How Cloudflare works

More than just using Cloudflare’s Content Delivery (CDN) Open external link services, customers rely on Cloudflare’s global network to enhance security, performance, and reliability of anything connected to the Internet.

Cloudflare is designed for easy setup. Anyone with a website and their own domain can use Cloudflare regardless of their platform choice. Cloudflare doesn’t require additional hardware, software, or changes to your code.

​​ Security

Cloudflare stops malicious traffic before it reaches your origin web server. Cloudflare analyzes potential threats in visitor requests based on a number of characteristics:

• Visitor’s IP address
• Resources requested
• Request payload and frequency
• Customer-defined firewall rules

A DNS lookup of a proxied (orange-clouded) Cloudflare subdomain returns Cloudflare IP addresses Open external link . Proxied traffic comes to Cloudflare’s edge and then Cloudflare forwards the request to your server. Cloudflare masks your origin IP address for proxied DNS records so attackers cannot bypass Cloudflare and directly attack your origin web server.

Visitor <–[Connection 1]–> Cloudflare Edge <–[Connection 2]–> Origin Server

A DNS lookup of an unproxied (grey-clouded) Cloudflare subdomain returns the IP address that you have entered for the record. Unproxied traffic goes directly to your origin server and does not receive any of the benefits of using Cloudflare.

Visitor <–[Connection]–> Origin Server

Create your Cloudflare account and add a domain Open external link to review our security benefits.

​​ Performance

Cloudflare optimizes the delivery of website resources for your visitors. Cloudflare’s data centers serve your website’s static resources Open external link and ask your origin web server for dynamic content. Cloudflare’s global network Open external link provides a faster route from your site visitors to our data centers than would be available to a visitor directly requesting your site. Even with Cloudflare between your website and your visitors, resource requests arrive to your visitor sooner.

​​ Reliability

Cloudflare’s globally distributed Anycast network Open external link routes visitor requests to the nearest Cloudflare data center. Cloudflare distributed DNS responds to website visitors with Cloudflare IP addresses for traffic you proxy to Cloudflare. This also provides security by hiding the specific IP address of your origin web server.

Also, our flat-rate pricing structure provides predictability and reliability in your CDN Open external link and DDoS Open external link bandwidth expenses. Cloudflare does not have bandwidth limits for domains on the Free, Pro and Business plans as long as those domains comply with our Terms of Service Open external link . However, your hosting provider may still impose limits on bandwidth usage and/or charge for bandwidth.

Note that additional terms may apply to:

• Self-serve domains with add-on features
• Domains in the Enterprise plan (contact your Cloudflare Account Team for additional details)

Learn how to get started with Cloudflare Open external link .

​​ Related resources

• What is Cloudflare? Open external link
• Understanding Cloudflare DDOS protection Open external link
• Best Practices: DDoS preventative measures Open external link