This article relies too much on references to primary sources. (August 2019) (Learn how and when to remove this template message)
|Traded as||NYSE: NET|
|Revenue||US$192.67 million (2018)|
|US$-84.90 million (2018)|
|US$-87.16 million (2018)|
Number of employees
|755 (18 September 2019)|
Cloudflare, Inc. is an American web infrastructure and website security company, providing content delivery network services, DDoS mitigation, Internet security, and distributed domain name server services. Cloudflare's services sit between a website's visitor and the Cloudflare user's hosting provider, acting as a reverse proxy for websites. Cloudflare's headquarters are in San Francisco, California, with additional offices in Lisbon, London, Singapore, Munich, San Jose, Champaign, Illinois, Austin, New York City and Washington, D.C.
Cloudflare has faced several controversies over its stance on providing technical support to online hate groups and terrorists—support it has defended based on the principle of free speech. Cloudflare stated that it will "continue to abide by the law" and "serve all customers", further explaining "our proper role is not that of Internet censor". These controversies have involved Cloudflare's service of The Daily Stormer, a neo-Nazi, white supremacist, and Holocaust denial commentary and message board website; and 8chan, an imageboard which has been linked to multiple mass shootings in the United States and the Christchurch mosque shootings in New Zealand. In 2017, Cloudflare decided to cease providing services to The Daily Stormer. In August 2019, Cloudflare stopped services for 8chan following a mass shooting in El Paso stating that 8chan is "refusing to moderate their hate-filled community".
In 2014, Cloudflare introduced an effort called Project Galileo in response to cyberattacks against vulnerable online targets, such as artists, activists, journalists, and human rights groups. Project Galileo provides such groups with free services to protect their websites. In 2019, Cloudflare announced that 600 users and organizations were participating in the project.
- 1 History
- 2 Services
- 3 Controversy
- 4 Awards and recognition
- 5 Security
- 6 Privacy
- 7 Spam and phishing support
- 8 Outages
- 9 Peering
- 10 References
- 11 External links
Cloudflare was created in 2009 by Matthew Prince, Lee Holloway, and Michelle Zatlyn, who had previously worked on Project Honey Pot. Cloudflare was launched at the September 2010 TechCrunch Disrupt conference. It received media attention in June 2011 for providing security services to the website of LulzSec, a black hat hacking group.
In February 2014, Cloudflare mitigated what was at the time the largest ever recorded DDoS attack, which peaked at 400 Gigabits per second against an undisclosed customer. In November 2014, Cloudflare reported another massive DDoS attack with independent media sites being targeted at 500 Gbit/s.
In November 2009, Cloudflare raised $2.1 million in a Series A round from Pelion Venture Partners and Venrock. In July 2011, Cloudflare raised $20 million in a Series B round from New Enterprise Associates, Pelion Venture Partners, Venrock. In December 2012, Cloudflare raised $50 million in a Series C round from New Enterprise Associates, Pelion Venture Partners, Venrock, Union Square Ventures, and Greenspring Associates. In December 2014, Cloudflare raised $110 million in a Series D round led by Fidelity Investments, with participation from CapitalG, Microsoft, Qualcomm, and Baidu. In March 2019, Cloudflare raised $150 million in a Series E round led by Franklin Templeton Investments, with participation from New Enterprise Associates, Union Square Ventures, Venrock, Pelion Venture Partners, Greenspring Associates, CapitalG, Microsoft, Baidu, Qualcomm and Fidelity.
On August 15, 2019, Cloudflare submitted its S-1 filing for IPO on the New York Stock Exchange under the stock ticker NET. It opened for public trading on September 13, 2019, priced at $15 per share.
In February 2014, Cloudflare acquired StopTheHacker, which offers malware detection, automatic malware removal, and reputation and blacklist monitoring. In December 2016, Cloudflare acquired Eager, with the view of upgrading Cloudflare's Apps platform to allow for drag-and-drop installation of third-party apps onto Cloudflare-enabled sites. In late 2017, Cloudflare acquired Neumob, a mobile VPN startup.
This section may be too long and excessively detailed. (August 2019)
In March 2013, Cloudflare defended The Spamhaus Project from a DDoS attack that exceeded 300 Gbit/s. Akamai's chief architect stated that at the time it was "the largest publicly announced DDoS attack in the history of the Internet". Cloudflare has also reportedly absorbed attacks that have peaked over 400Gbit/s from an NTP Reflection attack.
