CDN

App & Website Security/Performance

Our security is composed by four different components. (App & API Security, Zero Trust Security, Abuse and Fraud Protection and DDoS Protection)

App and Website Security

Cloudflare’s 280 Tbps network blocks 209 billion daily threats on average. Our global network spans over 320 cities & 120 countries to stop attacks on the frontlines.
Easily onboard in minutes from the dashboard or our API. Adding Cloudflare security, performance, and reliability functionality is as easy as flipping a switch.
Award winning, global, 24/7/365 email & emergency phone support (Enterprise plans). Plus on-demand resources, guides & best practice implementation.

The Cloudflare global network processes 77 million HTTP requests per second at peak, providing unparalleled protection against the latest attacks, including zero-day exploits.
The Cloudflare WAF uses machine learning to automatically block emerging threats in real time.
Customers can set up the WAF with just a few clicks, and our WAF integrates with the rest of our application security for full coverage. No training or professional services needed.
On top of OWASP rules, Cloudflare managed rules offer fast zero-day protection, and custom rulesets enable organizations to tailor their WAF to implement organization-specific policies.

Continuously discover your public API endpoints and their schemas with machine learning models and heuristics.
Stop common API attacks, including zero-day exploits, authentication abuse, data loss, DDoS, and other business logic attacks.
Validate incoming requests against schemas, authentication, and legitimate API business logic — and reduce your API hosting costs.

Cloudflare blocks credential stuffing, content scraping, inventory hoarding, DDoS, and other malicious bot activity.
Cloudflare Bot Management uses machine learning, behavioral analysis, and fingerprinting to accurately classify bots.
Cloudflare has developed innovative ways to challenge bots without frustrating real users with CAPTCHAs.
No complex configuration or maintenance: Cloudflare Bot Management automatically recommends rules to manage bots out-of-the-box.

Detect and mitigate browser supply chain attacks with machine learning-based protection.
Get instant notifications when new scripts are detected, marked as malicious, or loaded from unknown domains.
Reduce third-party vendor risk and address client-side requirements like GDPR, PCI, and more.

Stop high-precision layer 7 attacks with granular configuration options.
Identify abusive traffic with high accuracy by rate limiting traffic based on any parameter of a request.
Defend against brute force login attacks seeking to take over accounts and steal sensitive information.
Avoid unpredictable costs associated with traffic spikes and enumeration attacks. We will not charge you for usage when you are under volumetric attack.

By using the latest protocols and operating close to users, Cloudflare TLS minimizes latency to speed up webpage load times.
TLS ensures data passing between users and servers is encrypted. Prevent on-path attacks, and safeguard user data to meet compliance requirements.
Search engines favor websites that use TLS. Avoid browser warnings present on unencrypted sites that dissuade users from visiting.
Set up certificates for a domain in less than 5 minutes. Keep your hosting provider. No code changes required.

Allow your customers to proxy their apex to your application, regardless of their DNS provider. Either bring your own IP or we’ll supply a set for your end customer, so they can point to your application with an A record.
Bring your own IP range to announce at Cloudflare’s edge. With BYOIP + SSL for SaaS solution you are able to manage the IP assignments of your customers.
Upload your customer’s certificate whenever necessary. For your security-conscious customers, we offer CSR support, meaning their private keys stay on Cloudflare, while they use the CA of their choice.
Extend encryption, performance, and security to any customer subdomain with wildcard custom hostnames.
Route customers to your origin of choice as your company scales.
Add specific rules to customer domains for maximum customization.

App and Website Security

Certificate lifecycle management can be an arduous, manual process. Cloudflare automatically issues and renews TLS certificates on your behalf, and serves TLS certificates from each of our global data centers, offering fast loading times for your users.
Enterprises have different organizational and regulatory requirements for encryption. Advanced Certificates Manager enables you to customize the hostnames on the certificate, adjust the certificate validity period, select a certificate authority to use (CA), bring your own certificates, and more
Encryption is a component of most Zero Trust frameworks, and is also mentioned in data privacy regulations across the world. Stay on top of encryption requirements by enabling the most secure cipher suites and TLS 1.3.

Issues in inventoried and managed assets such as the corporate website, servers, and the dependencies running on them.
Shadow IT or orphaned IT infrastructure like forgotten websites or unsanctioned cloud applications.
Malicious infrastructure spun up by threat actors such as typosquatted domains, or a website or app impersonating a brand.
Third-party software risks beyond an organization's direct control like open source vulnerabilities or malicious Javascript.

