Home / Articles / Security / Everything You Need to Know About Cloudflare (and Some You Don’t)

Everything You Need to Know About Cloudflare (and Some You Don’t)

Cloudflare is most well-known as a Content Delivery Network (CDN). Today it has grown past that and offers a range of services mostly covering networking and security.

Their stated mission: To help build a better Internet.

To understand that, consider your experiences with the Internet so far. I’m certain there have been instances where you encountered slow or unresponsive web pages. There are many reasons why this is so, but the end result is the same – your browsing experience is affected.

Even worse, you may not have been able to access the content which you needed. That’s one of the main reasons why Cloudflare and other companies like it exist.

Cloudflare server network
Cloudflare server network (Source)

TL;DR

Cloudflare owns and operates a massive network of servers. It uses these to help speed up websites as well as protect them from malicious attacks like DDoS. Ultimately, websites that use services like Cloudflare are safer and offer their users a better browsing experience.

Background: Project Honeypot and Beyond

Cloudflare didn’t begin as they are today, but rather as a project to discover the origins of email spam. Conceptualized by founders Lee Holloway and Matthew Prince, Project Honeypot was launched in 2004.

By 2009, present Chief Operating Officer Michelle Zatlyn had joined them. Together they embarked on a mission to not just track Internet threats, but defend websites against them. By the end of the year, they had raised just over $2 million in financing.

Launching privately in 2010, the Cloudflare team initially worked with a few members of the Honeypot community. The mid-next year they got unexpected news. Aside from threat defence, Cloudflare actually boosted site speeds – on average by a third.

They decided to open to the public and have not looked back since. Today, Cloudflare is valued at around $4.4 billion dollars – and growing. 

Editor’s Note: Despite Cloudflare’s success, the story of Lee Holloway is one that is truly sad. Holloway suffers from frontotemporal dementia. The disease not only affected him but deeply affected all who close to him. Read his story here.

How Cloudflare Works

how cloudflare works

The heart of Cloudflare lies in the massive network of servers it has. The network is spread across over 93 countries (That’s almost half the countries in the world) covering more than 200 locations. These act both as data cache servers and as a firewall on a massive scale. 

Technically, if you have a hosted website, all you need to do is sign up with Cloudflare. Then, add your site to its control panel. From then on it’s pretty much hands-free. Segments of data from your site get cached in multiple locations around the world on Cloudflare servers. 

When a visitor makes a request for your site, Cloudflare will send them cached data from the nearest location while communicating with your website at the same time. This often results in visitors starting to receive information much faster than if the request was made directly to your website.

At the same time, all data that’s being passed through Cloudflare servers are monitored. This way, they can block potential attacks, filter out bad actors (like bots), and do anything else that helps keep your site safer.

Over the years, Cloudflare has enhanced its services significantly. Each time it has added on more elements, making it better, faster, and stronger for its users.

Advantages of Using Cloudflare

It’s understandable that there may be some confusion about Cloudflare due to its size and the way it is evolving. Essentially, they remain committed to their core mission statement of helping build a better Internet.

This means their focus is still on three key areas: Security, Performance, and Reliability.

1. Security – Cloudflare Helps Protect Websites

Looking up the domain name for a site using Cloudflare won’t reveal its real origin nameservers.
Looking up the domain name for a site using Cloudflare won’t reveal its real origin nameservers.

Once you’ve added your site to Cloudflare, all the data going out or coming in moves through their servers. At that point, it can be analyzed by Cloudflare to assess potential threats. 

Elements that Cloudflare looks for are the visitor’s IP address, what the requests are for, the frequency of requests, and more. Cloudflare also allows users to configure their firewalls with custom rules.

Once your site is hooked up to Cloudflare its DNS system is protected as well. If anyone were to look up your domain name, all they would see is the set of DNS provided by Cloudflare and not your real nameservers, for example.