Web application firewall
Cloudflare allows customers on paid plans to utilize a web application firewall service. By default, the firewall has the OWASP ModSecurity Core Rule Set alongside Cloudflare's own ruleset and rulesets for popular web applications.[unreliable source?]
Cloudflare offers free authoritative domain name system (DNS) service for all clients, which is powered by an anycast network. SolveDNS have found Cloudflare to consistently have one of the fastest DNS lookup speeds worldwide, with a reported lookup speed of 5.6ms in July 2019.
Public DNS resolver
On April 1, 2018, Cloudflare announced a 'privacy-first' consumer DNS service, hosted at IP addresses 184.108.40.206 and 220.127.116.11. Alternatively, the service can be accessed via IPv6 at 2606:4700:4700::1111 and 2606:4700:4700::1001.
On August 16, 2018, Cloudflare announced 18.104.22.168 can be used on Android Pie's Private DNS feature using "1dot1dot1dot1.cloudflare-dns.com" hostname.
On November 11, 2018, Cloudflare announced a mobile version of their 22.214.171.124 service for iOS and Android.
A key functionality of Cloudflare is that they act as a reverse proxy for web traffic. Cloudflare supports new web protocols, including SPDY and HTTP/2. In addition to this, Cloudflare offers support for HTTP/2 Server Push. Cloudflare also supports proxying WebSockets.
Content delivery network
Cloudflare's network has the highest number of connections to Internet exchange points of any network worldwide. Cloudflare caches content to its edge locations to act as a content delivery network (CDN); all requests are then reverse proxied through Cloudflare with cached content served directly from Cloudflare.
In 2014, Cloudflare introduced an effort called Project Galileo in response to cyberattacks against vulnerable online targets, such as artists, activists, journalists, and human rights groups. Project Galileo provides such groups with free services to protect their websites. Cloudflare has remained fairly secretive about the project, in part to avoid drawing further attention to organizations that might be targeted. In 2019, Cloudflare announced that 600 users and organizations were participating in the project.
Project Galileo has been compared to Alphabet's Project Shield, a different service providing protection to vulnerable humanitarian and free-speech groups. In contrast to Project Shield, Project Galileo does not create its own guidelines for eligible users, but rather outsources the selection to 28 non-profit organizations, any of which can accept users into the program.
Cloudflare created Project Athenian to ensure that state and local government election websites receive their highest level of protection and reliability for free, so that their constituents always have access to election information and voter registration.
In 2018, Cloudflare announced a new zero trust authentication service that offers a way for companies to secure networks without the overhead of a VPN. The service is free for up to 5 users and then is $3 per user per month. The service allows administrators to authenticate clients with a one time pin, Facebook, Github, Google, Yandex, Azure Active Directory, Centrify, G Suite, Okta, OneLogin, OIDC Provider, or SAML authentication.
On April 1, 2019, Cloudflare announced a new freemium Virtual Private Network service named Warp. The service would initially be available through the 126.96.36.199 mobile apps with a desktop app available later.
Currently as a freemium service, Warp has two plans Warp and Warp+. Warp Plus is faster than Warp and uses Cloudflare’s Argo Smart Routing to achieve a higher speed than Warp. Warp is free while Warp+ starts at $4.99 per month.
Network time services
On June 21, 2019, Cloudflare announced that users would be able to sync their computer's time securely with Cloudflare's Network Time Protocol (NTP) service. Cloudflare's time service will allow users to connect to their NTP server that supports Network Time Security (NTS), enabling users to obtain time in an authenticated manner.
On October 31, 2019 Cloudflare further announced that they release their NTS implementation, cfnts, as open source software and invited the internet community to contribute to its future development.
Cloudflare has come under pressure on multiple occasions due to its policies on free speech and for refusing to cease technical support (such as DNS routing and DDoS mitigation) of websites such as LulzSec, The Daily Stormer, and 8chan. Some have argued Cloudflare's services allow access to content which spreads hate and has led to harm and deaths. However Cloudflare, as an Internet infrastructure provider, has broad legal immunity from the content produced by its users.
In 2011, Cloudflare provided DoS protection for the hacker group LulzSec. This garnered significant positive media attention at the time, as Cloudflare was a young and relatively unknown company.