See exactly which resources are cached on your website — then, make configuration changes to improve cache-hit ratios.
Measure and track analytics for individual domains, products, or events.
Query your own virtual data warehouse and create custom analytics dashboards with our GraphQL Analytics API.

Improve your application’s performance and security by tuning your Cloudflare configuration.
Investigate and debug errors and security mitigations reported by your end users.
Build customized analytics in the tools you already use.

Make faster, more informed decisions based on industry-specific attack data from the Cloudflare global network, which is used as a reverse proxy by nearly 20% of all websites.*
Incorporate differentiated, finished threat intelligence (STIX/TAXII feeds) into your security tools.
Speed up threat investigations with instant threat queries for context on IPs, domains, ASNs, URLs, and more. Or directly access our experts: RFIs are available for bespoke threat intelligence reports.
On-demand sinkholes prevent connections to command-and-control servers. Brand and phishing protection identifies domains created for phishing with your brand.

Eliminate the complexity of storing multiple copies of the same image. With Images, you can dynamically deliver multiple variants of the same original image.
Automatically deliver the best size and format by device and browser type, without hard-coding image transformation.
Apply visual effects to your images, like applying blur, adding a watermark, and automatic face cropping.

Create better video experiences. Stream makes hosting video effortless. Upload, store, encode, and deliver liveand on-demand video with one API cost effectively.
Low-latency video delivery, Unlimited video storage, 100 minutes included in pro & business plans.
A single pipeline with no format, protocol, or encoding expertise required by your development team. Stream automatically takes care of codecs, protocols, and bitrate, freeing up teams to focus on other projects.

Give your web visitors an even better experience. Turnstile confirms they are real with no visual puzzle - totally transparent to visitors.
Turnstile always preserves the privacy of web visitors on your site - without sacrificing effectiveness. Unlike other CAPTCHA options, we never harvest data for ad retargeting.
Deploy in minutes with just a quick code snippet - and totally free of charge.

App and Website Performance

Our CDN supports global content delivery with a network that spans over 320 locations.
Our CDN serves content as close to your end-users as possible — within approximately 50 milliseconds of ~95% of the Internet-connected population — resulting in faster load times and a better web experience.
Our CDN helps reduce your hosting fees by reducing requests to your origin server and minimizing bandwidth usage.

Our authoritative DNS is the fastest in the world, offering DNS lookup speeds of 11ms on average and ensuring websites load as fast as possible.
Our global network offers optimal redundancy, with DNS resolution available at each of our data centers across over 320 cities.
Cloudflare offers built-in DDoS protection and one-click DNSSEC to ensure your applications are always safeguarded from DNS attacks.
All your domains can be managed through our user-friendly interface or via an API, without regard to where you host your Internet properties.

Deliver web traffic over the quickest network paths available for noticeably faster app performance and an improved user experience.
Route around congestion and use the most reliable paths to increase uptime.
Minimize content requests to the origin server, reducing latency, server load, and bandwidth usage.
Encrypt end-to-end traffic across the Cloudflare network, protecting web traffic from attackers.

As soon as an origin server or server pool goes down, requests proxied through Cloudflare get instantly rerouted to the nearest data center — helping maximize performance and resiliency.
Load balance traffic across multiple L4-7 protocols — including HTTP(S), TCP or UDP — and tailor your configuration to support evolving business needs.
Set up a customizable and scalable load balancing infrastructure using the Cloudflare Dashboard or REST API — no additional hardware or software required.

Cloudflare Cache Reserve eliminates egress costs and improves cache hit ratios by enabling you to persistently cache your data with the push of a single button.
Eliminate egress fees by limiting unnecessary cache data evictions with Cache Reserve’s affordable, consistent pricing that helps you maximize your savings.
Store long-tail content persistently on Cache Reserve and serve your content from Cloudflare’s global content delivery network for longer, improving cache hit ratios.
Shield your origin servers from unnecessary, voluminous requests, eliminating unnecessary trips to the origin to ensure faster performance and a better user experience.

Cloudflare’s global Anycast network ensures fast video delivery, with shorter video startup times and reduced buffering, no matter where your visitors are located.
We cache and deliver HTTP(S) video content, including adaptive bitrate formats, to your visitors at a flat-rate price, saving you on origin server bandwidth costs.
Our rich ecosystem of performance and security services, tuned specifically for video, offer optimal uptime and delivery.
Visitors today expect fast, high-quality online video experiences, regardless of device, connection type, or location. Video services which fail to meet visitor expectations can experience lower engagement and revenues.
Cloudflare’s global Anycast network ensures fast online video experiences, with shorter video startup times and reduced buffering, no matter where your visitors are located. Flat-rate bandwidth pricing ensures predictable costs, even in the case of legitimate traffic spikes or volumetric DDoS attacks.
Cloudflare’s content delivery network (CDN) spans 320 cities across 120 countries, ensuring the fastest delivery of high-quality video content at global scale. We ensure fast online video experiences, with shorter video startup times and reduced buffering. Video files can be selectively purged from Cloudflare’s entire network cache within seconds.