As a whole, using Cloudflare helps prevent bot traffic, malicious intrusion, DDoS attacks, and more. Think of it the same way you would as a cushion softening the blow a punch would do against your body. Technically though, it’s more of smart body armour than a cushion.

2. Speed – Improved via Distributed Remote Caching

Overview of how a data cache works on a CDN
Overview of how a data cache works on a CDN (source: Researchgate)

Thanks to the way Google works today, speed is something coveted by website owners around the world. Faster websites mean higher search rankings, increased conversion rates, and an overall better visitor experience.

Imagine parts of your website being cached on Cloudflare servers at multiple locations. Each time a visitor tries to access your site, Cloudflare will respond by delivering your site from the cache location closest to.

The sheer power of Cloudflare servers along with a shorter location for data travel means your site will start loading on the visitor’s browser faster than ever. Meanwhile, your own web server is given time to deliver anything else that’s not cached on Cloudflare servers.

The theory Cloudflare follows is Edge computing, which tries to bring data and computing resources as close to visitors as possible. This serves to reduce the time needed for data to traverse the Internet.

Side Benefit – Cost Savings in Bandwidth

Because parts of your site are being served on Cloudflare servers you are also saving money on bandwidth costs. Sites run on VPS, Cloud, or dedicated hosting plans often pay for bandwidth and the cost savings may be significant.

How much of your site is cached depends on how it is designed. Cloudflare caches static elements (things that are not likely to change) like images. The more static content you have, the better the caching will be.

3. Reliability – Cloudflare Virtually Expands Your Resources

Thanks to the huge number of assets it has, Cloudflare adds an additional element to your site structure. Since their servers are helping deliver portions of your site, you’re gaining depth in redundancy.

If a Cloudflare node fails for any reason, your site can still be delivered via the next closest location. 

Aside from that, the distributed system also acts as a load balancer. By serving parts of your site off various servers, you are reducing the strain on your own web server. This can increase the number of concurrent visitors supported while maintaining the same level of performance.

What Cloudflare Offers Users

Content Delivery Network

Almost all Cloudflare services are integrated into its CDN product. This is what Cloudflare is famed for and what provides the bulk of the benefits illustrated in the section above. The DNS encompasses caching, traffic monitoring, HTTP/2 and HTTP/3 support, SSL, and more.

Domain Name Registration

This is something that most web hosting service providers normally offer. Many, however, are simply re-selling on behalf of domain name registrarsone of whom is now Cloudflare. The service is rather new. While you can buy or transfer domains to be managed by them, the former is still in Beta mode.

Hosting for Streaming Media

Media files, especially video, are the prime category of assets suitable for Cloudflare to deliver. The global range of servers is ideal for those who want to establish such services. It also means they can deliver the service at highly competitive rates.

DNS Resolution via 1.1.1.1

Everyone with an Internet account makes use of DNS resolution. That’s what helps translate domain names into their actual machine-readable format. Each time you type a site address into your browser and hit enter, you’re using DNS resolution.

Natively, most DNS resolution is done by our Internet Service Providers (ISPs). However, they don’t always do a good job of it, resulting in sub-par browsing experiences. On another level, some countries enforce web censorship through their ISPs.

By using Cloudflare’s 1.1.1.1 DNS resolution, you’re not only increasing the speed of your browsing but also bypassing rudimentary ISP-level blocks.

One significant development to 1.1.1.1 is the addition of what Cloudflare calls WARP. This enhancement is an attempt by the company to enhance the security features of 1.1.1.1, essentially turning it into something akin to a VPN.

Local Network Protection with Magic Transit

Aside from offering websites DDoS protection, Cloudflare also offers this to businesses directly. Through a product called Magic Transit, Cloudflare is able to bring their global scale of Network protection to the level you need.

Not only intended for online networks, you can use Magic Transit to protect your local networks as well. The solution is ideal for companies which may balk at having to invest heavily in network infrastructure such as traditional hardware boxes.

