Cloudflare is an American company with headquarters in San Francisco, California. With its large server infrastructure Cloudflare makes an important contribution to the stability, security and speed of the global internet. As many of their services can be used free of charge, Cloudflare is used by numerous websites.The main applications of Cloudflare are
In the following article I will explain how the Cloudflare network works, give some tips for successful implementation and answer the most important questions.
Cloudflare's Content Delivery Network (CDN) is a gigantic network of worldwide distributed data centers. In this network, websites and apps are cached and delivered from the nearest Cloudflare server. The following graphic provides a schematic representation of this process.
Website visitors and app users (left on the image) get the data delivered by Cloudflare. Cloudflare fetches the necessary data from the source server (on the right of the image). However, Cloudflare does not have to communicate with the source server for every user request. Instead, the data is stored temporarily and delivered directly with subsequent accesses. If, for example, a user from Austria accesses the website, the corresponding data is delivered by the Cloudflare data centre in Vienna. In the same way, the distances between user and server are shortened worldwide. That's why the CDN of Cloudflare brings especially big advantages for websites with many international visitors.
To be able to use the Content Delivery Network of Cloudflare, an own domain and an own server is required. It is important that your web hosting provider allows you to set your own name servers for the domain in the DNS settings. Most providers support this setting. I will explain how this works in the Add Website section. For example, a Virtual Private Server (VPS) or a simple cloud hosting offer can be used as a server, provided that the own web space can be accessed via IP address. The more configuration options you have, the better a website can be optimized using Cloudflare CDN.
The basic functions of Cloudflare can be used completely free of charge. For improved performance, faster support and other features, paid plans can also be purchased. In the following I explain the differences between the plans offered.
Cloudflare provides many of its services for free. In the free plan any amount of websites can be added and cached via the Cloudflare CDN. There is no limit to the bandwidth and data volume. Most of the security features to protect websites are also available in the free plan. This is ideal for testing the functionality of Cloudflare extensively. Even in the long term, the free plan can be a very good solution for some websites.
Additionally there is a free SSL certificate to access the website via HTTPS protocol. I will discuss the disadvantages and special aspects of this SSL certificate in more detail in the section Free SSL.
The Pro plan costs $20 per domain per month and offers some advantages over the free plan. Additional features such as automatic, lossless image optimization and optimization for mobile websites are included in the Pro plan. There are 20 Page Rules available to define Cloudflare rules for different URLs. Furthermore, the Web Application Firewall (WAF) can be used, but only with predefined rule sets from Cloudflare. The average response time for support is given as four hours for the Pro plan and 24 hours on average for the free plan.
As with the free plan, the Pro plan includes a shared SSL certificate. However, this differs from the SSL certificate of the free plan. More information on this can be found in the section SSL for Paid Plans.
For the price of $200 for each domain per month, the Business plan can be purchased. This plan is more suitable for companies than for private users because of the price. It includes all the benefits of the Pro plan and some additional features such as 24-hour chat support and the option to use your own SSL certificate. There is a 100% uptime guarantee, which also applies to threats such as DDoS attacks. There are 50 Page Rules available and the Web Application Firewall (WAF) can be configured with 25 custom rule sets. The Cloudflare support reacts after two hours on average for the Business plan. In addition, there are many other small advantages, such as the acceleration of dynamic content and further configuration options such as the bypassing of the Cloudflare cache via cookie.
There is no fixed price for the Enterprise plan as for the other plans. Instead, an offer must first be requested from Cloudflare. The plan is particularly suitable for websites that are subject to massive attacks. This is also about working out individual solutions together with Cloudflare. Of course, the Enterprise plan offers all the advantages of the Business plan as well as additional services. These include network prioritization for maximum speed and 24-hour telephone support.
In the following I explain step by step what is needed to add a website to Cloudflare.
First create a free account on the Cloudflare website.
Now you can log in to Cloudflare using your account.
Click on "Add website" in the top right-hand corner and enter the desired domain name.
Now select a plan that is to apply to the registered website and confirm the selection with "Confirm plan". You can find more information about the available plans in the section Pricing.
Cloudflare now first automatically searches for already existing DNS entries.
The DNS entries "Type A" and "Type CNAME" should be changed to Cloudflare (yellow cloud symbol). Otherwise, no configuration changes are usually necessary here.
In order for the website requests to be routed via Cloudflare in the future, the nameservers for the domain still have to be changed. Most web hosting providers offer such an option, usually found in "DNS settings" or similar. Cloudflare shows which nameservers have to be entered.
After the nameservers have been changed, it takes a few hours to complete the process. It should be completed after a maximum of 24 hours, but is usually faster.
Cloudflare confirms the activation of the website by e-mail.
Once the activation of the website is confirmed, all website requests are processed by Cloudflare. Cloudflare queries necessary information from the source server and delivers the website to the users. Where possible, information is cached and delivered directly with the next request without contacting the origin server. However, the data is not cached simultaneously on all Cloudflare servers, but on the nearest server. If a website request comes from a different region, the data must first be cached on the nearest Cloudflare server. Bit by bit, all worldwide Cloudflare servers receive the data and can deliver them directly. Usually the information is stored for several days to weeks.
By default, only static resources are cached to maintain full website functionality. Dynamic website resources always require communication with the source server, so they are never cached. These include contact and registration forms.
It is important to note here that changes to the website code are no longer directly visible from now on. To make changes to the website visible, the Cloudflare cache must first be purged. I will explain how this works in the following section.
To configure the Cloudflare cache, there is the menu item "Caching" in the main menu. Here you can also set how long the browser should cache a page locally. By clicking on "Purge Everything" all data can be removed from the Cloudflare cache. This data is purged from all Cloudflare servers worldwide, so the process can take up to 30 seconds. This leads to a temporary slowdown of the website because the data has to be re-cached. