What's New at Cloudflare

At Cloudflare we're dedicated to constantly improving our product. Read below to find out the latest updates.

  • feature2019 Q3

    Announcing Subdomain Support for Enterprise Customers

    Thu, August 1, 2019 

    Enterprise customers now have Subdomain Support enabled by default. Cloudflare Subdomain Support simplifies management of Cloudflare performance and security for subdomains and provides several additional benefits.

    Subdomain Support allows designated teams within your organization to control Cloudflare settings for a specific subdomain, while your central IT team maintains control of your root or parent domain. For example, Cloudflare settings for support.example.com can be managed completely separately from example.com. For more information and instructions, see the support document.

  • product2019 Q2

    AMP Real URL Entering Open Beta

    Wed, June 26, 2019 

    We have rolled out the beta of AMP Real URL to all users. Accelerated Mobile Pages (AMP) is a Google feature that allows you to serve your mobile site from Google’s cache. Not only does this speed up the delivery of your site, but it is also viewed favorably by Google’s search algorithm. One side effect of using AMP is that users will see a path that starts with ‘google.com/amp' in the URL bar. This can confuse your users and hurt your brand.

    Cloudflare’s AMP Real URL lets you retain your URL attribution on AMP pages by digitally signing content submitted to Google’s web crawler, proving that the content belongs to you. You can access AMP Real URL in the ‘speed’ tab of your dashboard; for more details on how it works please see the blog post.

  • feature2019 Q2

    Firewall Events can now be seen in Cloudflare Logs

    Tue, June 18, 2019 

    Firewall events can now be seen in Cloudflare Logs, which is available for all enterprise customers. Previously, customers using Cloudflare Logs had to decode our pathingStatus and pathingOps to understand what was happening during a request; the only way to get more details was by manually checking Firewall Events. But now you can see a breakdown of every service and rule that touched a request directly from Cloudflare Logs, providing you with better and clearer insights.

  • feature2019 Q2

    Updates to Audit Logs API

    Thu, May 23, 2019 

    We are constantly working on improvements to our API so that all Cloudflare customers can have easy access to their data. Previously, Audit Logs API only supported querying by "day". It now supports down to the minute resolution for the since and before fields. The Audit Logs API will also be modified to return records with a maximum age of 18 months. Previously, queries were unbounded and this had a detrimental performance impact.

    In addition, ALL Cloudflare APIs now include a standard response envelope, which includes an errors field. Previously, Audit Logs would return null for errors, instead of an empty array, which is the standard.

  • product2019 Q2

    Workers KV is Now in General Availability

    Fri, May 17, 2019 

    Workers KV is now out of beta and in GA for all Cloudflare customers. Workers KV is a highly distributed, eventually consistent, key-value store that spans Cloudflare's global edge. It allows you to store billions of key-value pairs and read them with ultra-low latency anywhere in the world so you can build entire applications with the performance of a CDN static cache.

    Workers KV enables you to store persistent data on the edge and quickly access that data with an API call. Some examples of functionality you can build with Workers KV include mass redirects and user authentication for apps. You can try Workers KV today by accessing it in the Workers tab in your dashboard.

  • feature2019 Q2

    Introducing Functions in Firewall Rules

    Wed, May 1, 2019 

    A new feature in Firewall Rules called “Functions” is now available to customers on all plans. Functions will allow a customer to have better control and flexibility to evaluate attributes. Our first two transformations are an "upper" and "lower" function.

    One of the biggest challenges with Wordpress and other applications, is that they automatically sanitize URLs to improve user-experience. The negative impact of this is it makes security more challenging. These functions will disable case sensitivity for that field, and you can now evaluate in either UPPER case or lower case. This does not change the actual request, it purely changes the case during the evaluation of the attribute. For examples and documentation please see the developer docs.

  • feature2019 Q2

    Cloudflare is officially ISO 27001:2013 compliant

    Fri, April 26, 2019 

    ISO 27001 is a security certification that is used as a international standard for managing risks to information security. It is published by the International Organization for Sandardization (ISO). Receiving this certification means that an organization has met a set of strict requirements in the implementation of their Information Security Risk Management System (ISMS).