Cloudflare provided DNS routing and DoS protection for the white supremacist and neo-Nazi website, The Daily Stormer. In 2017 Cloudflare stopped providing their services to The Daily Stormer after an announcement on the controversial website asserted that the "upper-echelons" of Cloudflare were "secretly supporters of their ideology". Previously Cloudflare had refused to take any action regarding The Daily Stormer, despite widespread public pressure. The removal was addressed in a blog post in which Cloudflare emphasized their dedication towards freedom of speech. As a self-described "free speech absolutist", Cloudflare's CEO Matthew Prince vowed never to succumb to external pressure again and sought to create a "political umbrella" for the future. Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern that is shared by a number of civil liberties groups and privacy experts. The Electronic Frontier Foundation, a U.S. digital rights group, said that services such as Cloudflare "should not be adjudicating what speech is acceptable", adding that "when illegal activity, like inciting violence or defamation, occurs, the proper channel to deal with it is the legal system." After terminating service for The Daily Stormer, Cloudflare sought to create an alliance of free speech organizations so the company could stand up to pressure in the future. A number of organizations, including The Electronic Frontier Foundation, joined a Cloudflare project called Project Galileo to support their free speech stance.
According to The Huffington Post, Cloudflare provides services to "at least 7 terrorist groups", as designated by the United States Department of State. According to the article, Cloudflare provides services to the Taliban, Hamas, the al-Quds Brigades, and other terrorist groups, have been aware since at least 2012, and have taken no action. According to Cloudflare's CEO, no law enforcement agency has asked the company to discontinue these services.
In 2019, Cloudflare was criticized for providing services to the discussion and imageboard 8chan, which allows users to post and discuss any content with minimal interference from site administrators. The message board has been linked to mass shootings in the United States and the Christchurch mosque shootings in New Zealand. In addition, a number of news organizations including The Washington Post and The Daily Dot have reported the existence of child pornography and child sexual abuse discussion boards. A Cloudflare representative has been quoted by the BBC saying that the platform "does not host the referenced websites, cannot block websites, and is not in the business of hiding companies that host illegal content". In an August 3 interview with The Guardian, immediately following the 2019 El Paso shooting, CEO Matthew Prince defended Cloudflare's support of 8chan, saying:
What happened in El Paso today is abhorrent in every possible way, and it’s ugly, and I hate that there’s any association between us and that… For us the question is which is the worse evil? Is the worse evil that we kick the can down the road and don’t take responsibility? Or do we get on the phone with people like you and say we need to own up to the fact that the internet is home to many amazing things and many terrible things and we have an absolute moral obligation to deal with that.
Two days later, Cloudflare announced that they were terminating support for 8chan due to the consistent use of the site for terror purposes. In the announcement, CEO Matthew Prince said that he believed Cloudflare's refusal to provide services to 8chan would not permanently take the site offline, and compared the decision to the previous events with The Daily Stormer:
Unfortunately, we have seen this situation before and so we have a good sense of what will play out. Almost exactly two years ago we made the determination to kick another disgusting site off Cloudflare's network: the Daily Stormer. That caused a brief interruption in the site's operations but they quickly came back online using a Cloudflare competitor. That competitor at the time promoted as a feature the fact that they didn't respond to legal process. Today, the Daily Stormer is still available and still disgusting. They have bragged that they have more readers than ever. They are no longer Cloudflare's problem, but they remain the Internet's problem.
Cloudflare has been vocal about their stance on freedom of speech, with CEO Matthew Prince stating:
One of the greatest strengths of the United States is a belief that speech, particularly political speech, is sacred. A website, of course, is nothing but speech... A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain.
Two of the top three online chat forums belonging to the Islamic State of Iraq and the Levant (ISIL) are guarded by Cloudflare. According to Prince, U.S. law enforcement has not asked Cloudflare to discontinue the service, and they have not chosen to do so themselves.
In November 2015, hacktivist group Anonymous discouraged the use of Cloudflare's services following the ISIL attacks in Paris and the renewed accusation that Cloudflare aids terrorists. Cloudflare responded by calling the group "15-year-old kids in Guy Fawkes masks", and saying that whenever such concerns are raised they consult anti-terrorism experts and abide by the law.