Deliever fast web experiences by moving files closer to your visitors, and loading the website as quickly as possible. Our network optimizes the page delivery to make and shows why your webpages are rendering slowly; with one-click solutions.
Measure the real user experience of your website as well as the performance benefits of using Cloudflare.
Browser Insights lets you measure the TCP connection time, DNS response time, Time to First Byte (TTFB), page load time, and more from the perspective of your visitors all over the globe.
The Speed Page on your dashboard also generates a filmstrip of screen snapshots taken as your webpage loads. This gives you a visual comparison of your website loading on Cloudflare with caching enabled compared to connecting directly to your origin.

Sudden increases in traffic can overwhelm your applications and infrastructure, leading to slow performance or complete disruption to your online presence.
Cloudflare Waiting Room allows organizations to route excess users to a custom-branded waiting room, helping preserve the customer experience and protecting origin servers from being overwhelmed with requests.
Protect your application from legitimate traffic surges and ensure you are able to scale to meet high demand.
Eliminate costs associated with maintaining additional servers and purchasing extra bandwidth to serve peak traffic.
Waiting Room acts as an extension of your brand, ensuring that users get a seamless online experience even while waiting.

App and Website Performance

Web3 is held to be the next iteration of the World Wide Web, built on decentralized technologies like IPFS and Ethereum.
We manage, maintain, and monitor Web3 infrastructure, so you can focus on what matters: building applications.
Leverage our industry-leading global network to create secure, reliable, and fast services built on Web3 technology.
Web3 does not rely on any central provider or authority. Instead, data and files are decentralized and distributed across nodes on the network.
Web3 inherently incorporates aspects of implicit trust using cryptographic hashes to ensure data has not been tampered with and users receive what they expect to receive.
The Interplanetary File System (IPFS) provides a storage layer for Web3. IPFS is a protocol and peer-to-peer (P2P) distributed network for storing data across nodes within the network.

A third-party tool manager built for speed, privacy, and security
Zaraz loads third-party tools in the cloud, away from browsers, improving web application speed, security, and privacy.
Load analytics tools, advertising pixels, widgets, and other third-party tools without slowing down your applications.
Improve website performance by loading third-party tools in the cloud instead of the browser. The result: a better user experience and improved SEO.
Third-party scripts can be entry points for attackers. Zaraz gives you control over what scripts can do on your site, reducing your risk.
Control personal data accessed by third-party tools.
Add multiple third-party tools using the Zaraz dashboard, with minimal code changes. Use one API to track engagement.

Comprehensive web performance and security analytics
Cloudflare tracks and analyzes web performance and security metrics across all of your domains, without impacting site speed or end-user experience.
See exactly which resources are cached on your website — then, make configuration changes to improve cache-hit ratios.
Measure and track analytics for individual domains, products, or events.
Query your own virtual data warehouse and create custom analytics dashboards with our GraphQL Analytics API.

Granular insights into your traffic.
Improve your application’s performance and security by tuning your Cloudflare configuration.
Investigate and debug errors and security mitigations reported by your end users. Build customized analytics in the tools you already use.
Get comprehensive metadata on your domain’s requests.
Have your Cloudflare request logs sent to your preferred storage provider and use the tools you already know to gain insights. Correlate with logs from other services for a comprehensive view of your systems.
Reduce deployment time and configuration errors by using our Dashboard UI and auto-generated bucket policies. Quickly configure dozens or hundreds of domains using an API.

Create better video experiences. Stream makes hosting video effortless. Upload, store, encode, and deliver liveand on-demand video with one API cost effectively.
Low-latencyvideo delivery, Unlimited video storage, 100 minutes included in pro & business plans
A single pipeline with no format, protocol, or encoding expertise required by your development team. Stream automatically takes care of codecs, protocols, and bitrate, freeing up teams to focus on other projects.
Automatic encoding and video delivery at the ideal quality for live and on-demand streams on any device without hiring a team of video experts. Immediately share recorded videos upon completion of a live event.
Integrate with any video player supporting HLS or DASH, or use the built-in player
Adaptive bitrate encoding to select the ideal resolution.