    To maintain this certification, an organization must be regularly audited by a certifying body who will ensure that the proper standards are being met. This means that Cloudflare customers can have peace of mind knowing that we are preserving the confidentiality, integrity, and availability of your information. You can see the full list of our security certifications on our Compliance page.

  • feature2019 Q1

    Announcing Concurrent Streaming Acceleration

    Tue, March 26, 2019 

    We have improved the way we deliver large file downloads for all of our customers. Concurrent streaming acceleration is a new way of delivering large, uncached files to multiple clients simultaneously. Previously, when several users requested an uncached file, the first user to ask for the file would have to finish downloading for the file to be cached and delivered to the other users. With Concurrent Streaming Acceleration, several users can simultaneously download the file while it is being added to the Cloudflare CDN cache.

    This change is live across all of Cloudflare, and will be particularly helpful for streaming live video to multiple users via Cloudflare Stream. Several users have noticed a drop in “cache lock wait time,” i.e. how long a request must wait for other requests – since we rolled out this change.

  • feature2019 Q1

    Cloudflare is now certified SOC 2 Type 1 compliant

    Thu, March 14, 2019 

    This week we received our SOC 2 Type 1 compliance report. This report evaluates Cloudflare on three trust service principles of SOC 2: Security, Availability, and Confidentiality. SOC 2 is a compliance certification that focuses on internal controls of an organization related to five trust principles: Security, Confidentiality, Processing Integrity, Availability, and Privacy.

    To maintain this certification, an organization must be regularly audited by a certifying body who will ensure that the proper standards are being met. This certification means Cloudflare customers can rest assured that their data is being kept private and protected. Enterprise customers can get in touch if they want to see a copy of the report.

  • feature2019 Q1

    Announcing L4 DoS Analytics for Enterprise

    Wed, March 6, 2019 

    This week we release Layer 4 DoS analytics in the dashboard for enterprise customers. Enterprise users will now be able to see both Layer 7 analytics in the form of dropped HTTP requests per second as well as Layer 4 analytics in the form of dropped TCP packets per second.

    Layer 4 (transport layer) attacks exploit a vulnerability in the TCP handshake in an attempt to max out the maximum number of TCP connections. Meanwhile layer 7 (application layer) attacks attempt to overwhelm a service with HTTP requests. Seeing analytics for both can help you understand what kind of attacks you are facing and what type of protection you need.

  • feature2019 Q1

    Firewall Analytics

    Fri, March 1, 2019 

    Insights into security events are critical for monitoring the health of web applications. Today, Cloudflare announced new Firewall Analytics which will help our Enterprise customers get detailed insights into firewall events, helping them to tailor their security configurations more effectively.

  • product2019 Q1

    Cloudflare Logs - Granular Insights Into Your Traffic

    Mon, February 25, 2019 

    Improve your application’s performance and security by tuning your Cloudflare configuration. Investigate and debug errors and security mitigations reported by your end users. Build customized analytics in the tools you already use.

  • feature2019 Q1

    Access service tokens

    Thu, February 7, 2019 

    Access improves the security of service-to-service connections by adding service token authentication to the protections offered by Cloudflare. With service tokens, customers can now extend access control to automated tools, scripts, and bots.

  • feature2019 Q1

    Workers Cache API

    Fri, January 25, 2019 

    Cache API now works with Workers to give customers greater, more fine grained control over Cloudflare's caching behavior. This API will now allow customers to cache objects that were traditionally uncacheable, for example caching POST requests.

  • feature2019 Q1

    Increased load balanced origins support

    Fri, January 18, 2019 

    Customers on Free, Pro and Business plans can now purchase load balancing support for up to 20 origins. This increased support allows customers to build a more resilient global infrastructure that ensures their customers are served content from locations closest to them, with the lowest latency.

  • feature2018 Q4

    Access Service to Service

    Fri, December 21, 2018 

    Access improves the security of service-to-service connections by adding service token authentication to the protections offered by Cloudflare.

  • feature2018 Q4

    Traffic Acceleration with Cloudflare Mobile SDK

    Thu, December 13, 2018 

    We’re excited to announce early access for Traffic Acceleration with Cloudflare Mobile SDK. Acceleration uses novel transport algorithms built into the SDK to accelerate apps beyond the performance they would see with TCP. Enabling Acceleration through the SDK reduces latency, drives down network timeouts, and improves app user experiences.

