03/19/cloudforce-one-threat-events-platform/ |website=Help Net Security |access-date=10 June 2025 |date=19 March 2025}}{{Cite web |date=September 24, 2024 |title=Cloudflare Introduces Threat Intel Team and Commits to Making Precise and Timely Global Threat Research Accessible For Anyone |url=https://www.businesswire.com/news/home/20240924793509/en/Cloudflare-Introduces-Threat-Intel-Team-and-Commits-to-Making-Precise-and-Timely-Global-Threat-Research-Accessible-For-Anyone |access-date=June 10, 2025 |website=Businesswire}}

Cloudflare One, the company's overarching SASE platform, debuted in October 2020.{{Cite web |last=Alspach |first=Kyle |title=Cloudflare expanding into zero-trust network security - Protocol |url=https://www.protocol.com/enterprise/cloudflare-network-security-zero-trust |access-date=2023-05-22 |website=www.protocol.com |date=July 27, 2022 |language=en |archive-date=May 22, 2023 |archive-url=https://web.archive.org/web/20230522162519/https://www.protocol.com/enterprise/cloudflare-network-security-zero-trust |url-status=dead }}

Cloudflare One announced the acquisition of Area 1 Security in February 2022, a company who developed a product designed to combat phishing email attacks.{{cite news |last1=Williams |first1=Joe |title=Cloudflare to Buy Area 1 Security in Push to Protect Against Phishing Emails |url=https://www.bloomberg.com/news/articles/2022-02-23/cloudflare-to-buy-area-1-security-in-biggest-acquisition |access-date=6 May 2024 |newspaper=Bloomberg|date=February 23, 2022 }}

Cloudflare One announced the acquisition of Nefeli Networks in March 2024, a cloud networking company, co-founded by computer scientist Sylvia Ratnasamy.

In 2019, Cloudflare released a VPN service called WARP,{{Cite web|url=https://www.engadget.com/2019/04/01/cloudflares-privacy-focused-dns-app-adds-a-free-vpn/|title=Cloudflare's privacy-focused DNS app adds a free VPN|last=Khalid|first=Amrita|date=April 2, 2019|website=Engadget|url-status=live|archive-url=https://web.archive.org/web/20190402052051/https://www.engadget.com/2019/04/01/cloudflares-privacy-focused-dns-app-adds-a-free-vpn/|archive-date=April 2, 2019|access-date=April 2, 2019}}{{Cite web|url=https://www.pcmag.com/news/370979/cloudflare-finally-launches-warp-but-its-not-a-mobile-vpn|title=Cloudflare Finally Launches Warp, But It's Not a Mobile VPN|last=Humphries|first=Matthew|date=September 26, 2019|website=PCMag|language=en|access-date=2022-11-19}} and open sourced the custom underlying WireGuard implementation written in Rust.{{Cite web|url=https://blog.cloudflare.com/boringtun-userspace-wireguard-rust/|title=BoringTun, a userspace WireGuard implementation in Rust|last=Krasnov|first=Vlad|date=2018-12-18|website=Cloudflare Blog|language=en-US|access-date=2019-03-29|archive-url=https://web.archive.org/web/20190404164726/https://blog.cloudflare.com/boringtun-userspace-wireguard-rust/|archive-date=4 April 2019|url-status=live|df=dmy-all}}{{cite web|title=CloudFlare Launches "BoringTun" As Rust-Written WireGuard User-Space Implementation|url=https://www.phoronix.com/scan.php?page=news_item&px=CloudFlare-BoringTun-WireGuard|website=phoronix.com|access-date=29 March 2019}}

In January 2021, the company began providing its "Waiting Room" digital queue product for free for COVID-19 vaccination scheduling under the title "Project Fair Shot".{{Cite news |last=Etherington |first=Darrell |date=22 January 2021 |title=Cloudflare introduces free digital waiting rooms for any organizations distributing COVID-19 vaccines |url=https://techcrunch.com/2021/01/22/cloudflare-introduces-free-digital-waiting-rooms-for-any-organizations-distributing-covid-19-vaccines/ |access-date=2021-05-12 |publisher=TechCrunch |language=en-US}} Project Fair Shot later won a Webby People's Choice Award in 2022 for Event Management under the Apps & Software category.{{cite web |title=Cloudflare's Project Fair Shot |url=https://winners.webbyawards.com/2022/apps-and-software/software-services-platforms/event-management/220961/cloudflares-project-fair-shot |website=Webby Awards |access-date=26 May 2022 |language=en}}

In March 2023, Cloudflare announced post-quantum cryptography will be made freely and forever available to cloud services, applications and Internet connections.{{cite web|url=https://blog.cloudflare.com/post-quantum-crypto-should-be-free/|title=Post-quantum crypto should be free, so we're including it for free, forever|work=The Cloudflare Blog |date=March 16, 2023}}

Cloudflare released the Speed Brain and Instant Purge features in September 2024, to significantly reduce page load latency by prefetching content, and invalidating cached content in under 150ms.{{cite web |last1=Hansa |first1=Umar |title=Cloudflare Speed Brain: What You Need to Know |url=https://www.debugbear.com/blog/cloudflare-speed-brain |website=DebugBear |access-date=19 June 2025 |language=en |date=26 September 2024}}

In 2024, Cloudflare announced plans to launch a new payment method, called Stripe Link, which went into beta in the fall.{{Cite web |title=Stripe partners with Nvidia, Pepsi and Rivian {{!}} Payments Dive |url=https://www.paymentsdive.com/news/stripe-partners-with-nvidia-pepsi-and-rivian/729594/ |access-date=2025-04-02 |website=www.paymentsdive.com |language=en-US}}