Breaking with its long-standing policy of total content neutrality, Cloudflare ceased providing services to the neo-Nazi, white supremacist, and Holocaust denial commentary and message board website The Daily Stormer on August 16, 2017, in the aftermath of the fatal vehicular attack at the Charlottesville rally four days earlier. This dropped the website's protection against DDoS attacks, and soon thereafter attackers took down the website. Prince stated, "I woke up this morning in a bad mood and decided to kick them off the internet," and said that the tipping point in the decision was that "the team behind Daily Stormer made the claim that we were secretly supporters of their ideology." Andrew Anglin, editor for The Daily Stormer, denied that his team made such a claim. The move to disconnect The Daily Stormer from Cloudflare services was criticized as dangerous by Prince himself and the Electronic Frontier Foundation.
Awards and recognition
- Named the "Most Innovative Network & Internet Technology Company" by the Wall Street Journal in 2011 and 2012
- Recognized by the World Economic Forum as a Technology Pioneer in 2012
- Ranked among the world's 10 most innovative companies by Fast Company in 2012
- Awarded "Best Enterprise Startup" by TechCrunch at the 8th Annual Crunchies Awards in February 2015
- Ranked #11 on the Forbes Cloud 100 list in 2016 and 2017
The hacker group UGNazi attacked Cloudflare partially by exploiting flaws in Google's authentication systems in June 2012, gaining administrative access to Cloudflare and using it to deface 4chan. Cloudflare published in full the details of the hack. Following this, Google publicly announced they had patched the flaw in the Google Enterprise App account recovery process which had allowed the hackers to bypass two-step verification.
From September 2016 until February 2017, a major Cloudflare bug (nicknamed Cloudbleed) leaked sensitive data, including passwords and authentication tokens, from customer websites by sending extra data in response to web requests. The leaks resulted from a buffer overflow which occurred, according to analysis by Cloudflare, on approximately 1 in every 3,300,000 HTTP requests.
Cloudflare publishes a transparency report on a semi-annual basis to show how often law enforcement agencies request data about its clients.
In May 2017, ProPublica reported that Cloudflare as a matter of policy relays the names and email addresses of persons complaining about hate sites to the sites in question, which has led to the complainants being harassed. Cloudflare's general counsel defended the company's policies by saying it is "base constitutional law that people can face their accusers". In response to the report, Cloudflare updated their abuse reporting process to provide greater control over who is notified of the complaining party.
Spam and phishing support
This section relies too much on references to primary sources. (August 2019) (Learn how and when to remove this template message)
Cloudflare suffered a major outage in July 2019, which rendered more than 12 million websites (80% of all customers) unreachable for 27 minutes. The affected websites responded with a blank 502 error page. Cloudflare published internal investigation results in which the cause of the outage was pinpointed to a faulty regular expression.
The European Internet Exchange Association (Euro-IX) ranks CloudFlare sixth in the world for the number of connections to Internet exchange points, with presence at more than 90 of Euro-IX member IXPs.
- "Cloudflare, Inc. (NET) Income Statement". finance.yahoo.com.
- Anicas, Mitchell (July 30, 2015). "How To Mitigate DDoS Attacks Against Your Website with CloudFlare". DigitalOcean. Retrieved August 22, 2019.
- Swisher, Kara (December 17, 2013). "Cloudflare Reveals $50 Million "Secret" Funding". AllThingsD. Retrieved August 22, 2019.
- Schubarth, Cromwell (December 13, 2016). "Cloudflare beefs up app platform plans with startup acquisition". Silicon Valley Business Journal. Retrieved August 22, 2019. (Subscription required.)
- Graham-Cumming, John (July 17, 2019). "Cloudflare's new Lisbon office". The Cloudflare Blog. Retrieved August 22, 2019.
- Wong, Julia Carrie (August 28, 2017). "The far right is losing its ability to speak freely online. Should the left defend it?". The Guardian. ISSN 0261-3077. Retrieved August 22, 2019.
- Jones, Rhett (December 14, 2018). "Cloudflare Under Fire for Allegedly Providing DDoS Protection for Terrorist Websites". Gizmodo. Retrieved August 5, 2019.
- Sankin, Aaron (July 11, 2019). "The Dirty Business of Hosting Hate Online". Gizmodo. Retrieved August 5, 2019.
- Cook, Jesselyn (December 14, 2018). "U.S. Tech Giant Cloudflare Provides Cybersecurity For At Least 7 Terror Groups". HuffPost. Retrieved August 5, 2019.
- Captain, Sean (February 27, 2019). "Is Cloudflare a privacy champion or hate speech enabler? Depends who you ask". Fast Company. Retrieved August 5, 2019.
