When Cloudflare has an outage, the repercussions are felt everywhere. Some of the internet’s biggest websites rely on the service to stay online.
If you’ve never heard of Cloudflare, you’re not alone.
The cloud delivery network acts as the intermediary between you and what you’re browsing.
It’s a cloud delivery network that helps keep a larger portion of the web connected, acting as the intermediary between you and what you’re browsing. Ironically, one of the things it’s designed to do is stop big traffic spikes from crashing entire websites — which is exactly the kind of error that happened to it in a high-profile outage in November 2025.
The troubles weren’t over after that. A tweak to its firewall to circumvent a software vulnerability led to even more blips during the early hours of Dec. 5.
Each ripple effect has the potential to take down everything from Facebook to YouTube to ChatGPT.
Here’s what we know about the recent outages and how it works.
➡️ Jump to a section:
• Is the December 2025 outage linked to a cyberattack?
• What caused the November 2025 outage?
• What websites have been impacted?
• Why does a Cloudflare problem take down so many sites?
• Is this kind of outage common?
• What’s Cloudflare’s backstory?
• What else should I know about Cloudflare?
Is the December 2025 outage linked to a cyberattack?
Cloudflare says no. Internal teams temporarily disabled some features to fix a security vulnerability, leading to a chain reaction of outages. It was fixed in about an hour.
“It was not an attack,” Cloudflare CTO Dane Knecht wrote on X. “Root cause was disabling some logging to help mitigate this week’s React CVE.” The company will share a full analysis when it has all the details.
Most of the US was still asleep, but the news made headlines in Europe as Zoom, LinkedIn and other outages hit during the beginning of the Dec. 5 work day.
What caused the November 2025 outage?
On Nov. 18, Cloudflare reported a “spike in unusual traffic” to one of its services, causing some sites to experience issues. It’s still in the process of mitigating the errors, and once things are back up and running, the company said in a statement, it’ll turn its attention to investigating why this happened.
It’s brought in a third party to help look into the problem. About two hours after the issue was first reported, websites were back up and running.
“A fix has been implemented and we believe the incident is now resolved,” the company stated on its blog.
What websites have been impacted?
Here are some of the largest sites that have gone offline because of Cloudflare outages.
- Amazon Web Services (AWS)
- Canva
- Claude
- Cloudflare
- DownDetector
- Doordash
- Grindr
- OpenAI (ChatGPT)
- Spotify
- Uber
- X
- YouTube
- Zoom
Many smaller sites run on AWS servers, or use Cloudflare directly that could also be impacted. For example, in the November blip took the Pittsburgh Tribune-Review and NJ Transit sites offline, too.
Why does a Cloudflare problem take down so many sites?
Cloudflare has more than 200,000 customers, so when it experiences a blip, so do all of them.
The service is incredibly popular among businesses, garnering a reputation for strong cybersecurity protections and high speeds, plus a pretty comprehensive free tier subscription that brings people in.
Is this kind of outage common?
Despite its reputation as a reliable network, Cloudflare has experienced a few high-profile outages of varying degrees over the years.
Earlier this year, an error in credential management took down the service.
In July 2019, it blamed Verizon and Noction for fragile infrastructure that caused a string of outages throughout its system. Since then, a misconfiguration took sites down in 2020, there was a network disruption in 2022, a few incidents occurred in 2023 and servers were hit with a disruption in 2024.
What’s Cloudflare’s backstory?
With a market cap of over $73 million, the 14-year-old Silicon Valley firm is all about routing web traffic. The network management company runs physical servers that store website data and help users get connected online.
In other words, Cloudflare sits as the middleman between you and the site you’re visiting. Its two main offerings — a cloud delivery network and a domain name system — act like a switchboard, where you tell the browser where you want to go, and then Cloudflare makes the connection through its network.
It also offers web security services. Because it sits between a website and its visitors, it can intercept cyberattacks before they get to the site. For example, it offers DDoS protection to stop attacks stemming from an influx of malicious visitors intending to crash a website and provides CAPTCHA services.
What else should I know about Cloudflare?
Cloudflare recently made headlines for changing its block on AI web crawling from “optional” to “default.” In an effort to protect original content, the company said, the change now requires websites to manually grant access to bots.
That presents a problem for LLMs. The models learn from constantly scraping data across the web and now, the many sites running on Cloudflare have to take the extra step to let them in.
One day before the November outage, Cloudflare also announced a major AI acquisition. The company will buy machine learning platform Replicate to add AI options for backend developers.