On June 1, 2012, the hacker group UGNazi compromised some of Cloudflare CEO Matthew Prince's accounts and redirected visitors of the website 4chan to a Twitter account belonging to UGNazi. They allegedly used social engineering to trick AT&T support staff into giving them access to Prince's voicemail, then exploited a vulnerability in Cloudflare's use of Google's two-factor authentication system. Once in control of Prince's email account, UGNazi was able to redirect the 4chan domain through Cloudflare's database.{{Cite web |last=Simcoe |first=Luke |date=June 14, 2012 |title=The 4chan breach: How hackers got a password through voicemail |url=https://www.macleans.ca/society/technology/the-4chan-breach-how-hackers-got-a-password-through-voicemail/ |url-status=live |archive-url=https://web.archive.org/web/20140115142529/https://www.macleans.ca/2012/06/14/the-4chan-breach-how-hackers-got-a-password-through-voicemail/ |archive-date=January 15, 2014 |access-date=August 22, 2019 |website=Maclean's}}{{Cite web |last=Smith |first=Ms. |date=June 3, 2012 |title=Hacktivists UGNazi attack 4chan, Cloudflare and Wounded Warrior Project |url=http://www.networkworld.com/community/blog/hacktivists-ugnazi-attack-4chan-Cloudflare-and-wounded-warrior-project |url-status=dead |archive-url=https://web.archive.org/web/20131112193000/http://www.networkworld.com/community/blog/hacktivists-ugnazi-attack-4chan-Cloudflare-and-wounded-warrior-project |archive-date=November 12, 2013 |access-date=August 22, 2019 |website=Privacy and Security Fanatic |publisher=NetworkWorld}}

{{further|Cloudbleed}}

From September 2016 until February 2017, a major Cloudflare bug nicknamed Cloudbleed{{Cite news |last=Molina |first=Brett |date=February 28, 2017 |title=Cloudfare bug: Yes, you should change your passwords |work=USA Today |url=https://www.usatoday.com/story/tech/talkingtech/2017/02/28/cloudfare-cloudbleed-bug-change-your-passwords/98519794/ |access-date=March 1, 2017}} leaked sensitive data, including passwords and authentication tokens, from customer websites by sending extra data in response to web requests.{{Cite web |last=Conger |first=Kate |date=February 23, 2017 |title=Major Cloudflare bug leaked sensitive data from customers' websites |url=https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/ |access-date=August 22, 2019 |publisher=TechCrunch}}

{{Over-quotation|section=y|many=y|date=April 2025}}

Cloudflare has said that it has a content neutrality policy and that it opposes the policing of its customers on free speech grounds, except in cases where the customers break the law.{{Cite news |last=Hill |first=Kashmir |date=17 August 2014 |title=The Company Keeping Your Favorite (And Least Favorite) Websites Online |work=Forbes |url=https://www.forbes.com/sites/kashmirhill/2014/07/30/cloudflare-protection/?sh=ac906f414555 |access-date=15 September 2021}}{{Cite news |last=Peterson |first=Becky |date=17 August 2017 |title=Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet' |work=Business Insider |url=https://www.businessinsider.com/the-daily-stormer-got-pushed-offline-by-hackers-2017-8 |access-date=15 September 2021}} The company has faced criticism for not banning hate speech websites and websites allegedly connected to terrorism groups,{{Cite news |date=19 November 2015 |title=Web services firm CloudFlare accused by Anonymous of helping Isis |work=The Guardian |url=https://www.theguardian.com/technology/2015/nov/19/cloudflare-accused-by-anonymous-helping-isis |access-date=15 September 2021 |quote=The week before the Paris attacks, Ghost Security counted almost 40 ISIS websites that use Cloudflare's services.}} but Cloudflare has maintained that no law enforcement agency has asked the company to discontinue these services and it closely monitors its obligations under U.S. laws.{{Cite news |date=18 November 2015 |title=CloudFlare CEO blasts Anonymous claims of ISIS terrorist support |work=The Register |url=https://www.theregister.com/2015/11/18/cloudflare_ceo_rubbishes_anonymous_claims_of_terrorist_support/ |access-date=16 September 2021}}

In 2022, a research paper by Stanford University found that Cloudflare was a prominent CDN provider among several other providers that are disproportionately responsible for serving misinformation websites.{{cite journal |last1=Han |first1=Catherine |last2=Kumar |first2=Deepak |last3=Durumeric |first3=Zakir |title=On the Infrastructure Providers That Support Misinformation Websites |journal=Proceedings of the International AAAI Conference on Web and Social Media |date=May 31, 2022 |volume=16 |pages=287–298 |doi=10.1609/icwsm.v16i1.19292 |s2cid=237300450 |url=https://ojs.aaai.org/index.php/ICWSM/article/view/19292 |access-date=August 27, 2022|doi-access=free }}{{Cite magazine|title=Cloudflare Is One of the Companies That Quietly Powers the Internet. Researchers Say It's a Haven for Misinformation|url=https://time.com/6208828/cloudflare-misinformation-internet-research/|date=August 26, 2022|access-date=August 27, 2022|first1=Chris|last1=Stokel-Walker| language=en|magazine=Time}} Cloudflare has come under pressure on multiple occasions due to its services being utilized to access far-right content.{{Cite web |last=Lee |first=Timothy B. |date=December 4, 2017 |title=Cloudflare's CEO has a plan to never censor hate speech again |url=https://arstechnica.com/tech-policy/2017/12/cloudflares-ceo-has-a-plan-to-never-censor-hate-speech-again/ |access-date=August 5, 2019 |website=Ars Technica}}

Cloudflare provided DNS routing and DDoS protection for the white supremacist and neo-Nazi website, The Daily Stormer. In 2017 Cloudflare stopped providing its services to The Daily Stormer after an announcement on the website asserted that the upper echelons of Cloudflare were "secretly supporters of their ideology".{{Cite magazine |last=Johnson |first=Steven |date=January 16, 2018 |title=Inside Cloudflare's Decision to Let an Extremist Stronghold Burn |url=https://www.wired.com/story/free-speech-issue-cloudflare/ |access-date=August 5, 2019 |magazine=Wired |issn=1059-1028}} {{Subscription required}}

Previously, Cloudflare had refused to take any action regarding The Daily Stormer. Founder Matthew Prince said he found the website's content "vile", but regretted he alone could "decide its fate".{{Cite web |last=Peterson |first=Becky |title=Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet' |url=https://www.businessinsider.com/the-daily-stormer-got-pushed-offline-by-hackers-2017-8 |access-date=2023-05-15 |website=Business Insider |language=en-US}} He told Business Insider: "The ability of somebody to single-handedly choose to knock content offline doesn’t align with core ideas of due process or justice. Whether that’s a national government launching attacks or an individual launching attacks."