  • feature2018 Q4

    Access TLS Client Authentication

    Fri, December 7, 2018 

    Access now supports mutual TLS (mTLS) authentication. Mutual TLS authentication ensures that the traffic is secure and trusted in both directions between a client and server. This type of authentication can be used for allowing requests such as Internet of Things devices, that do not login with an identity provider, to demonstrate that they have permissions to reach a given resource. Organizations will be able to use mutual TLS authentication as a second layer of authentication for users or as the primary method of authentication for connected devices.

  • feature2018 Q4

    Access - SSH Support

    Fri, November 16, 2018 

    Access can authenticate users who want to use SSH (Secure Shell). This removes the need for a VPN by developers, IT, and support to use this service while providing secure authentication and integration with major identity providers.

  • blog2018 Q4

    Access enables a Zero Trust Command Line Interface (CLI) authentication to APIs

    Fri, October 5, 2018 

    Increase performance for users using APIs over CLI by authenticating near them, not in a far away VPN server. Simplify and reduce costs for deployment, configuration, and maintenance. Tightly control authorization through granular policies based on attributes such as users, IP ranges, and application URLs.

  • feature2018 Q4

    Cloudflare Dashboard: Single Sign-On support

    Wed, October 3, 2018 

    The Cloudflare dashboard now supports Single Sign On (SSO) for ease of centralized identity and access management. Reduce user provisioning times and avoid password sprawl, with a seamless SSO experience that supports your existing identity providers.

  • feature2018 Q4

    Access Single Sign On (SSO) for On Premise Confluence or JIRA

    Tue, October 2, 2018 

    Customers have secure SSO access to Confluence or JIRA. Instead of entering credentials twice, users authenticate only once through Access.

  • feature2018 Q4

    Cloudflare Workers: WebAssembly Support

    Mon, October 1, 2018 

    Cloudflare Workers now support the inclusion of WebAssembly modules. WebAssembly support allows developers to run code inside of Cloudflare Workers written in almost any language including: Rust, Go, C, C++, and others.

  • product2018 Q3

    Cloudflare Workers KV: Beta

    Fri, September 28, 2018 

    Cloudflare Workers KV provides access to a secure low latency key-value store at all 154 Cloudflare data centers. Developers can use Cloudflare Workers and Workers KV to augment existing applications or to build entirely new applications on top of Cloudflare's global cloud network. Workers KV scales seamlessly to support applications serving dozens or millions of users.

  • product2018 Q3

    Cloudflare Registrar: Early Access Program

    Thu, September 27, 2018 

    Cloudflare Registrar lets you securely register and manage your domain names with transparent, no-markup pricing that eliminates surprise renewal fees and hidden add-on charges. Be one of the first to transfer your domains to Cloudflare. Sign up today for the Cloudflare Registrar Early Access.

  • feature2018 Q3

    Encrypted Server Name Indication (SNI)

    Mon, September 24, 2018 

    Server Name Indication (SNI) does not conceal the requested hostname in the ClientHello message during TLS negotiation. This allows intermediaries to have visibility into the hostnames of websites visited by users. Exposing the hostname means that the privacy of users can be compromised, content can be censored, or traffic can be served with discriminatory quality-of-service. Encrypted SNI keeps the hostname private when a user is visiting an ESNI-enabled site on Cloudflare by concealing the browser’s requested hostname from anyone listening on the Internet. All domains on Cloudflare using our authoritative name servers get Encrypted SNI enabled as default.

  • feature2018 Q3

    Roughtime protocol support

    Fri, September 21, 2018 

    Cloudflare improves the accuracy of time for TLS handshakes through a rough, authenticated time-synchronization based on Google’s Roughtime protocol. By running a Roughtime service, we enable clients to securely keep approximately correct time, which reduces erroneous authentication from 'clock skew' and increases security through wider adoption of short-lived HTTPS certificates.

  • feature2018 Q3

    Layer 4 Load Balancing and Health Checks

    Thu, September 20, 2018 

    Cloudflare now supports load balancing for non-HTTP/S traffic across multiple origins for increased availability and performance when deployed with Spectrum.