Easily store, resize, optimize, and serve images all in one place.
Cloudflare Images is an end-to-end solution that lets you build a highly scalable, cost-effective, and reliable image pipeline. Streamline your image infrastructure from a single API.
Eliminate the complexity of storing multiple copies of the same image. With Images, you can dynamically deliver multiple variants of the same original image.
Automatically deliver the best size and format by device and browser type, without hard-coding image transformation.
Apply visual effects to your images, like applying blur, adding a watermark, and automatic face cropping.

SSE & SASE

Solutions offered by Cloudflare.

SSE & SASE Services

Fast, reliable Zero Trust Network Access (ZTNA)
Access verifies context (like identity and device posture) to secure access across your entire environment — no VPN required.
Improve team productivity: Make on-premises applications as easy to use as SaaS apps. ZTNA reduces remote access support tickets by 80% compared to a VPN.
Simplify management: Simplify the setup and operation of ZTNA with robust software connectors and unified Zero Trust policies.
Eliminate lateral movement: Shrink your attack surface by enforcing context-based, least-privilege access policies for every resource.
Scale Zero Trust effortlessly: Shield critical applications and high-risk user groups first — then expand cloud-native ZTNA to protect your entire business.
Cloudflare Access verifies and secures employee and third-party access across all of your self-hosted, SaaS, and non-web applications, helping mitigate risk and ensure a smooth user experience.
It checks granular context like identity and device posture for every request to provide fast, reliable access across your business.

A cloud-native, low-latency Secure Web Gateway (SWG).
With visibility into approximately 20% of the web, Cloudflare’s unmatched network scale protects employee Internet browsing and blocks breach-causing threats.
Accelerate user Internet access: No more traffic backhauling. Our single-pass inspection is 50% faster than SWG alternatives.
Block known and unknown threats: Cloudflare's DNS and HTTP telemetry and threat detection models catch more risks.
Monitor traffic across your network: Stack in-line Zero Trust services to provide holistic Internet traffic visibility across users, devices, and locations.
Easy implementation and management: Streamline policy building and auditing with predefined categories.

High-performance remote browser isolation (RBI).
Browser Isolation runs all code at the edge of our global network — insulating users from ransomware, phishing, and zero-day browser vulnerabilities.
Quickly deploy RBI policies: Protect sites, SaaS, and self-hosted apps with preset browser isolation policies in the Cloudflare Dashboard.
Isolate resources conditionally: Implement RBI by application, by policy, for suspicious sites only, or with additional data loss controls.
Extend security controls: Natively integrate RBI with Cloudflare’s Zero Trust services, including email security, for a layered security approach.
Exceed user expectations: Keep security invisible with innovative RBI and hyper-low latency suitable for everyday browsing.
Applying Zero Trust to browsing means that no code or interactions should be trusted to run on devices by default.
Unlike legacy RBI methods, our patented technology eliminates security and performance trade-offs and is so fast, it feels just like local browsing.

A modern, SASE-native cloud access security broker (CASB).
Our CASB provides comprehensive visibility and control over your SaaS applications, so you can easily eliminate the risk of compromise, prevent data loss, and avoid compliance violations.
Comprehensive visibility and control: Use our API integrations to continuously scan SaaS applications for misconfigurations, exposed files, and suspicious activity — and remediate risks as they arise.
Regulate access control: Apply identity-aware, context-driven Zero Trust policies to control how and where users access your applications.
Granular data protection: Apply consistent, granular DLP controls across cloud applications to block accidental or risky data sharing.
Simplified compliance: Ensure better visibility across your application portfolio to minimize data loss and meet compliance requirements — including GDPR, CCPA, HIPAA, and more.
Cloudflare’s multimode CASB helps deliver unified cloud security for SaaS applications. To secure data at rest, simple API integrations continuously scan your applications for vulnerabilities and potential risks.
Our Zero Trust access (ZTNA), gateway (SWG), and browser isolation (RBI) controls are seamlessly deployed as an inline CASB — no additional configurations needed.

A low-touch, high-efficacy email security service.
Effortlessly block and isolate phishing threats, including email-borne malware, business email compromise, and multi-channel (link-based) attacks.
Phishing protection that goes beyond email: Protect against targeted phishing attacks that use a combination of email and other apps to exploit users and gain unauthorized access.
Easy implementation and management: Benefit from industry-leading threat detection without having to constantly tune policies and configurations.
Greater value, lower cost: Save time, money, and your sanity — all while catching the phishing threats that others miss.
Microsoft 365 users: Run a free phishing retro scan to identify active threats currently sitting in your inboxes.
Gmail users: Request a free phishing risk assessment to see how your existing security controls stack up.
Then deploy Cloud Email Security inline (as MX), via API, or in mix-mode with the benefits of inline and post-delivery retraction.