As a self-described "free speech absolutist", Prince claimed he did not want to repeat the decision, and sought out protections for the company should they be faced with a similar situation in the future. Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern that is shared by a number of civil liberties groups and privacy experts.{{Cite journal |last=Citron |first=Danielle Keats |date=November 28, 2017 |title=What to Do about the Emerging Threat of Censorship Creep on the Internet |url=https://object.cato.org/sites/cato.org/files/pubs/pdf/pa-828.pdf |journal=Policy Analysis |volume=282 |pages=3–4 |via=Cato.org}}{{Cite web |last=Keller |first=Daphne |date=August 15, 2017 |title=The Daily Stormer, Online Speech, and Internet Registrars |url=https://cyberlaw.stanford.edu/blog/2017/08/daily-stormer-online-speech-and-internet-registrars |access-date=August 6, 2019 |website=Stanford Center for Internet and Society |publisher=Stanford Law School}}{{Cite news |last=Shaban |first=Hamza |date=August 18, 2017 |title=Banning neo-Nazis online may be slippery slope, tech group warns Silicon Valley |newspaper=The Washington Post |url=https://www.washingtonpost.com/news/the-switch/wp/2017/08/18/banning-neo-nazis-online-may-be-slippery-slope-tech-group-warns-silicon-valley/ |access-date=August 6, 2019}} The Electronic Frontier Foundation, a US digital rights group, said that services such as Cloudflare "should not be adjudicating what speech is acceptable", adding that "when illegal activity, like inciting violence or defamation, occurs, the proper channel to deal with it is the legal system".

In 2019, Cloudflare was criticized for providing services to the far-right discussion and imageboard 8chan. The message board has been linked to mass shootings in the United States and the Christchurch mosque shootings in New Zealand.{{Cite news |last=Roose |first=Kevin |date=August 4, 2019 |title=8chan Is a Megaphone for Gunmen. 'Shut the Site Down,' Says Its Creator. |work=The New York Times |url=https://www.nytimes.com/2019/08/04/technology/8chan-shooting-manifesto.html |access-date=August 5, 2019}} In addition, a number of news organizations including The Washington Post and The Daily Dot have reported on the existence of child pornography and child sexual abuse discussion boards.{{Cite web |last=O'Neill |first=Patrick Howell |date=November 17, 2014 |title=8chan, the central hive of Gamergate, is also an active pedophile network |url=https://www.dailydot.com/layer8/8chan-pedophiles-child-porn-gamergate/ |access-date=August 5, 2019 |website=The Daily Dot}}{{Cite web |last=Machkovech |first=Sam |date=August 17, 2015 |title=8chan-hosted content disappears from Google searches: Domain-specific searches contain warning about "suspected child abuse content" |url=https://arstechnica.com/tech-policy/2015/08/8chan-hosted-content-disappears-from-google-searches/ |access-date=August 5, 2019 |website=Ars Technica}}{{Cite news |last=Dewey |first=Caitlin |date=January 13, 2015 |title=This is what happens when you create an online community without any rules |newspaper=The Washington Post |url=https://www.washingtonpost.com/news/the-intersect/wp/2015/01/13/this-is-what-happens-when-you-create-an-online-community-without-any-rules/ |access-date=August 22, 2019}}

A Cloudflare representative said that the platform "does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content".{{Cite news |date=October 22, 2019 |title=Cloudflare embroiled in child abuse row |work=BBC News |url=https://www.bbc.com/news/technology-50138970 |access-date=November 15, 2019}} Cloudflare did not terminate service to 8chan until public and legal pressure mounted in the wake of the 2019 El Paso shooting, in which the associated manifesto was published to 8chan.{{Cite news |last=Uebele |first=Hannah |date=August 6, 2019 |title=El Paso: When Freedom Of Speech Turns Violent |work=WGBH |url=https://www.wgbh.org/news/national-news/2019/08/06/el-paso-when-freedom-of-speech-turns-violent |access-date=2021-06-06}}{{Cite news |last=Collins |first=Ben |date=August 4, 2019 |title=Investigators 'reasonably confident' Texas suspect left anti-immigrant screed |work=NBC News |url=https://www.nbcnews.com/news/us-news/investigators-reasonably-confident-texas-suspect-left-anti-immigrant-screed-tipped-n1039031 |access-date=August 22, 2019}} In an interview with The Guardian immediately after the shooting, CEO Matthew Prince defended Cloudflare's support of 8chan, saying that he had a "moral obligation" to keep 8chan online.{{Cite news |last=Wong |first=Julia Carrie |author-link=Julia Carrie Wong |date=August 3, 2019 |title=8chan: the far-right website linked to the rise in hate crimes |work=The Guardian |location=London |url=https://www.theguardian.com/technology/2019/aug/04/mass-shootings-el-paso-texas-dayton-ohio-8chan-far-right-website |access-date=August 3, 2019}}

On August 5, 2019, Cloudflare terminated service to 8chan.{{Cite web | url=https://blog.cloudflare.com/terminating-service-for-8chan/ | title=Terminating Service for 8Chan | work=The Cloudflare Blog | date=August 5, 2019 }} Following this, 8chan moved its forums from the clearnet to the dark web.{{Cite web | url=https://www.theverge.com/2019/8/5/20754943/8chan-epik-offline-voxility-service-cutoff-hate-speech-ban | title=8chan goes dark after hardware provider discontinues service | date=August 5, 2019 |website=The Verge}} Cloudflare explained that 8chan "have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit."{{Cite news |last=Wong |first=Julia Carrie |date=2019-08-05 |title=8chan: the far-right website linked to the rise in hate crimes |language=en-GB |work=The Guardian |url=https://www.theguardian.com/technology/2019/aug/04/mass-shootings-el-paso-texas-dayton-ohio-8chan-far-right-website |access-date=2023-04-30 |issn=0261-3077}} Prince said that what happened in El Paso was "abhorrent in every possible way", removing 8chan from the Internet was "the right thing to do".{{Cite web |last=Kelly |first=Makena |date=2019-08-05 |title=Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks |url=https://www.theverge.com/2019/8/4/20754310/cloudflare-8chan-fredrick-brennan-ddos-attack |access-date=2023-06-16 |website=The Verge |language=en-US}}