  • feature2018 Q3

    The Cloudflare Onion Service

    Thu, September 20, 2018 

    Cloudflare will run an Onion Service on its network. Tor users visiting sites that have enabled this feature will be scored for reputation differently from general Tor traffic. This will result in fewer CAPTCHAs for human Tor users while protecting the site from malicious actors and reducing exit node tampering.

  • feature2018 Q3

    RPKI support for all domains

    Wed, September 19, 2018 

    Cloudflare supports the RPKI-framework for two important parts of Internet transit: signing BGP routes it announces for all Cloudflare domains, and validating announced IP addresses when routing traffic through its global network. Authenticating BGP routes with public key signing helps prevents visitors or origins on RPKI compliant ISP's from being hijacked.

  • feature2018 Q3

    Automatically Provision and Maintain DNSSEC

    Tue, September 18, 2018 

    Provision and manage DNSSEC from within the Cloudflare dashboard instead of logging into the supported registrar.

  • product2018 Q3

    Distributed Web Gateway

    Mon, September 17, 2018 

    Simplify, speed up, and secure read-only access to files stored on the InterPlanetary File System (IPFS), a peer-to-peer protocol for storing content.

  • feature2018 Q3

    Cloudflare Workers Terraform Provider Support

    Thu, September 13, 2018 

    The Cloudflare Provider for Terraform now supports deployment and configuration of Cloudflare Workers. Users of Terraform can now include Cloudflare Workers as another part of their configuration as code approach to infrastructure.

  • feature2018 Q3

    Serverless Framework Integration

    Tue, September 11, 2018 

    Deploy projects to Cloudflare Workers quickly and consistently using the Serverless Framework.

  • feature2018 Q3

    Spectrum supports multiple ports for TCP applications

    Thu, August 23, 2018 

    Spectrum allows TCP applications to support proxying multiple ports on the same hostname. A single application with multiple ports, (e.g. SMTP, which uses ports 25, 465, and 587) can be proxied through Cloudflare using the same hostname to protect it from DDoS attacks.

  • product2018 Q3

    Cloudflare Stream is now generally available

    Tue, August 7, 2018 

    Cloudflare Stream makes streaming high quality video at a global scale easy and affordable. Eliminate the effort of delivering high quality video with a massive, globally distributed video delivery network. Use a single, integrated workflow through a robust API or drag and drop UI that includes video encoding, global delivery, and customizable player.

  • feature2018 Q3

    Access supports reusable nested groups and bypass policies

    Tue, July 24, 2018 

    Cloudflare Access now provides more granular control by supporting reusable nested user groups and bypass policies that include IP address whitelisting. Access policies based on user groups automatically apply rules to all users in the defined group, simplifying the creation and management of policies. Access rules can also enable traffic to bypass authentication. You can whitelist specific IP addresses, address ranges, or open up specified endpoints to the public internet.

  • product2018 Q3

    Cloudflare Access is now generally available

    Tue, July 24, 2018 

    No VPN required. Cloudflare Access enables easy, secure, and fast access to internal applications wherever they are, from whatever device. Leverage a Zero Trust security framework with existing identity providers like Google™, Facebook™, Okta™, Github™, and more. Get your first 5 users per month for free.

  • feature2018 Q3

    Dynamic Steering

    Tue, July 10, 2018 

    Dynamic steering is a load balancing feature that automates traffic steering across origins in multiple geographic regions. Round-trip time (RTT) for health checks is calculated across multiple pools of load balanced servers and origins to determine the fastest server pools. This RTT data enables the load balancers to identify the fastest pools, and to direct user requests to the most responsive origins.

  • feature2018 Q3

    Support for New DNS Record Types

    Thu, July 5, 2018 

    Cloudflare's DNS now supports the following record types: CERT, DNSKEY, DS, NAPTR, SMIMEA, SSHFP, TLSA, and URI via the web and API.

  • feature2018 Q2

    FQDN Resolution of Load Balanced Origins at the Edge

    Thu, June 28, 2018 

    Cloudflare now resolves fully qualified domain name (FQDN) origins at the edge rather than centrally. This allows load balancers to better support origins that utilize geo-DNS or other dynamic responses.