- Lee, Timothy B. (August 31, 2017). "Tech companies declare war on hate speech—and conservatives are worried". Ars Technica. Retrieved August 6, 2019.
- Prince, Matthew (August 16, 2017). "Why We Terminated Daily Stormer". The Cloudflare Blog. Retrieved August 5, 2019.
- Kelly, Makena (August 4, 2019). "Cloudflare to revoke 8chan's service, opening the fringe website up for DDoS attacks". The Verge. Archived from the original on August 5, 2019. Retrieved August 5, 2019.
- Wong, Julia Carrie (August 4, 2019). "8chan: the far-right website linked to the rise in hate crimes". The Guardian. ISSN 0261-3077. Retrieved August 5, 2019.
- Mezzofiore, Gianluca; O'Sullivan, Donie (August 5, 2019). "El Paso shooting is at least the third atrocity linked to 8chan this year". CNN. Retrieved August 5, 2019.
- Prince, Matthew (August 5, 2019). "Terminating Service for 8Chan". The Cloudflare Blog. Archived from the original on August 5, 2019. Retrieved August 5, 2019.
- Newman, Lily Hay (June 12, 2019). "Cloudflare's Five-Year Project to Protect Nonprofits Online". Wired. ISSN 1059-1028. Retrieved August 5, 2019.
- Henderson, Nicole (June 17, 2011). "Cloudflare Gets an Unusual Endorsement from Hacker Group LulzSec". Webhost Industry Review. Archived from the original on September 9, 2017. Retrieved August 21, 2019.
- "Our Story". Cloudflare. Retrieved August 22, 2019.
- "Cloudflare Beta". Project Honey Pot. Archived from the original on December 4, 2017. Retrieved August 22, 2019.
- Hesseldahl, Arik (June 10, 2011). "Web Security Start-Up Cloudflare Gets Buzz, Courtesy of LulzSec Hackers". All Things Digital. Retrieved August 15, 2011.
- Clark, Jack (March 1, 2013). "Cloudflare's Railgun protocol gets buy-in from web giants". The Register. Retrieved October 8, 2015.
- Lardinois, Frederic (February 26, 2013). "Cloudflare Partners With World's Leading Web Hosts To Implement Its Railgun Protocol, Speeds Up Load Times By Up To 143%". TechCrunch. Retrieved February 12, 2016.
- Schwartz, Mathew J. (February 11, 2014). "DDoS Attack Hits 400 Gbit/s, Breaks Record". Dark Reading. Retrieved August 22, 2019.
- Olson, Parmy (November 20, 2014). "The Largest Cyber Attack In History Has Been Hitting Hong Kong Sites". Forbes. Retrieved August 22, 2019.
- Arnfeld, Tom (April 11, 2017). "How we made our DNS stack 3x faster". The Cloudflare Blog. Retrieved August 22, 2019.
- Karaivanova, Maria (December 22, 2016). "Cloudflare – Making Your Website Fast, Safe, and Accessible Everywhere in the World" (Interview). Interviewed by Jackie Goldstein. Retrieved August 22, 2019.
- "CloudFlare". Crunchbase. Retrieved August 22, 2019.
- Hesseldahl, Arik (July 12, 2011). "Web Security Start-Up Cloudflare Lands $20 Million Funding Round". AllThingsD. Retrieved August 22, 2019.
- Milian, Mark (December 18, 2012). "Why a Fast-Growing Startup Tries to Keep Its Venture Funding Secret". Bloomblerg Technology. Bloomberg News. Retrieved August 22, 2019.
- Crook, Jordan (December 17, 2013). "Cloudflare Reveals $50M Round From Union Square Ventures". TechCrunch. Retrieved August 22, 2019.
- Hickins, Michael (December 17, 2013). "Cloudflare Raised $50M, Ready to Spend". The Wall Street Journal. Retrieved August 22, 2019.
- Miller, Ron (September 22, 2015). "Cloudflare Hints IPO Could Be Coming, But Not This Year". TechCrunch. Retrieved August 22, 2019.
- Kawamoto, Dawn (March 12, 2019). "Cloudflare's $150 million funding round puts its IPO plans in question". San Francisco Business Times. Retrieved March 12, 2019. (Subscription required.)
- Shieber, Jonathan (August 15, 2019). "Cloudflare files for initial public offering". TechCrunch. Retrieved August 22, 2019.