{{See also|Kiwi Farms#Terminations of service}}

Cloudflare provided DDoS mitigation and acted as a reverse proxy for Kiwi Farms, a far-right{{cite web | url=https://www.vice.com/en/article/keffals-kiwi-farms/ | title=Inside Keffals' Battle to Bring Down Kiwi Farms | date=September 7, 2022 }}{{cite web | url=https://www.theguardian.com/technology/2022/sep/07/techscape-kiwi-farms-cloudflare | title=TechScape: How Kiwi Farms, the worst place on the web, was shut down | website=TheGuardian.com | date=September 7, 2022 }} Internet forum dedicated to discussion and trolling of online figures or communities. The site often engages in harassment and doxxing of targets{{Cite web |last1=Pless |first1=Margaret |title=Kiwi Farms, the Web's Biggest Community of Stalkers |url=https://nymag.com/intelligencer/2016/07/kiwi-farms-the-webs-biggest-community-of-stalkers.html |website=Intelligencer |publisher=New York Magazine |access-date=31 August 2022 |archive-url=https://web.archive.org/web/20220831184007/https://nymag.com/intelligencer/2016/07/kiwi-farms-the-webs-biggest-community-of-stalkers.html |archive-date=August 31, 2022 |date=July 19, 2016 |url-status=live}} and has been implicated in the suicides of at least three people.{{Cite web |last=Baj |first=Lavender |date=July 13, 2021 |title=Kiwi Farms Has 14 Days To Find A New Domain Host After Being Booted Off DreamHost |url=https://www.kotaku.com.au/2021/07/kiwi-farms-domain-registrar/ |archive-url=https://ghostarchive.org/archive/20211001/https://www.kotaku.com.au/2021/07/kiwi-farms-domain-registrar/ |archive-date=October 1, 2021 |url-status=dead |access-date=July 13, 2021 |website=Kotaku Australia |language=en-AU}}{{Cite web |last=Wodinsky |first=Shashona |date=June 29, 2021 |title=The Worst Site on the Web Gets DDoS'd After Being Connected to Prominent Developer's Suicide |url=https://gizmodo.com/the-worst-site-on-the-web-gets-ddosd-after-being-connec-1847196197 |url-status=live |access-date=August 31, 2022 |website=Gizmodo |language=en-us |archive-date=June 29, 2021 |archive-url=https://web.archive.org/web/20210629232418/https://gizmodo.com/the-worst-site-on-the-web-gets-ddosd-after-being-connec-1847196197}}{{Cite web |last=Colombo |first=Charlotte |date=August 3, 2021 |title=Kiwi Farms, the forum that has been linked to 3 suicides, was made to troll Chris Chan years before she was arrested on an incest charge |url=https://www.insider.com/chris-chan-arrest-what-is-kiwifarms-the-forum-exposed-her-2021-8 |archive-url=https://ghostarchive.org/archive/20211001/https://www.insider.com/chris-chan-arrest-what-is-kiwifarms-the-forum-exposed-her-2021-8 |archive-date=October 1, 2021 |url-status=live|access-date=August 31, 2022 |website=Insider |language=en-US}} Kiwi Farms also has a reputation for transphobic content, and its users have been accused of swatting vulnerable individuals.{{Cite web |last=Goforth |first=Claire |date=August 22, 2022 |title=Pressure grows on Cloudflare to drop Kiwi Farms after latest doxing campaign |url=https://www.dailydot.com/debug/kiwi-farms-cloudflare-keffals/ |access-date=August 23, 2022 |website=The Daily Dot |language=en-US}}{{Cite web |last=Cole |first=Samantha |date=August 23, 2022 |title=People Are Demanding That Cloudflare Drop Kiwi Farms |url=https://www.vice.com/en/article/people-are-demanding-that-cloudflare-drop-kiwi-farms/ |access-date=August 24, 2022 |website=Vice |language=en-US}}{{cite web |last1=Rosenberg |first1=Scott |title=Campaign pushes Cloudflare to drop trans hate site |url=https://www.axios.com/2022/08/25/cloudflare-trans-hate-site-kiwi-farms |website=Axios |access-date=25 August 2022 |archive-url=https://web.archive.org/web/20220825224047/https://www.axios.com/2022/08/25/cloudflare-trans-hate-site-kiwi-farms |archive-date=August 25, 2022 |date=August 25, 2022 |url-status=live}}{{cite web|title=As Twitch Streamer Flees, Pressure Mounts On Cloudflare To Stop Protecting Controversial Kiwi Farms Site|url=https://kotaku.com/twitter-drop-kiwi-farms-hashtag-cloudflare-keffals-1849451829|website=Kotaku|access-date=26 August 2022|date=25 August 2022|last1=Bardhan|first1=Ashley}} Although Cloudflare was not the primary website host, they did perform critical services to keep Kiwi Farms on-line, both protecting the site from denial-of-service attacks and optimizing content delivery.{{cite web |last1=Czachor |first1=Emily Mae |title=Cloudflare indicates services will continue for controversial website Kiwi Farms |url=https://www.cbsnews.com/news/cloudflare-abuse-policy-kiwi-farms-harassment-clara-sorrenti-keffals/ |website=CBS News |access-date=2 September 2022 |archive-url=https://web.archive.org/web/20220902034204/https://www.cbsnews.com/news/cloudflare-abuse-policy-kiwi-farms-harassment-clara-sorrenti-keffals/ |archive-date=September 2, 2022 |date=September 1, 2022 |url-status=live}}{{cite web |last1=Claburn |first1=Thomas |title=Cloudflare tries to explain why it protects far-right forums that stalk and harass victims |url=https://www.theregister.com/2022/08/31/cloudflare_kiwi_farm/ |website=The Register |access-date=2 September 2022 |archive-url=https://web.archive.org/web/20220902085145/https://www.theregister.com/2022/08/31/cloudflare_kiwi_farm/ |archive-date=September 2, 2022 |date=August 31, 2022 |quote=... the company continues to provide security – its reverse proxy service – that helps Kiwi Farms defend against denial of service attacks and keeps the web forum online. |url-status=live}}