Unified, consistent data loss prevention (DLP).
Cloudflare DLP protects sensitive data consistently across all networks, SaaS applications, users, and devices, while minimizing security risks and compliance issues.
Simplified SaaS security: Eliminate data exfiltration risks with continuous detection and control over your applications — all from a unified platform.
Unified policy management: Easily deploy predefined DLP profiles to monitor and block the sharing of regulated data, including PII, PHI, and financial information.
Flexible data controls: Apply granular controls to your sensitive data with context analysis, exact data matches, OCR, and behavior-based user risk scoring.
Seamless Microsoft MIP integrations: Increase agility and minimize complexity with powerful integrations that automatically retrieve sensitivity labels and populate into a DLP profile.
Cloudflare DLP helps detect and secure sensitive data across all of your applications and devices with customizable, granular policies and controls.
Built into a composable SSE platform, it automatically inspects HTTP/S traffic and files, enhances visibility across your organization, and enables you to consolidate critical data protection measures.

Cloud-delivered enterprise networking.
Achieve any-to-any network connectivity across branch and retail sites and data centers with Cloudflare’s connectivity cloud.
Improved operational agility: Centrally manage enterprise network connectivity and security from one interface. On-ramp traffic in minutes with zero-touch configuration.
Built-in, not bolt-on, security: Get cloud-native DDoS protection, network firewalling, SSE, and Zero Trust functionality — all deeply integrated and delivered as a service.
Reduced network costs: Minimize your branch footprint and shift network functions to the cloud to reduce reliance on expensive MPLS or SD-WAN deployments.
Use Magic WAN Connector, which is available as a physical or virtual appliance, to connect and steer traffic to the Cloudflare network.
Magic WAN enforces Cloudflare One security policies and delivers traffic to other sites in your network and to applications in the Internet and the cloud.

Cloud-native network firewall for your enterprise WAN.
Magic Firewall is a firewall-as-a-service (FWaaS) offering for on-premises networks and WANs.
No more bottlenecks: instead of backhauling traffic through firewall appliances, filter layer 3 and 4 traffic with the Cloudflare network, which has locations in over 320 cities throughout the world.
Secure entire WAN: Enforce network security policies across your entire WAN, including headquarters, branch offices, and virtual private clouds.
No appliances to manage: With Magic Firewall delivered from the Cloudflare global network, your security scales with your business needs. No artificial choke points or downtime for appliance upgrades.
Deploy rules instantly: Fine-grained filtering rules deploy globally in under 500ms. Manage rules from a single dashboard.
Magic Firewall runs everywhere in Cloudflare’s global network, letting you inspect layer 3/4 traffic no matter where your branch offices are located.
It also runs in-line with Cloudflare One, our comprehensive cloud-based WAN-as-a-Service solution for replacing a patchwork of legacy hardware appliances for networking and security.

Network Security & Developer Platform

Network Security & Performance

Secure access service edge.
Cloudflare’s SASE, Cloudflare One, is a Zero Trust network-as-a-service platform that dynamically connects users to enterprise resources, with identity-based security controls delivered close to users, wherever they are.
Cloudflare One helps you move away from the old model of network infrastructure — centralized corporate data centers secured by an on-premise network perimeter.
Cloudflare One supports Secure Access Service Edge (SASE) by combining network connectivity services with Zero Trust security services on a purpose-built global network.
Replace expensive, proprietary circuits with a single global network that provides built-in Zero Trust functionality, DDoS mitigation, network firewalling, and traffic acceleration.
Connect users to resources simply and securely with no VPN. Block lateral movement, ransomware, malware, and phishing.

Cloud-delivered enterprise networking.
Achieve any-to-any network connectivity across branch and retail sites and data centers with Cloudflare’s connectivity cloud.
Improved operational agility: Centrally manage enterprise network connectivity and security from one interface. On-ramp traffic in minutes with zero-touch configuration.
Built-in, not bolt-on, security: Get cloud-native DDoS protection, network firewalling, SSE, and Zero Trust functionality — all deeply integrated and delivered as a service.
Reduced network costs: Minimize your branch footprint and shift network functions to the cloud to reduce reliance on expensive MPLS or SD-WAN deployments.
Use Magic WAN Connector, which is available as a physical or virtual appliance, to connect and steer traffic to the Cloudflare network.
Magic WAN enforces Cloudflare One security policies and delivers traffic to other sites in your network and to applications in the Internet and the cloud.