Secure Network Access

Since they operate a network of secure servers anyhow, Cloudflare is perfectly poised to offer services in place of traditional Virtual Private Network (VPN) providers for businesses. 

Those who have workers connecting from remote locations have normally needed to invest in a VPN to protect their local assets. Oftentimes, these would be cumbersome in-house adaptations of VPN applications.

Cloudflare Access offers businesses the option to subscribe to a highly secure and easy-to-use solution with the Software as a Service (SaaS) concept.

Network Logging and Analytics

With so many services offered over their network, Cloudflare is able to offer its users another byproduct easily as well – Analytics. With a bird’s eye view of exactly how your data is used and the way it flows, you can make adjustments to optimize the delivery of your content.

Cloudflare Analytics are highly granular, meaning you will be able to drill information down to the exact resources which are being delivered. The logs through which the data is analyzed also offers security officers a digital paper trail to follow.

Serverless Code Deployment

For developers or companies who manage their own software resources on a macro scale, Cloudflare can help with deployment as well. Instead of having to invest in your own infrastructure, you can make use of Cloudflare Workers.

This means you can rely on resources available on demand without having to worry about managing them. It’s fast, powerful, and highly cost-effective as well.

Using Cloudflare With Your Site

DNS management on Namecheap
Caption: Example of DNS Management on Namecheap

The first thing you need to understand is that Cloudflare isn’t a web hosting service provider. This means that you need to have an existing website with your own domain name and hosting before using Cloudflare.

To start with you have to sign up for an account with them. Once that’s done, you will be provided with a set of nameservers to use. To start using Cloudflare you have to pay a visit to your domain name control panel.

There, replace your existing DNS servers (usually called Nameservers) with the ones provided by Cloudflare. This starts routing your traffic through Cloudflare servers and at the same time, starts the caching of your website.

Once you’ve done this, you can just leave the default settings alone and it’ll work. Once you’ve become more familiar with Cloudflare you can try tweaking some of the settings to fine-tune the performance and security of your site.

On top of this, Cloudflare integrates seamlessly with multiple applications from content management systems to eCommerce platforms. Some examples of these include WordPress, Magento, and Google Cloud.

What Cloudflare Can’t Help You With

Despite its rather broad scope of services, Cloudflare isn’t everything. For a website owner, you need to understand that Cloudflare for you is simply a tool to enhance the performance and security of your site.

Cloudflare does not:

Host your website – You will still need a web hosting service provider to hold and serve the files which make up your site. 

Improve Web Hosting Server Speeds – Although Cloudflare improves performance by helping you cache and serve some elements, it can’t speed up your web hosting server itself. If you have chosen a sub-par hosting provider, chances are that the speed improvements offered by Cloudflare won’t be enough to prevent frustrating your visitors.

Here's a list of top 10 best web hosting based on real data and use cases.

Cloudflare may not:

Manage your domain name – If you’ve hosted your domain name with a Cloudflare partner you will have to manage your domain name via the partner’s control panel, not on Cloudflare.

Pricing and Plans – How Cloudflare Makes Money

Cloudflare pricing

Cloudflare has four distinct tiers in pricing plans. At the most basic, it offers a free service to users. This plan is limited in some ways, but most simple sites should be able to realize benefits even on the free tier. Most importantly, it doesn’t impose bandwidth limitations on users on its free plan.

Paid plans on Cloudflare are Pro, Business, and Enterprise. Each includes an increasing number of features, with Pro costing $20/mo and Business at $200/mo. Enterprise plans are customizable and users need to discuss options and pricing with Cloudflare sales staff. 

If you are not a paid plan user or if a feature you want is not available on your plan, you often have the choice of using it as a paid extra. For example, Agro, a service that helps optimize traffic routes to further improve speed, isn’t available on the free plan.

Users who want to use only that extra feature can opt to pay $5 per website with an extra charge depending on the amount of bandwidth that’s used (around $0.10 per GB).