In 2022, a campaign was launched by transgender activist Clara Sorrenti, who has previously been targeted by the forum, to pressure Cloudflare into terminating service for Kiwi Farms.{{cite web |last1=D'Anastasio |first1=Cecilia |title=Cloudflare Urged to Cut Ties to Site That Promotes Harassment |url=https://www.bloomberg.com/news/articles/2022-08-30/cloudflare-urged-to-cut-ties-to-site-that-promotes-harassment |website=Bloomberg |access-date=30 August 2022 |archive-url=https://web.archive.org/web/20220903105657/https://www.bloomberg.com/news/articles/2022-08-30/cloudflare-urged-to-cut-ties-to-site-that-promotes-harassment |archive-date=September 3, 2022 |date=August 30, 2022 |url-status=live }}{{cite web |last1=Gilbert |first1=David |title=Inside Keffals' Battle to Bring Down Kiwi Farms |url=https://www.vice.com/en/article/keffals-kiwi-farms/ |website=Vice News |access-date=8 September 2022 |archive-url=https://web.archive.org/web/20220908020330/https://www.vice.com/en/article/xgyagd/keffals-kiwi-farms |archive-date=September 8, 2022 |date=September 7, 2022 |url-status=live}} Cloudflare responded by issuing a statement on its abuse policies and saying it didn't want to set precedent for speech on the internet with its "extraordinary" decision.{{cite web |last1=Tenbarge |first1=Kat |last2=Abbruzzese |first2=Jason |last3=Collins |first3=Ben |title=Internet services company Cloudflare blocks Kiwi Farms citing 'targeted threats' |url=https://www.nbcnews.com/tech/tech-news/cloudflare-provided-security-services-kiwi-farms-blocks-website-rcna46219 |website=NBC News |publisher=NBC |access-date=24 July 2023 |language=en |date=3 September 2022}}

The company also released a blog post{{cite web |title=Cloudflare's abuse policies & approach |url=https://blog.cloudflare.com/cloudflares-abuse-policies-and-approach/ |website=The Cloudflare Blog |publisher=Cloudflare |access-date=21 February 2023 |ref=CFAUG2022 |language=en |date=31 August 2022}} and likened their services to that of a public utility, emphasizing that they do not believe in shutting down security services based on content they find objectionable. They acknowledged that while it might be more popular to remove sites that the Cloudflare team finds offensive, they stood by their decision not to do so.{{cite web |last1=Alspach |first1=Kyle |title=Cloudflare probably won't terminate services for 'despicable' sites |url=https://www.protocol.com/bulletins/cloudflare-service-termination-kiwi-farms |website=Protocol |access-date=31 August 2022 |archive-url=https://web.archive.org/web/20220831210230/https://www.protocol.com/bulletins/cloudflare-service-termination-kiwi-farms |archive-date=August 31, 2022 |date=August 31, 2022 |url-status=live}}{{cite web |last1=D'Anastasio |first1=Cecilia |title=Cloudflare Hints It Won't Cut Ties to Site Linked to Harassment |url=https://www.bnnbloomberg.ca/cloudflare-hints-it-won-t-cut-ties-to-site-linked-to-harassment-1.1812952 |website=BNN Bloomberg |access-date=31 August 2022 |archive-url=https://web.archive.org/web/20220831205402/https://www.bnnbloomberg.ca/cloudflare-hints-it-won-t-cut-ties-to-site-linked-to-harassment-1.1812952 |archive-date=August 31, 2022 |date=August 31, 2022 |url-status=live}} The company also defended their decision by saying that they donated all earnings from anti-LGBTIQ+ sites to an organization that advocated for LGBTIQ+ rights.{{cite web |last1=Taylor |first1=Josh |title=Cloudflare defends providing security services to trans trolling website Kiwi Farms |url=https://www.theguardian.com/technology/2022/sep/01/cloudflare-defends-providing-security-services-to-trans-trolling-website-kiwi-farms |website=The Guardian |access-date=2 September 2022 |archive-url=https://web.archive.org/web/20220902052308/https://www.theguardian.com/technology/2022/sep/01/cloudflare-defends-providing-security-services-to-trans-trolling-website-kiwi-farms |archive-date=September 2, 2022 |date=September 1, 2022 |url-status=live}} The blog post mentioned Cloudflare's terms of use agreement, which allows them to terminate service due to "content that discloses sensitive personal information, [and] incites or exploits violence against people" but, according to The Guardian, the statement did not address how Kiwi Farms users' doxxing behavior did not violate these terms.

On September 3, 2022, Cloudflare blocked Kiwi Farms, citing urgent escalating rhetoric against targets of Kiwi Farms, stating that there is an "unprecedented emergency and immediate threat to human life". According to The Washington Post, there was a "surge in credible violent threats stemming from the site" and CEO Matthew Prince said that Cloudflare believes "there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don't think is fast enough to keep up".{{cite news |last1=Menn |first1=Joseph |last2=Lorenz |first2=Taylor |title=Under pressure, security firm Cloudflare drops Kiwi Farms website |url=https://www.washingtonpost.com/technology/2022/09/03/cloudflare-drops-kiwifarms/ |newspaper=The Washington Post |access-date=3 September 2022 |archive-url=https://web.archive.org/web/20220903222349/https://www.washingtonpost.com/technology/2022/09/03/cloudflare-drops-kiwifarms/ |archive-date=September 3, 2022 |date=September 3, 2022 |url-status=live}}{{cite web |last1=Prince |first1=Matthew |title=Blocking Kiwifarms |url=https://blog.cloudflare.com/kiwifarms-blocked/ |website=Cloudflare |access-date=3 September 2022 |archive-url=https://web.archive.org/web/20220903221655/https://blog.cloudflare.com/kiwifarms-blocked/ |archive-date=September 3, 2022 |date=September 3, 2022 |url-status=live}}{{cite web |last1=Tenbarge |first1=Kat |last2=Abbruzzese |first2=Jason |last3=Collins |first3=Ben |title=Internet services company Cloudflare blocks fringe message board Kiwi Farms citing 'targeted threats' |url=https://www.nbcnews.com/tech/tech-news/cloudflare-provided-security-services-kiwi-farms-blocks-website-rcna46219 |website=NBC News |access-date=4 September 2022 |archive-url=https://web.archive.org/web/20220904004316/https://www.nbcnews.com/tech/tech-news/cloudflare-provided-security-services-kiwi-farms-blocks-website-rcna46219 |archive-date=September 4, 2022 |date=September 3, 2022 |url-status=live}}

