SASE / Workspace Security
Zero Trust access, secure web gateway, browser isolation, CASB, and email security for the modern workforce.
Zero Trust Access (VPN Replacement)
Replace your legacy VPN with identity-aware, per-application access. Every request is verified against user identity, device posture, and policy — no implicit network trust.
Explore SASESecure Web Gateway
Inspect, filter, and log every DNS and HTTPS request leaving your users' devices. Block malware, phishing, and risky categories anywhere in the world from a single policy.
Explore SASEBrowser Isolation
Render risky web pages on Cloudflare's network, not on the user's device. The browser receives only safe draw commands — malware, drive-by downloads, and zero-days can't reach the endpoint.
Explore SASECASB
Discover every SaaS app in use, find risky configurations, surface shadow IT and shadow AI, and prevent sensitive data from leaking — all from an agentless API-based scan.
Explore SASEEmail Security
Stop phishing, business email compromise, and malicious attachments before they hit the inbox. Cloudflare Email Security (formerly Area 1) inspects every message and can retract delivered emails post-incident.
ExploreApp Security & Performance
Protect and accelerate every public-facing application — WAF, DDoS, bot management, CDN, DNS, and beyond.
Web Application Firewall
Block SQL injection, XSS, command injection, and the rest of the OWASP Top 10 with managed rulesets plus your own custom rules — written once, enforced everywhere.
Explore App SecBot Management & Rate Limiting
Distinguish real users from scrapers, credential stuffers, and inventory hoarders with machine-learning bot scores — then rate-limit, challenge, or block based on policy.
Explore App SecAPI Security
Discover every API endpoint, validate requests against schema, enforce sequence-aware controls, and stop credential and token abuse — purpose-built for API traffic, not retrofitted from a WAF.
Explore App SecClient-Side Security
Inventory every third-party script and connection running in your users' browsers. Detect Magecart-style skimmers, supply-chain compromise, and unexpected data exfiltration — automatically.
Explore App SecLayer 7 DDoS Protection
Absorb application-layer floods that look like legitimate HTTP requests. Always-on, autonomous mitigation tuned to your traffic patterns — no manual signature work required.
Explore App SecTurnstile
A user-friendly, privacy-preserving CAPTCHA replacement. Most users pass invisibly; only suspicious sessions see a challenge. Free, drop-in, and works on any site.
Explore App SecCDN & Caching
Serve content from the Cloudflare location closest to every user, with cache controls that adapt to your app. 330+ cities, every request a chance to skip the origin entirely.
Explore App SecArgo Smart Routing
Route every cache-miss request across Cloudflare's private backbone using the fastest path right now — not the path BGP picks. Typically 30%+ TTFB improvement on dynamic traffic.
Explore App SecLoad Balancing
Distribute traffic across origins anywhere — clouds, on-prem, regions — with smart health checks, geo-steering, and automatic failover. Global DNS-based and proxied options on the same platform.
Explore App SecImage Optimization
Resize, recompress, and reformat images on the fly. Serve WebP and AVIF to browsers that support them, smaller variants to mobile — all via URL parameters or a Worker.
Explore App SecDNS (+ Foundation DNS)
The fastest authoritative DNS network in the world by independent benchmarks, with DNSSEC, anycast everywhere, and enterprise-grade SLAs via Foundation DNS.
ExploreDeveloper Platform
Build and deploy serverless apps, AI workloads, and global storage at the edge with Workers, R2, D1, and KV.
Workers — Edge Computing
Serverless JavaScript, TypeScript, Python, and WASM running in every Cloudflare location worldwide. Cold starts measured in milliseconds. Pay per request, not per idle hour.
Explore DeveloperWorkers AI
Run inference on 50+ open models (Llama, Mistral, Stable Diffusion, Whisper, embeddings, translation) on Cloudflare's global GPU network. Per-token pricing, no GPU provisioning.
Explore DeveloperCloud Storage — D1, R2, KV
Three storage products, one platform: D1 for SQL, R2 for objects with $0 egress, KV for global key-value reads. Wire them to Workers in one line each.
Explore DeveloperAI Gateway
One unified endpoint in front of every AI provider — OpenAI, Anthropic, Workers AI, Google, Azure, and more. Caching, rate limiting, logging, retries, and fallback as configuration.
Explore DeveloperPages
Build, preview, and deploy modern frontend apps — Next.js, Astro, Remix, SvelteKit, plain HTML — straight from your Git repository. Global edge delivery and Functions included.
Explore DeveloperDurable Objects
Single-instance, strongly-consistent compute with built-in SQLite storage and WebSockets — perfect for chat rooms, multiplayer state, real-time collaboration, and per-tenant coordination.
ExploreNetwork Security
Protect entire IP networks and modernize WAN connectivity — Magic Transit, Cloudflare WAN, Magic Firewall, and Spectrum.
Magic Transit
DDoS protection, firewall, and traffic acceleration for your entire IP network. Cloudflare advertises your prefixes, scrubs L3/L4 attacks, and forwards clean traffic back to you over GRE, IPsec, or CNI.
Explore NetworkCloudflare WAN (Magic WAN)
Replace MPLS, SD-WAN appliances, and site-to-site VPNs with a single connectivity fabric on Cloudflare's network. Every branch, data center, and cloud connects to one global private network.
Explore NetworkMagic Firewall
A cloud-delivered Layer 3 / 4 firewall for your entire network. Stateful packet filtering, geo-blocking, and protocol enforcement applied at Cloudflare's edge — no appliance to deploy.
Explore NetworkSpectrum
Reverse-proxy and DDoS protection for any TCP or UDP service — gaming, SSH, IRC, FTP, custom protocols. Same security stack Cloudflare runs for HTTP, extended to every port.
Explore