Financials & Investment

Cloudflare has an estimated customer base of around 2.8 million. The number is a combination of free and paying customers. Over 2019, their revenue stood at $287 million, with a Compound Annual Growth Rate (CAGR) of around 50%.

Over the past few years, it has managed to maintain a very consistent average gross profit of around 78%. For a company with over 1,000 employees and a large investment in infrastructure, that’s certainly something impressive.

Cloudflare Milestones, Updates and News

Cloudflare stock price
Cloudflare went public in 2019 and has been on the rise ever since

Initial Public Offering

After around a decade officially in the business, Cloudflare finally went public with an IPO late in 2019. The stock was initially priced at $15 but skyrocketed to $17.90 by the end of the first trading day. Since then it has soared to over $36 (especially on the back of the Coronavirus pandemic) and things are looking bright for them.

8chan Incident

In August 2019 Cloudflare made the decision to drop the notorious forum 8chan as a customer. Matthew Prince, CEO and co-founder of Cloudflare called the site “a cesspool of hate”.

Widespread Service Outage

Despite its massive size, Cloudflare isn’t completely immune to problems. One such incident (caused by itself) happened in mid-2019 and resulted in widespread outages across the board lasting over 30 minutes. The problem? Software deployment has gone wrong.

Spamhaus DDoS

March 2013 saw Cloudflare’s network successfully stave off a concentrated multi-day attack against Spamhaus. At the time, it was the largest-ever DDoS attack encountered although there have been larger, more significant attacks since.

Final Thoughts: Is Cloudflare Right for You?

For the majority of us, when we think of Cloudflare it is simply a CDN. This means it’ll help you to speed up your blog, or even improve the performance of your small business website.

In relation to that, their ownership of one of the most powerful global networks of servers seems a little ludicrous. Is it really necessary? To answer that question simply – yes. It is exactly the scale of this network that makes it a viable solution for so many websites today.

Also, consider the fact that it’s giving many small website owners a free ride on their network. To do that, it has to be able to offer considerable services to enterprise-scale customers as well, to cover the cost, so to speak.

Because of this business model, Cloudflare helps small site owners and businesses by offering them a service they would not otherwise be able to easily afford or justify. After all, it’s free for many.

Looking at it more strategically, it also addresses an issue that has become much more prevalent over time. The Internet has become an increasingly dangerous place. Not just for regular browsers, but especially for website owners.

Combining speed, reliability, and security, I would say that so far, Cloudflare has indeed made good on its promise. The quest for a better Internet. 

That makes it good for everyone.

Frequently Asked Questions

Is Cloudflare free?

Cloudflare offers a free tier of its CDN service with no bandwidth limitations. It also includes various services like rudimentary bot protection, HTTP/2, free SSL, and more. However, some features do have limits while others will have to be paid for.

What is Cloudflare Edge?

Cloudflare Edge refers to the concept they use for content delivery. This entails bringing data as close as possible to the delivery point (“the Edge”). The result is lower round-trip time and savings on bandwidth for websites.

What is a CDN

A Content Delivery Network is the use of multiple linked servers to store data over a wide range of locations. This helps websites to serve their files more quickly and reliably, thereby improving the user experience of its visitors.

Which companies use Cloudflare?

Cloudflare powers around 13% of all websites currently in existence. While the list of users is exhaustive, it does include several big-brand names such as Roche, ZenDesk, Mozilla, UpWork, 9GAG, US Xpress, and more.

Are there alternatives to Cloudflare?

There are quite a few CND providers in existence today. Notable among them are Akamai, StackPath, and Sucuri. Each often pursues their own marketing path and looks towards a specific consumer segment. Akamai for example is more involved in the ultra high-traffic segment.

Is Cloudflare the only Free CDN provider?

No. There are other free CDN service providers as well. One such example is Amazon Cloudfront which has a free tier of service (for one year). However, it should be worth noting that most other free service providers commonly impose more limitations.

Photo of author

Article by Timothy Shim

Keep Reading