  • feature2018 Q2

    Developer Portal Q2 Update

    Mon, June 11, 2018 

    The Developer Portal has been updated in Q2 to include improved search, documentation for new products, and listings of upcoming Cloudflare community events.

  • feature2018 Q2

    Rocket Loader Upgrade

    Fri, June 1, 2018 

    Rocket Loader has been updated to deliver faster performance for website paint & load times by prioritising website content over JavaScript. Majority of mobile devices are now supported. Increased compliance with strict content security policies.

  • product2018 Q2

    Stream Delivery

    Thu, May 31, 2018 

    Cloudflare’s Stream Delivery solution offers fast caching and delivery of video content across our network of 150+ global data centers.

  • feature2018 Q2

    Deprecating TLS 1.0 and 1.1 on api.cloudflare.com

    Tue, May 29, 2018 

    On June 4, Cloudflare will be dropping support for TLS 1.0 and 1.1 on api.cloudflare.com. Additionally, the dashboard will be moved from www.cloudflare.com/a to dash.cloudflare.com and will require a browser that supports TLS 1.2 or higher.

  • feature2018 Q2

    Rate Limiting has new Actions and Triggers

    Mon, May 21, 2018 

    Rate Limiting has two new features: challenges (CAPTCHA and JS Challenge) as an Action; and matching Header attributes in the response (from either origin or the cache) as the Trigger. These features give more control over how Cloudflare Rate Limiting responds to threshold violations, giving customers granularity over the types of requests to "count" to fit their different applications. To learn more, go to the blog post.

  • feature2018 Q2

    Support purge-by-tag for large tag sizes

    Thu, May 10, 2018 

    The Cache-Tag header now supports up to 1000 tags and a total header length of 16kb. This update simplifies file purges for customers who deploy websites with Drupal.

  • feature2018 Q2

    Multi-User Access on dash.cloudflare.com

    Wed, May 2, 2018 

    Starting May 2 2018, users can go to the new home of Cloudflare’s Dashboard at dash.cloudflare.com and share account access. This has been supported at our Enterprise level of service, but is now being extended to all customers.

  • feature2018 Q2

    Support full SSL (Strict) mode validation for CNAME domains

    Thu, April 12, 2018 

    Cloudflare is now able to validate origin certificates that use a hostname's CNAME target in Full SSL (Strict) mode. Previously, Cloudflare would not validate any certificate without a direct match of the HTTP hostname and the certificate's Common Name or SAN. This update allows SSL for SaaS customers to more easily enable end-to-end security.

  • product2018 Q2

    Cloudflare Spectrum

    Thu, April 12, 2018 

    Spectrum protects TCP applications and ports from volumetric DDoS attacks and data theft by proxying non-web traffic through Cloudflare’s Anycast network.

  • feature2018 Q2

    Workers Can Control Cache TTL by Response Code

    Wed, April 11, 2018 

    Cloudflare workers can now control cache TTL by response code. This provides greater control over cached assets with Cloudflare Workers.

  • product2018 Q2

    Argo Tunnel

    Thu, April 5, 2018 

    Argo Tunnel ensures that no visitor or attacker can reach your web server unless they first pass through Cloudflare. Using a lightweight agent installed on origin infrastructure, including containers or virtual machines, Cloudflare creates an encrypted tunnel between its nearest data center and an application’s origin server without opening a public inbound port.

  • product2018 Q1

    Cloudflare Nimbus

    Fri, March 23, 2018 

    Cloudflare is strengthening the Certificate Transparency (CT) ecosystem with our introduction of Nimbus, a free and open CT log. Certificate Transparency improves security online by bringing accountability to the system that protects HTTPs. Additionally, we have published Merkle Town, a dashboard for exploring and monitoring the certificate transparency ecosystem.

  • feature2018 Q1

    Load Balancing Configurable Weighting

    Thu, March 8, 2018 

    Configurable weighting allows for user defined weighting for how much traffic an origin server receives.

  • feature2018 Q1

    Secondary DNS

    Fri, March 2, 2018 

    Cloudflare can easily be setup as a secondary DNS provider. When records are edited with the primary DNS provider, the corresponding records at Cloudflare are automatically updated.