Unmatched, hardware-free DDoS protection for customer networks.
Protect public-facing subnets using the Cloudflare global network, without the slowdowns of routing network traffic to scrubbing centers or capacity limitations of hardware boxes. With 280 Tbps of network capacity, 23x greater than the largest DDoS attacks ever recorded, Cloudflare can mitigate attacks of any size.
DDoS protection at massive scale: No more backhauling traffic to DDoS scrubbing centers. Magic Transit uses Cloudflare's global network to absorb and filter attacks.
Ultra-low Time to Mitigate (TTM): Malicious traffic is identified and blocked at a Cloudflare data center closest to the source, usually within 3 seconds.
Reduce your TCO: Replace expensive hardware and increase operational agility with network functions delivered and billed as a service.
Magic Transit delivers network protection from Cloudflare data centers. Using Border Gateway Protocol (BGP) route announcements, inbound traffic is ingested at the closest Cloudflare data center.
Clean traffic is routed rapidly over Cloudflare’s network and can be handed off over GRE tunnels, private network interconnects (PNI), or other forms of peering to the customer network.

Cloud-native network firewall for your enterprise WAN.
Magic Firewall is a firewall-as-a-service (FWaaS) offering for on-premises networks and WANs.
No more bottlenecks: instead of backhauling traffic through firewall appliances, filter layer 3 and 4 traffic with the Cloudflare network, which has locations in over 320 cities throughout the world.
Secure entire WAN: Enforce network security policies across your entire WAN, including headquarters, branch offices, and virtual private clouds.
No appliances to manage: With Magic Firewall delivered from the Cloudflare global network, your security scales with your business needs. No artificial choke points or downtime for appliance upgrades.
Deploy rules instantly: Fine-grained filtering rules deploy globally in under 500ms. Manage rules from a single dashboard.
Magic Firewall runs everywhere in Cloudflare’s global network, letting you inspect layer 3/4 traffic no matter where your branch offices are located.
It also runs in-line with Cloudflare One, our comprehensive cloud-based WAN-as-a-Service solution for replacing a patchwork of legacy hardware appliances for networking and security.

Directly connect your on-premises networks to Cloudflare's network.
Your networks are at the core of delivering end-user experiences and supporting business initiatives. But often, the performance of your network traffic can be unpredictable due to intermediate networks outside of your control.
Connect your network infrastructure directly to Cloudflare's network for a more reliable and secure experience than connecting over the public Internet.
With Cloudflare Network Interconnect, you can set up physical or virtual interconnections — enabling you to get faster performance and better security at lower costs than with connections over the public Internet.
Cloudflare’s vast global network spans data centers in over 320 cities in 120 countries. In addition to physical connections at our data center locations, you can also connect virtually from over 1600 locations through our network interconnect partnerships with companies like Equinix, Megaport, PacketFabric, Console Connect, CoreSite and more.
Better performance: With no intermediary transit providers and associated hops between Cloudflare and your network, you get faster performance.
More secure: Each provisioned link is reserved exclusively for the customer that provisions it — ensuring customer traffic is isolated and private.
Lower costs: Customers can benefit from reduced transit provider costs and may also be able to lower egress costs in the event of cache-miss.

Avoid network congestion and accelerate web apps.
Network congestion on the Internet can lead to slow load times. Argo Smart Routing detects and routes around real-time network congestion for 30% (on average) faster web app performance.
Faster loading times: Deliver web traffic over the quickest network paths available for noticeably faster app performance and an improved user experience.
Increased reliability: Route around congestion and use the most reliable paths to increase uptime.
Reduced costs: Minimize content requests to the origin server, reducing latency, server load, and bandwidth usage.
Integrated security: Encrypt end-to-end traffic across the Cloudflare network, protecting web traffic from attackers.
The Cloudflare network routes an average of 57 million HTTP requests per second, providing a unique view of traffic flow on the Internet.
Argo Smart Routing uses this information to detect the fastest network paths, then intelligently routes customer web traffic on those paths.

Unmetered DDoS protection and traffic acceleration for TCP and UDP applications.
Built on a network of 320 locations worldwide, Spectrum shields your applications from complex, large-scale attacks — while delivering a fast, consistent, and ‘real-time’ end-user experience.
Block volumetric DDoS attacks: With a network mitigation capacity of 280 Tbps, Spectrum mitigates even the largest DDoS attacks — before they reach your server.
Accelerate network traffic in real time: Spectrum integrates with Argo Smart Routing to send TCP traffic faster than the ‘best-effort’ Internet.
Increase uptime with faster failovers: With Load Balancing, all active TCP connections and UDP traffic automatically failover to a healthy server, helping increase the uptime of your services.
Spectrum works as a layer 4 reverse proxy, extending Cloudflare DDoS protection and traffic acceleration to any box, container, or virtual machine (VM) connected to the Internet.
And with our built-in, software-defined IP firewall, you can easily control the flow of traffic to your application servers — no hardware or costly maintenance required.

