from Wikipedia, the free encyclopedia

legal form Corporation
ISIN US18915M1071
founding July 2009
Seat San Francisco , California , United States
United StatesUnited States 
management Matthew Prince ( CEO )
Branch Internet, content delivery network

Cloudflare, Inc. is a US company that provides a content delivery network , internet security services, and distributed Domain Name Server (DNS ) services that sit between the visitor and the Cloudflare user's hosting provider and act as a reverse proxy for Websites act. Cloudflare is headquartered in San Francisco , California with additional offices in London , Singapore , Champaign , Austin , Boston and Washington, DC


Michelle Zatlyn, Lee Holloway and current CEO Matthew Prince developed Cloudflare in 2009, and the official launch was announced in September 2010 at the TechCrunch Disrupt Conference. In 2010 around 150 million interactions by individual users with 5 billion page views per month were counted. At the beginning of 2012, the service secured around 250,000 websites against peaks in demand, for example. In March 2013, more than three times as much, around 780,000 pages, was given as the current status.

The hacker group LulzSec , active in 2011 , used the platform to operate their website after the previous provider was unable to provide sufficient capacity. After some high-profile actions, the hack of Sony's website and the theft of a million login data or the distributed denial-of-service of the CIA website, leading media and blogs led a broad and controversial debate as to whether Cloudflare merely listed LulzSec's appearance without a court order Requests the CIA should take offline. Cloudflare invoked freedom of information in a blog post and refused, citing censorship.

In June 2012, Cloudflare partnered with various web hosts to implement its Railgun technology. Railgun aims to speed up pages that change often, such as news, by downloading only the often minor changes from the publisher, while the rest is still provided from Cloudflare's cache.

Also in June 2012 succeeded the hacker group UGNazi , through gaps in Google's user authentication the website 4chan to deface that was supposed to be protected by the service.

In addition to the appearance of the band Metallica and various state institutions, Wikileaks is also one of the customers Cloudflares, which also led to a broad media coverage after ongoing attacks on Wikileaks.

In February 2013, the Zero Science Lab published a comparative report on how vulnerable Cloudflare's web application firewall would be via penetration testing . Compared to the two competitors, Cloudflare proved to be the least resistant.

In 2013, Cloudflare joined Mozilla 's call for greater transparency in user data queries by the US government ("The Internet Sector calls for Greater Transparency in Requests for User Data"), which was published in StopWatching.Us , an open letter to the United States Congress , rose.

In August 2013, Cloudflare came under fire because it also secures the website of the Kavkaz Center , which reports on Chechnya and on which some content was classified as extremist by security experts. The company's management rejected the allegations, citing the tradition of freedom of expression in the United States : “A website is speech. It is not a bomb. "

In February 2014, Cloudflare weakened the largest DDoS attack ever recorded at the time, the peak of which was 400 Gbit / s against an undisclosed customer. In November 2014, Cloudflare reported another massive DDoS attack targeting independent media websites running at 500 Gbit / s.

Since September 29, 2014, Cloudflare has been offering all customers free SSL encryption under the name Universal SSL , which is implemented using Server Name Indication .

According to an article from on July 22, 2015 , all DNS queries for the domain of the German Bundestag “” and its subdomains are answered by Cloudflare . The press department of the German Bundestag confirmed this in part in a cautious statement to the blog.

On February 24, 2017, it became known that due to a security gap it was possible to access transmitted data for months - even from encrypted connections. a. Position data of users of the Uber service , private chat messages from the dating site OkCupid and video frames from erotic portals.

As part of the discussions about the right-wing American side The Daily Stormer , Cloudflare terminated their contract in August 2017. The side was unable to counter the following DDoS attacks and was no longer available. Cloudflare CEO Matthew Prince rated his behavior as critical. According to his own statement, he had too much power, since not a single person should be able to decide on the existence of a website.

Since mid-2018, Cloudflare has been hosting the servers for Mozilla to provide the DNS over HTTPS (DoH) service. Strict data protection agreements were made here.