Switter was a social media network for the sex worker community, built by Australia-based company Assembly Four on Mastodon's open-source software, before Cloudflare dropped Switter as a client and ceased services in April 2018, citing terms of service violations.{{cite web |last1=Cole |first1=Samantha |date=April 19, 2018 |title=Cloudflare: FOSTA Was a 'Very Bad Bill' That's Left the Internet's Infrastructure Hanging |url=https://www.vice.com/en/article/cloudflare-switter-down-fosta-sesta/ |url-status=live |archive-url=https://web.archive.org/web/20220902204019/https://www.vice.com/en/article/9kgvga/cloudflare-switter-down-fosta-sesta |archive-date=September 2, 2022 |access-date=2 September 2022 |website=Vice News}}{{cite web |last1=O'Donovan |first1=Caroline |date=April 16, 2018 |title=Trump Just Signed A Law That Helped Create A New Twitter For Sex Workers |url=https://www.buzzfeednews.com/article/carolineodonovan/sex-workers-twitter-switter-mastodon-alternative-social |url-status=live |archive-url=https://web.archive.org/web/20220902234411/https://www.buzzfeednews.com/article/carolineodonovan/sex-workers-twitter-switter-mastodon-alternative-social |archive-date=September 2, 2022 |access-date=2 September 2022 |website=BuzzFeed News |publisher=BuzzFeed}} This occurred shortly after the passage of FOSTA/SESTA, a set of bills criminalizing websites that facilitate or support sex trafficking in 2018. SESTA weakened protections for Internet infrastructure companies and was criticized on free speech grounds due to concerns about disproportionate impact and disruptions to the lives of sex workers.{{cite news |date=19 April 2018 |title=Cloudflare Just Banned a Social Media Refuge for Thousands of Sex Workers |publisher=Vice News |url=https://www.vice.com/en/article/switter-down-cloudflare-banned-sex-workers-sesta-fosta/}}{{cite web |last1=Romano |first1=Aja |date=2 July 2018 |title=A new law intended to curb sex trafficking threatens the future of the internet as we know it |url=https://www.vox.com/culture/2018/4/13/17172762/fosta-sesta-backpage-230-internet-freedom |access-date=1 September 2022 |website=Vox}}{{cite web |last1=McSherry |first1=Corynne |last2=York |first2=Jillian C. |title=The Internet Is Not Facebook: Why Infrastructure Providers Should Stay Out of Content Policing |url=https://www.eff.org/deeplinks/2022/10/internet-not-facebook-why-infrastructure-providers-should-stay-out-content |website=Electronic Frontier Foundation |access-date=16 August 2023 |language=en |date=13 October 2022}}

Cloudflare said the move was "related to our attempts to understand FOSTA, which is a very bad law and [sets] a very dangerous precedent".{{cite news |date=18 April 2018 |title=Cloudflare and FOSTA/SESTA |publisher=Assembly Four |url=https://assemblyfour.com/switter/cloudflare-fosta-sesta}} Assembly Four said that "Given Cloudflare's previous stances of privacy and freedom, as well as fighting alongside the EFF, we had hoped they would take a stand against FOSTA/SESTA".

In 2015, testimony to the United States House Committee on Foreign Affairs, it was reported that two of the top three online chat forums and nearly forty other web sites belonging to the Islamic State of Iraq and the Levant (ISIL) were guarded by Cloudflare.{{Cite web |last=Kohlmann |first=Evan F. |date=January 27, 2015 |title=Charlie Hebdo and the Jihadi Online Network: Assessing the Role of American Commercial Social Media Platforms |url=http://docs.house.gov/meetings/FA/FA18/20150127/102855/HHRG-114-FA18-Wstate-KohlmannE-20150127.pdf |access-date=August 22, 2019 |publisher=United States House of Representatives}}

In 2018, The Huffington Post documented that Cloudflare provided services for "at least 7 terrorist groups", as designated by the United States Department of State including Al-Shabaab, the Taliban, the Popular Front for the Liberation of Palestine, the al-Quds Brigades, the Kurdistan Workers' Party (PKK), the al-Aqsa Martyrs' Brigades, and Hamas. At the time, Cloudflare's general counsel, Doug Kramer, told The Huffington Post that he couldn't comment on specific cases in which Cloudflare was told about possible terrorist organizations using its services, but that Cloudflare does work with government agencies to be in compliance with its legal obligations.

In September 2019, Cloudflare reported in their Form S-1 filing that their technology was "used by, or for the benefit of, certain individuals or entities" that were blacklisted due to United States economic and trade sanctions regulations",{{cite news |last1=Sun |first1=Mengqi |title=Cloud-Services Company Cloudflare Discloses Potential Sanctions Violations |url=https://www.wsj.com/articles/cloud-services-company-cloudflare-discloses-potential-sanctions-violations-11568152033 |access-date=4 March 2023 |work=Wall Street Journal |date=10 September 2019}} including "entities identified in OFAC’s counter-terrorism and counter-narcotics trafficking sanctions programs, or affiliated with governments currently subject to comprehensive U.S. sanctions".{{cite news |last1=Stone |first1=Jeff |title=Cloudflare may have provided service to terrorists, drug traffickers in violation of U.S. sanctions |url=https://cyberscoop.com/cloudflare-ipo-terrorism-narcotics/ |access-date=4 March 2023 |work=CyberScoop |date=11 September 2019}}

Cloudflare has been cited in reports by The Spamhaus Project, an international spam tracking organization, for the high numbers of cybercriminal botnet operations hosted by Cloudflare.{{Cite web |title=Spamhaus Botnet Threat Report Q1-2020, ISPs hosting botnet C&Cs |url=https://www.spamhaus.org/news/article/798/spamhaus-botnet-threat-update-q1-2020 |access-date=May 1, 2020 |website=The Spamhaus Project}}{{Cite web |date=July 16, 2017 |title=Cloudflare and Spamhaus |url=https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/ |access-date=February 28, 2017 |publisher=Word to the Wise}}{{Cite web |title=The Spamhaus Project |url=https://www.spamhaus.org/sbl/listings/cloudflare.com |access-date=September 30, 2019 |website=The Spamhaus Project}} An October 2015 report found that Cloudflare provisioned 40% of the SSL certificates used by typosquatting phishing sites, which use deceptive domain names resembling those of banks and payment processors to compromise Internet users' banking and other transactions.{{Cite news |last=Edgecombe |first=Graham |date=October 12, 2015 |title=Certificate authorities issue SSL certificates to fraudsters |work=Netcraft |url=http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html |access-date=October 14, 2015}} Cloudflare has been criticized for having a conflict of interest by providing DDoS protection to both the operators and victims of "stresser" services.{{cite web |last1=Krebs |first1=Brian |title=Spreading the DDoS Disease and Selling the Cure – Krebs on Security |url=https://krebsonsecurity.com/2016/10/spreading-the-ddos-disease-and-selling-the-cure/ |access-date=11 October 2023 |date=20 October 2016}}{{cite web |last1=Team |first1=SecureWorld News |title=Is this OK? DDoS Defense Vendor Protected World's Largest DDoS-for-Hire Site |url=https://www.secureworld.io/industry-news/does-cloudflare-protect-ddos-sites |website=www.secureworld.io |language=en-us |date=3 May 2018 |access-date=11 October 2023}}