Cloud based network flow monitoring.
A lack of network visibility can prevent engineers within your IT organization from effectively troubleshooting and solving key problems. However, establishing end to end visibility across all traffic within your organization’s network can be a complex task.
Magic Network Monitoring is a cloud network flow monitoring solution that gives customers end to end network traffic visibility, DDoS attack type identification, and volumetric traffic alerts all from a single pane of glass.
Move your network flow monitoring to the cloud: Provision virtual network services on the fly: network flow monitoring with over 209 Tbps of network capacity, combined analytics across network flow types, and real time network traffic data.
Powerful DDoS identification and alerting: Configure Cloudflare’s leading DDoS services to monitor your network for threats 24/7/365. Receive DDoS notifications to stop attacks on the frontlines.
Fast deployment and easy management: Trial the free version of Magic Network Monitoring to instantly test the product today. A step by step configuration guide and self-serve onboarding makes setup fast and easy.
Magic Network Monitoring will analyze a customer’s network traffic flow and send an alert via email, webhook, or PagerDuty when a DDoS attack is detected.
The product offers both advanced DDoS attack type detection and alerting (for specific flow types) as well as alerts on unusual traffic volume received by publicly advertised IP addresses and prefixes.
Magic Network Monitoring provides customers with end to end visibility across all of their internal network traffic. Customers often need better insights into traffic that flows in between their cloud environments or only traverses a local network.
Magic Network Monitoring provides customers with the network traffic analytics they need to power up their monitoring, troubleshooting, and maintenance efforts.
Magic Transit is just one part of the Cloudflare network security and solutions family.
Cloudflare offers built-in services — like DDoS mitigation, branch connectivity, software-defined Zero-Trust functionality, and network firewalling — on a single global network that replaces patchwork appliances. Connect, secure, and accelerate your corporate network with Cloudflare.

Cloudflare Developer Platform

Deploy serverless code, globally with exceptional performance, reliability, and scale.
Build web functions and applications without configuring or maintaining infrastructure when it’s deployed globally to over 320 data centers around the world on Cloudflare’s global network.
Build powerful serverless applications: From fast and light to longer running and more CPU-intensive workloads, code is deployed and executes globally reducing network round-trips and providing exceptional performance, reliability, and scale.
Scale projects with built-in security: Get the security and reliability you need with out-of-the-box tools from Cloudflare’s secure ecosystem. Workers offers robust security built in including:WAF, SSL/TLS, DDoS protection, Highly reliable DNS & CDN network, Latest web standards (HTTP3/QUIC), and Mutual TLS Authentication for Workers
Deploy code without configurations: With automated configuration, deployment, scale, and agile Developer services, developers can spend more time coding and building new products with the resources needed for scale, performance, security and reliability.
Expand your toolkit with Workers Integration Marketplace: Expand your toolkit with developer products to easily discover, configure and deploy products to use with Workers. The Workers Integration Marketplace enables developers to bring any products of their choice to Cloudflare Workers.

A free and private way to create and manage email addresses.
Create custom email addresses for your domain and route messages to your preferred inbox — all without ever exposing your primary email address.
Private by design & anti-spam: Email Routing is 100% private; Cloudflare will not store or access email content. We use phishing detection to prevent spam from being forwarded.
Free and easy to configure: Creating custom addresses and forwarding messages to your inbox is free. DNS records are created automatically and protected from accidental changes.
Advanced analytics: Access insights on the number of emails sent to you, whether they were forwarded or dropped, and delivery success at your destination mailbox.
Process emails programmatically: Route to Cloudflare Workers to program custom logic for processing your emails.
Route emails efficiently: Email Routing acts as an intelligent router at the transport layer, handling and modifying the SMTP envelope to deliver the message at its final destination while preserving the original headers and keeping the body intact in real time.

R2 gives you the freedom to create the multi-cloud architectures you desire with an S3-compatible object storage.
Global object storage, Dynamic functionality via integration with Cloudflare Workers, Avoid vendor lock-in with our S3-compatible API, and Easy migration from existing cloud storage providers
No more egress charges: You shouldn’t have to pay to access your data. Pay no egress charges for data accessed from R2. Our affordable and consistent pricing reduces costs and frees up resources across your organization.
Migrate with ease: Rapidly move your objects with Cloudflare's automated migration service. Migrate objects all at once or over time, you're in control.
Enhance and extend: Deploy edge functions with Cloudflare Workers, using the In-Worker API to perform authentication, route requests, enhance decisions, and more. The S3-compatible API allows you to access the wide range of S3 tools, libraries, and extensions.
Build a flexible, robust, & portable multi-cloud architecture: You’re no longer constrained by vendor lock-in or exorbitant egress fees to move your data to your preferred locations. Accelerate multi-cloud adoption when you avoid hefty egress bills when moving data between clouds.
R2 Pricing: R2 charges based on the total volume of data stored and two classes of operations on that data. You pay zero egress fees.