Financing rounds

In November 2009, Cloudflare received $ 2.1 million in a Series A round from Pelion Venture Partners and Venrock . In July 2011, Cloudflare received $ 20 million in a Series B round from New Enterprise Associates, Pelion Venture Partners, Venrock. In December 2012, Cloudflare received $ 50 million in a Series C Round from New Enterprise Associates, Pelion Venture Partners, Venrock, Union Square Ventures, and Greenspring Associates. In December 2014, Cloudflare received $ 110 million in a Series D round led by Fidelity Investments and with participation from Google Capital, Microsoft, Qualcomm and Baidu. Since September 13, 2019, Cloudflare has been traded on the NYSE stock exchange under the symbol NET, and raised $ 525 million through the sale of the shares.


In June 2014, Cloudflare acquired CryptoSeal, which was founded by Ryan Lackey, in a deal aimed at expanding security services for web users. In February 2014, StopTheHacker was acquired, which offers malware detection, automatic malware removal, protection of IT reputation and monitoring of black lists. In December 2016, Cloudflare took over Eager with the prospect of upgrading Cloudflare's apps platform to enable drag-and-drop installations of third-party apps on Cloudflare-enabled websites.


DDoS protection

Cloudflare offers all customers the “I'm Under Attack Mode” setting. According to Cloudflare, this can mitigate advanced level 7 attacks by displaying a JavaScript math problem that must be solved before a user can access a website.

Cloudflare fended off a DDos attack on SpamHaus that exceeded 300 Gbit / s. Akamai's chief architect stated that it was "the largest publicly disclosed DDoS attack in the history of the Internet". Cloudflare has also reportedly intercepted attacks that peaked above 400 Gbps in an NTP reflective attack.

Web application firewall

Cloudflare allows customers with paid plans to use a web application firewall service by default. In addition to Cloudflare's own rule set and the rule sets for popular web applications, the firewall has the OWASP ModSecurity core rule set.

Domain name server

Cloudflare offers a free Domain Name Server (DNS) for all clients supported by an anycast network. According to W3Cook, Cloudflare's DNS service currently operates over 35% of the DNS domains it hosts. SolveDNS found that Cloudflare consistently had one of the fastest DNS search speeds in the world with a reported search speed of 8.66 ms in April 2016.

Reverse proxy

A key feature of Cloudflare is the reverse proxy for web traffic. Cloudflare supports new web protocols including SPDY and HTTP / 2 . In addition, Cloudflare offers support for HTTP / 2 server push. Cloudflare also supports proxy operations for websockets.

Content Delivery Network

The Cloudflare network has the highest number of connections to Internet nodes of any network in the world. Cloudflare stores content in peripheral locations to act as a content delivery network (CDN). All requests are then sent through Cloudflare as a reverse proxy and the cached content is served directly by Cloudflare.


Cloudflare has been very clear on its support for free speech , with CEO Matthew Prince explaining:

“One of the greatest strengths of the United States is a belief that speech, particularly political speech, is sacred. A website, of course, is nothing but speech. [...] A website is speech. It is not a bomb. There is no imminent danger it creates and no provider has an affirmative obligation to monitor and make determinations about the theoretically harmful nature of speech a site may contain. "

“One of America's greatest strengths is the belief that speeches, and especially political speeches, are sacred. A website is of course nothing more than a speech […] A website is a speech. It's not a bomb. There is no immediate danger from it and no provider is expressly obliged to monitor and must determine the theoretically dangerous nature of the language that a website may contain. "

Cloudflare publishes a semi-annual transparency report to show how often law enforcement agencies request data about its customers.


Cloudflare provides DNS services for 6 million websites, some of which are popular ones like Uber , OkCupid, and Fitbit . According to W3Techs, Cloudflare is used by 11.6% of the top 10 million websites, making it the most popular reverse proxy service.

Awards and recognitions

  • In February 2015 TechCrunch named "Best Enterprise Startup" at the 8th Annual Crunchies Awards.
  • Named "Most Innovative Network & Internet Technology Company" by the Wall Street Journal for two years in a row.
  • In 2012, Cloudflare was recognized as a technology pioneer by the World Economic Forum .
  • In 2012, according to Fast Company, was one of the 10 most innovative internet companies in the world.
  • In 2016, Cloudflare was ranked 11th on the "Forbes Cloud 100" list.


In a report by the European Commission, the company is accused of not doing enough against copyright infringement on its platform. Accordingly, the report estimates that Cloudflare is used by approximately 40% of all websites that illegally offer copyrighted material. Of the 500 infringing domains with the most visitors, according to Alexa Rank , 62%. The response on the part of Cloudflare to inquiries regarding copyright infringement is further classified as insufficient.