- Loizos, Connie (September 13, 2019). "Cloudflare co-founder Michelle Zatlyn on the company's IPO today, its unique dual class structure, and what's next". TechCrunch. Retrieved September 16, 2019.
- Lardinois, Frederic (February 24, 2014). "Cloudflare Acquires Anti-Malware Firm StopTheHacker". TechCrunch. Retrieved August 22, 2019.
- Yeung, Ken (December 13, 2016). "Cloudflare acquires app platform Eager, will sunset service in Q1 2017". VentureBeat. Retrieved December 28, 2016.
- Miller, Ron (November 14, 2017). "Cloudflare expands into mobile performance with Neumob acquisition". TechCrunch. Archived from the original on December 3, 2018. Retrieved April 2, 2019.
- US patent 8613089B1, Holloway, Lee Hahn; Srikanth N. Rao & Matthew Browning Prince et al., "Identifying a denial-of-service attack in a cloud-based proxy service", issued December 17, 2013
- Storm, Darlene (March 27, 2013). "Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps". Computerworld. Retrieved August 22, 2019.
- Markoff, John; Perlroth, Nicole (March 26, 2013). "Online Dispute Becomes Internet-Snarling Attack". The New York Times. Retrieved August 22, 2019.
- Gallagher, Sean (February 11, 2014). "Biggest DDoS ever aimed at Cloudflare's content delivery network". Ars Technica. Retrieved May 17, 2016.
- Kaushik, Mehul (April 6, 2017). "Cloudflare Web Application Firewall Review". Fanatic Entrepreneur. Archived from the original on April 8, 2017. Retrieved August 22, 2019.
- Jackson, Brian (September 17, 2015). "10 Best Free DNS Hosting Providers". KeyCDN Blog. Retrieved May 17, 2016.
- "July 2019 DNS Speed Comparison Report". SolveDNS. July 2019. Retrieved August 22, 2019.
- Prince, Matthew (April 1, 2018). "Announcing 188.8.131.52: the fastest, privacy-first consumer DNS service". The Cloudflare Blog. Retrieved August 22, 2019.
- Armasu, Lucian (April 2, 2018). "Cloudflare Launches Privacy-Focused 184.108.40.206 DNS Service". Tom's Hardware. Retrieved August 22, 2019.
- Cimpanu, Catalin (November 11, 2018). "Cloudflare launches Android and iOS apps for its 220.127.116.11 service". ZDNet. Retrieved August 22, 2019.
- Osborne, Charlie (April 28, 2016). "Cloudflare figured out how to make the Web one second faster". ZDNet. Retrieved May 17, 2016.
- "Internet Exchange Report". Hurricane Electric Internet Services. Hurricane Electric. August 21, 2019. Retrieved June 1, 2016.
- Masnick, Mike (June 14, 2019). "The Flipside To Figuring Out What Content Do You Block: Cloudflare's Project Galileo Focuses On Who It Should Protect". Techdirt. Retrieved August 5, 2019.
- Walk, Erin (June 14, 2019). "Project Galileo: the view from the front lines". The Cloudflare Blog. Retrieved August 5, 2019.
- Walk, Erin (December 21, 2018). "Athenian Project Turns One: Are Election Websites Safer?". The Cloudflare Blog. Retrieved August 5, 2019.
- "Cloudflare Registrar".
- "Cloudflare Access aims to replace corporate VPNs". TechCrunch. Retrieved December 7, 2019.
- "Log every request to corporate apps, no code changes required". The Cloudflare Blog. November 17, 2019. Retrieved December 7, 2019.
- Rambo, Guilherme (April 1, 2019). "Cloudflare announces Warp: a new free VPN service for iOS". 9to5Mac. Archived from the original on April 2, 2019. Retrieved April 2, 2019.
- Humphries, By Matthew; September 26, 2019 10:18AM EST; September 26, 2019. "Cloudflare Finally Launches Warp, But It's Not a Mobile VPN". PCMAG. Retrieved September 27, 2019.
- Security, Paul Wagenseil 2019-09-26T20:13:55Z. "WARP Promises Faster Speeds on Your Phone Without 5G, but Doesn't Quite Deliver Yet". Tom's Guide. Retrieved September 27, 2019.
- Davis, Vincy (September 27, 2019). "Cloudflare launches Warp and Warp Plus, its unlimited version". Packt Hub. Retrieved December 7, 2019.
- "Cloudflare Time Services". Cloudflare. Retrieved August 22, 2019.