Serverless key-value storage for applications on Cloudflare
Extend your applications’ functionality with our serverless key-value store. Workers KV provides a secure low-latency key-value store across 320 global locations. Automatic scaling supports applications that serve dozens or millions of users.
Eventually consistent by design, KV caches data globally and is ideal for reference data or assets that don't change frequently.
Improve response times everywhere: Move your application closer to the user, with edge storage, improving both site performance and the overall user experience. Store, modify, and query key-value data across our globally distributed network quickly and securely.
Reliable by default: KV replicates data automatically to avoid a single point of failure. Application developers can rely on KV to recover from failures with zero downtime.
Boost developer productivity: Improve developers productivity by allowing them to focus their time on building new features rather than scaling out key-value stores.
Workers-KV automatically replicates data to all of Cloudflare’s global locations, allowing you to scale seamlessly.

Real-time, low-latency API coordination and consistent storage.
Durable Objects provides a powerful API for coordinating multiple clients and users — helping you build collaborative applications while maintaining strong consistency of state.
State consistency from a global network: Durable Objects allows you to store application state in a specific data center on our network, guaranteeing that all requests reach the same instance every time.
Real-time coordination: Durable Objects automatically selects a coordination point close to your users, so you can minimize latency and make application changes in real time.
Embedded compute: With Durable Objects, your compute functions execute within the same serverless environment as your state — helping you build complex logic without impacting performance.
On-demand scalability: Durable Objects can scale from zero to millions of objects in seconds, ensuring consistent access to your applications — even during peak traffic periods.
A Durable Object is a special kind of Cloudflare Worker that processes requests in one of our data centers — available in over 320 cities worldwide.
Each Durable Object is single-threaded and has access to a stateful storage API, making it easy to build consistent, highly-available distributed applications with them.

Build natively serverless SQL databases.
Deploying and maintaining a database shouldn’t be harder than building the application around it. Create a serverless relational database in seconds with D1. With a familiar SQL query language, point-in-time recovery, and cost-effective pricing you are empowered to build the next big thing.
Built on SQLite, Native serverless architecture, SQL based dialect, Built-in JSON parsing and querying functions, and Support for full-text search and triggers.
Build and deploy unlimited databases: Databases are a key part of building any full-stack application. Build infinitely scalable composable databases with Cloudflare’s D1 database.
Infinite scalability with cost effective pricing: Implementations are often a massive point of friction, slowing down the innovation process. Our natively serverless architecture enables developers to scale databases without excessive costs.
Built on one of the most popular and widely used SQL query engines in the world: No need for your teams to familiarize themselves with a proprietary query language, D1 uses a SQL based query language enabling you to use the drivers and ORMs you're familiar with.

Make your existing database infrastructure feel globally distributed.
Hyperdrive accelerates queries made to your existing databases, dramatically reducing latency no matter where users are connecting from.
Avoid the latency tax: Hyperdrive eliminates redundant and repeated round-trips to your existing databases, shaving off up to hundreds of milliseconds from each query. Your most popular read queries are intelligently cached, further improving performance and reducing database load.
Bring the drivers and libraries you love: Hyperdrive currently supports any Postgres or Postgres-compatible databases, including those at major cloud providers, eliminating the need to move data or re-write your application. On top of that, Hyperdrive works with existing database drivers and libraries: no need to throw away the tools you love.

Fullstack platform for frontend developers.
Cloudflare Pages with Functions enables developers to easily add dynamic content to any site and deploy to the Cloudflare network within seconds.
Customize Workers functionality directly from within a Pages project, Preview builds to make it easy to get feedback on the final results, Automatically generated links for every commit, and Get real-time insight into your page with privacy-first analytics.
Collaborate. Test. Deploy: Make project collaboration effortless. Share projects with designers, developers, writers and more to iterate quickly and save time on coordination.
Preview builds to make it easy to get feedback, Unique, protected links automatically generated for every commit, and Get real-time insight into your page with privacy-first analytics.
Reduce build times with Build Caching (beta): With build caching, we offer a supercharged Pages experience by helping you cache parts of your project to save time on subsequent builds.