In 2018, Cloudflare was identified by the European Union's Counterfeit and Piracy Watch List as a "notorious market" which engages in, facilitates, or benefits from counterfeiting and piracy. The report noted that Cloudflare hides and anonymizes the operators of 40% of the world's pirate sites, and 62% of the 500 largest such sites, and "does not follow due diligence when opening accounts for websites to prevent illegal sites from using its services".{{Cite web |date=2018-12-07 |title=Counterfeit and Piracy Watch List |url=https://torrentfreak.com/images/tradoc_157564.pdf |access-date=16 July 2021 |publisher=European Commission }}{{Cite web |last=Maxwell |first=Andy |date=2018-12-10 |title=New EU Piracy Watchlist Targets Key Pirate Sites and Cloudflare |url=https://torrentfreak.com/new-eu-piracy-watchlist-targets-key-pirate-sites-and-cloudflare-181210/ |access-date=16 July 2021 |publisher=TorrentFreak}}

In 2020, an Italian court ruled Cloudflare had to block current and future domain names and IP addresses of the pirate IPTV service "IPTV THE BEST" for infringing on Lega Serie A intellectual property.{{Cite web |last=Pekic |first=Branislav |date=2021-02-17 |title=Court orders CloudFlare to stop hosting illegal IPTVs |url=https://advanced-television.com/2021/02/17/court-orders-cloudfare-to-stop-hosting-illegal-iptvs/ |access-date=2023-06-02 |language=en-GB}} At the time, Cloudflare was already blocking 22 domain names in Italy.{{Cite web |last=Van der Sar |first=Ernesto |date=2020-10-14 |title=Italian Court Orders Cloudflare to Block a Pirate IPTV Service |url=https://torrentfreak.com/italian-court-orders-cloudflare-to-block-a-pirate-iptv-service-201014/ |access-date=16 July 2021 |publisher=TorrentFreak}} German courts have similarly found that "Cloudflare and its anonymization services attract structurally copyright infringing websites."{{Cite web |last=Nordemann |first=Jan Bernd |date=2021-07-12 |title=Duties of DNS resolvers and CDN providers – the CoA Cologne finds Cloudflare accountable |url=http://copyrightblog.kluweriplaw.com/2021/07/12/duties-of-dns-resolvers-and-cdn-providers-the-coa-cologne-germany-finds-cloudflare-accountable/ |access-date=16 July 2021 |publisher=Wolters Kluwer}}

Following the December 2024 court ruling,{{Cite web |date=2025-04-05 |title=Se hace pública la sentencia que autoriza los bloqueos de LaLiga hasta 2027 |url=https://bandaancha.eu/articulos/ya-puedes-leer-sentencia-autoriza-11314 |access-date=2025-05-21 |website=bandaancha.eu |language=es-ES}} the Spanish LaLiga requested that telephone operators block Cloudflare's IP address ranges in February 2025. Cloudflare hosted websites that illegally broadcast soccer matches. As a result, the pirate platform DuckVision was shut down before the derby between Real Madrid and Atlético Madrid. The platform had 200,000 users and was backed by Cloudflare.{{Cite web |last=Rodríguez |first=Ángel |date=2025-02-09 |title=LaLiga desactiva la plataforma de piratería DuckVision antes del derbi entre Real Madrid y Atlético |url=https://www.marca.com/futbol/primera-division/2025/02/09/laliga-desactiva-plataforma-pirateria-duckvision-derbi-real-madrid-atletico.html |access-date=2025-05-21 |website=MARCA |language=es}} The blocks affected major websites, including X, Vimeo, Steam, GitHub, and the Real Academia de la Lengua Española.{{Cite web |title=Bloqueos del fútbol a IPs de Cloudflare y otras webs legales |url=https://bandaancha.eu/bloqueos-futbol |access-date=2025-05-21 |website=bandaancha.eu |language=es-ES}}

After Russia invaded Ukraine in late February 2022, Ukrainian Vice Prime Minister, Minister of Digital Transformation Mykhailo Fedorov{{cite news |last1=Timberg |first1=Craig |last2=Zakrzewski |first2=Cat |last3=Menn |first3=Joseph |title=A new iron curtain is descending across Russia's Internet |url=https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ |access-date=11 May 2022 |newspaper=The Washington Post |date=4 March 2022}} and others{{cite news |last1=Moore |first1=Logan |last2=Vanjani |first2=Karishma |title=These Companies Haven't Left Russia. Behind Their Decisions to Stay. |url=https://www.barrons.com/articles/russia-ukraine-war-companies-51648143368 |access-date=17 May 2022 |work=Barron's |date=25 March 2022}} called on Cloudflare to stop providing its services in the Russian market amidst reports that Russia-linked websites spreading disinformation were using the company's content delivery network services.{{cite news |last1=Stone |first1=Jeff |last2=Gallagher |first2=Ryan |title=Cloudflare Rebuffs Ukraine Requests to Stop Working With Russia |url=https://www.bloomberg.com/news/articles/2022-03-08/cloudflare-rebuffs-ukraine-requests-to-stop-working-with-russia |access-date=11 May 2022 |work=Bloomberg |date=8 March 2022}} Cloudflare CEO Matthew Prince responded that the company decided to remain providing services to Russian people to counter Russia's attempts to raise a 'digital iron curtain'.{{Cite web |last=Brodkin |first=Jon |date=2022-03-08 |title=Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff |url=https://arstechnica.com/tech-policy/2022/03/cloudflare-wont-cut-off-russia-says-it-needs-more-internet-access-not-less/ |access-date=2023-07-05 |website=Ars Technica |language=en-us}}{{Cite web |title=Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies |url=https://www.institute.global/insights/geopolitics-and-security/disrupters-and-defenders-what-ukraine-war-has-taught-us-about-power-global-tech-companies |access-date=2023-07-05 |website=www.institute.global |language=en-GB}} Prince shared that "Indiscriminately terminating service would do little to harm the Russian government but would both limit [Russian citizens'] access to information outside the country and make significantly more vulnerable those who have used us to shield themselves as they have criticized the government."{{cite news |last1=Brodkin |first1=Jon |title=Cloudflare refuses to pull out of Russia, says Putin would celebrate shutoff |url=https://arstechnica.com/tech-policy/2022/03/cloudflare-wont-cut-off-russia-says-it-needs-more-internet-access-not-less/ |access-date=19 April 2022 |work=Ars Technica |date=8 March 2022}} The company later said it had minimal sales and commercial activity in Russia and had "terminated any customers we have identified as tied to sanctioned entities".{{cite news |last1=Morrow |first1=Allison |title=Crypto is dead. Long live crypto: Davos Dispatch |url=https://edition.cnn.com/2022/05/26/investing/premarket-stocks-trading/index.html |access-date=26 May 2022 |work=CNN |date=26 May 2022}}