  • feature2018 Q1

    User Agent Blocking Rules

    Wed, February 28, 2018 

    Create a rule to block or challenge a specific User Agent from accessing your domain. This works similarly to Zone Lockdown, except the block examines incoming User-Agent strings rather than IPs. User Agent blocking applies to an entire zone, and sub-domains cannot not be specified.

  • feature2018 Q1

    Zone Lockdown

    Wed, February 28, 2018 

    Zone Lockdown allows for the whitelisting of specific IP addresses and IP ranges, whereby all other IPs are effectively blacklisted. This supports specific sub-domains and URLs and is useful to protect an administrative area from non-specified IP addresses.

  • product2018 Q1

    Cloudflare Workers Beta is Now Open

    Thu, February 1, 2018 

    Cloudflare Workers lets you run JavaScript on Cloudflare’s edge, deploying globally to over 120+ data centers around the world in less than 30 seconds. Your code can intercept and modify any request made to your website, make outbound requests to any URL on the Internet, and replace much of what you might need to configure your CDN to do today.

  • feature2018 Q1

    Cache Deception Armor

    Fri, January 19, 2018 

    In light of cache deception attacks, we have released a tool called Cache Deception Armor to help our customers make sure only assets that should be cached are being cached.

  • product2018 Q1

    Cloudflare Access

    Wed, January 17, 2018 

    Cloudflare Access offers secure application access without a VPN. Users can secure, authenticate, and monitor user access to any domain, application, or path on Cloudflare.

  • feature2018 Q1

    Load Balancing Event Logs

    Tue, January 16, 2018 

    Load Balancing event logs allow for the review and filtering of status changes of your Load Balancing Origins and Pools.

  • feature2017 Q4

    Support for Cache-Control Header Extensions

    Thu, December 14, 2017 

    Cloudflare now supports additional HTTP cache-control directives. These headers allow more control over content caching behavior and enable our cache to handle more complex instructions for handling online assets.  

  • feature2017 Q4

    CAA Record Support

    Tue, December 5, 2017 

    Cloudflare now supports Certification Authority Authorization (CAA). CAA records allow domain owners to specify which CAs are authorized to issue certificates for their domain (or subdomain, as CAAs can be defined at any level of the hierarchy).

  • feature2017 Q4

    Cloudflare's New Server Response Header

    Mon, November 27, 2017 

    Cloudflare's Nginx response header will change from 'cloudflare-nginx' to 'cloudflare'. This migration will begin on 11/29 and will take 1-2 months for all customers.

  • feature2017 Q4

    Audit Logs

    Fri, November 17, 2017 

    Cloudflare's newly released Audit Logs offer the ability to view and download the most recent changes made to domains or account settings. It is provided in both the dashboard and via API.

  • feature2017 Q4

    Cloudflare Supports Privacy Pass

    Thu, November 9, 2017 

    When people use anonymity services or shared IPs, it makes it more difficult for website protection services like Cloudflare to identify their requests as coming from legitimate users and not bots. The Privacy Pass browser extension reduces the number of challenge pages presented by Cloudflare by letting users prove their identity across multiple sites anonymously. The Privacy Pass extension is available for both Chrome and Firefox.

  • feature2017 Q4

    Load Balancing Session Affinity

    Thu, October 5, 2017 

    Cloudflare Load Balancing now supports session affinity, using automatically generated cookies. If session affinity is enabled, the same target receives the request and can use the automated cookie to recover an existing session with the origin server.

  • feature2017 Q4

    Argo Analytics

    Tue, October 3, 2017 

    Customers with Argo Smart Routing enabled can now get an in-depth look at dynamic content performance statistics across both requests and geographies.

  • feature2017 Q3

    Geo Key Manager

    Tue, September 26, 2017 

    Geo Key Manager provides the ability to choose which Cloudflare data centers have access to private keys in order to establish HTTPS connections. Cloudflare has preconfigured options to select from either US or EU data centers as well as the highest security data centers in the Cloudflare network. Data centers without access to private keys can still terminate TLS, but they will experience a slight initial delay when contacting the nearest Cloudflare data center storing the private key.