Web links

Individual evidence

  1. CloudFlare Reveals $ 50 Million “Secret” Funding - From One Year Ago . AllThingsD.
  2. Cloudflare beefs up app platform plans with startup acquisition. , accessed February 28, 2017.
  3. Our story . Cloudflare. Retrieved August 15, 2011.
  4. ^ Nicole Henderson: CloudFlare Gets an Unusual Endorsement from Hacker Group LulzSec . In: Webhost Industry Review . June 17, 2011. Retrieved August 15, 2011.
  5. a b How Lulzsec protected itself from hacks , Retrieved July 14, 2013
  6. Router update sweeps 785,000 websites out of the net , Retrieved July 24, 2013.
  7. An inside view of Lulzsec's hacking rampage , Retrieved July 14, 2013.
  8. How we got caught in lulzsec CIA crossfire , Retrieved July 14, 2013.
  9. On LulzSec, Censorship & CloudFlare ( Memento from July 27, 2013 in the Internet Archive ), Retrieved July 14, 2013.
  10. Cloudflare Partners With World's Leading Web Hosts To Implement Its Railgun Protocol, Speeds Up Load Times By Up To 143%. In: TechCrunch. Retrieved January 6, 2019 (American English).
  11. 4chan hacked by breaking into CloudFlare Server . Retrieved July 14, 2013.
  12. CloudFlare Was Down Due To Edge Routers Crashing, Taking Down 785,000 Websites Including 4chan, Wikileaks, , Retrieved July 24, 2013.
  13. ^ CloudFlare Helps Save Wikileaks' Bacon , Retrieved July 24, 2013.
  14. CloudFlare vs Incapsula vs ModSecurity - A Comparative Penetration Testing Analysis Report . Zero Science Lab. Retrieved November 2, 2018.
  15. ^ The Internet Sector Calls for a Greater Transparency , Retrieved July 24, 2013.
  16. ^ Greg Simons (Swedish National Defense College): Mass Media and Modern Warfare. Ashgate 2010, pp. 184-185, ISBN 978-0-7546-7472-6 .
  17. ^ CloudFlare on censorship: 'A website is speech. It is not a bomb. ' dated August 12, 2013
  18. The Largest Cyber ​​Attack In History Has Been Hitting Hong Kong Sites . Forbes.
  19. Introducing Universal SSL . September 29, 2014. Retrieved December 16, 2014.
  20. CloudFlare: German Bundestag is getting Internet from US providers again, this time for its own websites. of July 22, 2015
  21. Kate Conger: Major Cloudflare bug leaked sensitive data from customers' websites. In: Techcrunch. February 24, 2017, accessed February 24, 2017 .
  22. heise online: "I can do that because I'm CEO": Cloudflare boss violates neo-Nazi side - it goes offline. Retrieved August 18, 2017 .
  23. Cloudflare Resolver for Firefox . Cloudflare. Retrieved July 26, 2018.
  24. CloudFlare Hints IPO Could Be Coming, But Not This Year . .
  25. ^ Cloudflare jumps in trading debut after raising 525 million
  26. Cloudflare acquires app platform Eager, will sunset service in Q1 2017 . VentureBeat.
  27. Cloudflare Web Application Firewall Review ( Memento April 8, 2017 in the Internet Archive ). Fanatic Entrepreneur
  28. April 2016 DNS Speed ​​Comparison Report .
  29. CloudFlare figured out how to make the Web faster one second . ZDNet
  30. Internet Exchange Report . Hurricane Electric .
  32. ^ CloudFlare Releases Transparency Report for First Half of 2015 . Wired business media
  33. Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug . The Register
  34. Usage Statistics and Market Share of Reverse Proxy Services for Websites, January 2020. In: Retrieved January 28, 2020 (English).
  35. Winners. Retrieved December 16, 2018 (American English).
  36. Technology Innovation Awards - Network And Internet Technologies. In: Wall Street Journal, October 16, 2012, accessed December 16, 2018 .
  37. CloudFlare. In: Digital Transformation. Retrieved December 16, 2018 (American English).
  38. The 2012 Top 10 Most Innovative Companies by Sector: Internet. Retrieved December 16, 2018 (American English).
  39. Forbes Cloud 100 . Forbes.
  40. European Commission: Counterfeit and Piracy Watch List. December 7, 2018, p. 21 , accessed December 12, 2018 .