Cloudflare's Project Galileo, launched in 2014, offers DDoS protection to NGOs for free. In 2022, they extended free protection to Ukrainian government and telecoms.{{Cite web |title=CloudFlare Teams Up With 15 NGOs To Protect Citizen Journalists And Activists From DDoS Attacks |url=https://techcrunch.com/2014/06/12/cloudflare-teams-up-with-15-ngos-to-protect-citizen-journalists-and-activists-from-ddos-attacks/ |access-date=2022-06-26 |website=TechCrunch |date=June 12, 2014 |language=en-US}}{{Cite journal |last1=Garson |first1=Melanie |last2=Furlong |first2=Pete |date=May 2022 |title=Disrupters and Defenders: What the Ukraine War Has Taught Us About the Power of Global Tech Companies |url=https://institute.global/policy/disrupters-and-defenders-what-ukraine-war-has-taught-us-about-power-global-tech-companies |journal=Tony Blair Institute for Global Change |language=en}}

{{Reflist|refs=

{{Cite news |last=Wong |first=Julia Carrie |date=August 28, 2017 |title=The far right is losing its ability to speak freely online. Should the left defend it? |work=The Guardian |location=London |url=https://www.theguardian.com/technology/2017/aug/28/daily-stormer-alt-right-cloudflare-breitbart |access-date=August 22, 2019}}

{{Cite web |last=Jones |first=Rhett |date=December 14, 2018 |title=Cloudflare Under Fire for Allegedly Providing DDoS Protection for Terrorist Websites |url=https://gizmodo.com/cloudflare-under-fire-for-allegedly-providing-ddos-prot-1831107649 |access-date=August 5, 2019 |website=Gizmodo}}{{Cite news |last=Cook |first=Jesselyn |date=December 14, 2018 |title=U.S. Tech Giant Cloudflare Provides Cybersecurity For at Least 7 Terror Groups: Among its customers are the Taliban, al-Shabab and Hamas. |work=HuffPost |url=https://www.huffpost.com/entry/cloudflare-cybersecurity-terrorist-groups_n_5c127778e4b0835fe3277f2f |access-date=August 5, 2019}}

{{Cite web |last=Captain |first=Sean |date=February 27, 2019 |title=Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask |url=https://www.fastcompany.com/90312063/how-cloudflare-straddles-its-role-as-privacy-champion-and-hate-speech-enabler |access-date=August 5, 2019 |website=Fast Company}}

{{Cite news |last=Wong |first=Julia Carrie |date=August 4, 2019 |title=8chan: the far-right website linked to the rise in hate crimes |work=The Guardian |url=https://www.theguardian.com/technology/2019/aug/04/mass-shootings-el-paso-texas-dayton-ohio-8chan-far-right-website |access-date=August 5, 2019}}

{{Cite web |last1=Mezzofiore |first1=Gianluca |last2=O'Sullivan |first2=Donie |date=August 5, 2019 |title=El Paso shooting is at least the third atrocity linked to 8chan this year |url=https://www.cnn.com/2019/08/04/business/el-paso-shooting-8chan-biz/index.html |access-date=August 5, 2019 |website=CNN}}

{{Cite web |last=Lee |first=Timothy B. |date=August 31, 2017 |title=Tech companies declare war on hate speech—and conservatives are worried |url=https://arstechnica.com/tech-policy/2017/08/tech-companies-are-cracking-down-on-hate-speech/ |access-date=August 6, 2019 |website=Ars Technica}}

{{Cite news |last=Peterson |first=Becky |date=August 17, 2017 |title=Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet' |work=Business Insider |url=http://www.businessinsider.com/the-daily-stormer-got-pushed-offline-by-hackers-2017-8 |access-date=August 17, 2017}}

{{Cite web |last=Kelly |first=Makena |date=August 4, 2019 |title=Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks |url=https://www.theverge.com/2019/8/4/20754310/cloudflare-8chan-fredrick-brennan-ddos-attack |url-status=live |archive-url=https://web.archive.org/web/20190805063504/https://www.theverge.com/2019/8/4/20754310/cloudflare-8chan-fredrick-brennan-ddos-attack |archive-date=August 5, 2019 |access-date=August 5, 2019 |website=The Verge}}

{{cite web |title=S-1 Filing |url=https://www.sec.gov/Archives/edgar/data/1477333/000119312519222176/d735023ds1.htm |website=US SEC |access-date=2 December 2022}}

}}

• {{Official website}}
• {{LittleSis}}

{{Finance links

| name = Cloudflare, Inc.

| symbol = NET

| yahoo = NET

| google = NET:NYSE

| bloomberg = NET:US

| sec_cik = 1477333}}

{{Authority control}}

*

Category:2009 establishments in California

Category:2019 initial public offerings

Category:American companies established in 2009

Category:Companies based in San Francisco

Category:Companies listed on the New York Stock Exchange

Category:Content delivery networks

Category:Cloud computing

Category:DDoS mitigation companies

Category:Domain name registrars

Category:Freedom of speech in the United States

Category:Internet properties established in 2009

Category:Internet security

Category:Internet technology companies of the United States

Category:Networking companies of the United States

Category:Reverse proxy

Category:Technology companies based in the San Francisco Bay Area

Category:Virtual private network services