- "Announcing cfnts: Cloudflare's implementation of NTS in Rust". Cloudflare. Retrieved October 31, 2019.
- Roose, Kevin (August 4, 2019). "8chan Is a Megaphone for Gunmen. 'Shut the Site Down,' Says Its Creator". The New York Times. ISSN 0362-4331. Retrieved August 5, 2019.
- O'Neill, Patrick Howell (November 17, 2014). "8chan is home to a hive of pedophiles". The Daily Dot. Retrieved August 5, 2019.
- Machkovech, Sam (August 17, 2015). "8chan-hosted content disappears from Google searches [Updated]". Ars Technica. Retrieved August 5, 2019.
- Lee, Timothy B. (December 4, 2017). "Cloudflare's CEO has a plan to never censor hate speech again". Ars Technica. Retrieved August 5, 2019.
- Johnson, Steven (January 16, 2018). "Inside Cloudflare's Decision to Let an Extremist Stronghold Burn". Wired. ISSN 1059-1028. Retrieved August 5, 2019.
- Citron, Danielle Keats (November 28, 2017). "What to Do about the Emerging Threat of Censorship Creep on the Internet" (PDF). Cato Institute. No. 282: 3–4 – via Cato.org.
- Keller, Daphne (August 15, 2017). "The Daily Stormer, Online Speech, and Internet Registrars". The Center for Internet and Society. Stanford Law School. Retrieved August 6, 2019.
- Shaban, Hamza (August 18, 2017). "Banning neo-Nazis online may be slippery slope, tech group warns Silicon Valley". The Washington Post. Retrieved August 6, 2019.
- "The Electronic Frontier Foundation - Project Galileo". Cloudflare. Retrieved August 5, 2019.
- Kohlmann, Evan F. (January 27, 2015). "Charlie Hebdo and the Jihadi Online Network: Assessing the Role of American Commercial Social Media Platforms" (DOC). United States House of Representatives. Retrieved August 22, 2019.
- Dewey, Caitlin (January 13, 2015). "This is what happens when you create an online community without any rules". The Washington Post. Retrieved August 22, 2019.
- "Web defender Cloudflare snarled in child abuse row". October 22, 2019. Retrieved November 15, 2019.
- Wong, Julia Carrie (August 3, 2019). "8chan: the far-right website linked to the rise in hate crimes". The Guardian. Retrieved August 3, 2019.
Three attackers in six months allegedly posted their plans on the site in advance. In an exclusive interview, Silicon Valley CEO [Matthew Prince] explains his ‘moral obligation’ to keep 8chan online
- Prince, Matthew (August 5, 2019). "Terminating Service for 8Chan". The Cloudflare Blog. Retrieved August 5, 2019.
- Robertson, Adi (August 5, 2019). "8chan goes dark after hardware provider discontinues service". The Verge. Retrieved August 22, 2019.
- Dredge, Stuart (August 12, 2013). "Cloudflare on censorship: 'A website is speech. It is not a bomb'". the Guardian.
- Yadron, Danny (September 29, 2014). "Cloudflare Pushes More Encrypted Web". The Wall Street Journal. Retrieved August 10, 2015.
- Kovacs, Eduard (March 17, 2014). "Underground Payment Card Store Rescator Hacked and Defaced". Softpedia News. Retrieved August 10, 2015.
- Krebs, Brian (January 15, 2015). "Spreading the Disease and Selling the Cure". Krebs on Security. Retrieved August 14, 2015.
- Hern, Alex (November 19, 2015). "Web services firm Cloudflare accused by Anonymous of helping Isis". The Guardian. Retrieved November 19, 2015.
- Hackett, Robert (November 18, 2015). "Anonymous' Gripes About ISIS Are 'Absurd,' CEO says". Fortune. Retrieved August 22, 2019.
- Peterson, Becky (August 17, 2017). "Cloudflare CEO explains his emotional decision to punt The Daily Stormer and subject it to hackers: I woke up 'in a bad mood and decided to kick them off the Internet'". Business Insider. Retrieved August 17, 2017.
- Ingram, David; Menn, Joseph (August 17, 2017). "Internet firms shift stance, move to exile white supremacists". Reuters. Retrieved August 17, 2017.
- Lee, Dave (August 17, 2017). "Why Cloudflare kicked out the neo-Nazis". BBC News. Retrieved August 17, 2017.
- Prince, Matthew (August 17, 2017). "Why We Terminated Daily Stormer". The Cloudflare Blog. Retrieved August 17, 2017.
- Brandom, Russell (August 16, 2017). "The Daily Stormer just lost the most important company defending it". The Verge. Retrieved August 22, 2019.
- Malcolm, Jeremy; Cohn, Cindy; O'Brien, Danny (August 17, 2017). "Fighting Neo-Nazis and the Future of Free Expression". Electronic Frontier Foundation. Retrieved August 22, 2019.
- Wong, Julia Carrie (August 4, 2019). "Investigators 'reasonably confident' Texas suspect left anti-immigrant screed". NBC News. Retrieved August 22, 2019.
- Wang, Shirley S.; Totty, Michael (October 17, 2011). "And the Rest of the Winners Are..." The Wall Street Journal. ISSN 0099-9660. Retrieved August 22, 2019.
- "WSJ: CloudFlare Named Most Innovative Internet & Networking Company, Second Year in a Row". The Cloudflare Blog. October 15, 2012. Retrieved August 22, 2019.
- "Technology Pioneer 2012 - Matthew Prince, Michelle Zatlyn & Lee Holloway (Cloudflare)". World Economic Forum. Archived from the original on April 2, 2015. Retrieved March 10, 2015.
- "Most Innovative Companies 2012 - Industries Top 10 - Web/Internet". Fast Company. February 10, 2012. Retrieved March 10, 2015.
- "8th Annual Crunchies Awards". TechCrunch. February 5, 2015. Retrieved August 22, 2019.
- "Cloud 100 2016". Forbes. Archived from the original on April 29, 2017. Retrieved August 22, 2019.
- "Cloud 100 2017". Forbes. Archived from the original on September 3, 2018. Retrieved August 22, 2019.
- Simcoe, Luke (June 14, 2012). "The 4chan breach: How hackers got a password through voicemail". Maclean's. Archived from the original on January 15, 2014. Retrieved August 22, 2019.
- Ms. Smith (June 3, 2012). "Hacktivists UGNazi attack 4chan, Cloudflare and Wounded Warrior Project". Privacy and Security Fanatic. NetworkWorld. Archived from the original on November 12, 2013. Retrieved August 22, 2019.
- Prince, Matthew (June 4, 2012). "The Four Critical Security Flaws that Resulted in Last Friday's Hack". The Cloudflare Blog. Retrieved August 22, 2019.
- Conger, Kate (February 23, 2017). "Major Cloudflare bug leaked sensitive data from customers' websites". TechCrunch. Retrieved August 22, 2019.
- Steinberg, Joseph (February 24, 2017). "Why You Can Ignore Calls To Change Your Passwords After Today's Massive Password Leak Announcement". Inc. Retrieved February 24, 2017.
- Molina, Brett (February 28, 2017). "Cloudfare bug: Yes, you should change your passwords". USA Today. Retrieved March 1, 2017.
- Kovacs, Eduard (July 15, 2015). "Cloudflare Releases Transparency Report for First Half of 2015". SecurityWeek. Wired Business Media. Retrieved August 22, 2019.
- Schwencke, Ken (May 4, 2017). "How One Major Internet Company Helps Serve Up Hate on the Web". ProPublica. Retrieved May 6, 2017.
- Prince, Matthew (May 7, 2017). "Anonymity and Abuse Reports". The Cloudflare Blog. Retrieved August 22, 2019.
- "Cloudflare and Spamhaus". Word to the Wise. July 16, 2017. Retrieved February 28, 2017.
- "The Spamhaus Project". The Spamhaus Project. Retrieved September 30, 2019.
- Edgecombe, Graham (October 12, 2015). "Certificate authorities issue SSL certificates to fraudsters". Netcraft. Retrieved October 14, 2015.
- Graham-Cumming, John (July 12, 2019). "Details of the Cloudflare outage on July 2, 2019". The Cloudflare Blog. Retrieved July 12, 2019.
- "Cloudflare 502 Outage". Cloudflare. July 2, 2019. Retrieved July 2, 2019.
- "Internet Exchange Report - Exchange Participants (BGP Toolkit)". BGP.HE.net.
- "AS13335 Cloudflare, Inc. (BGP Toolkit)". BGP.HE.net.
- "CloudFlare, Inc". euro-ix.net.
- Business data for Cloudflare, Inc.: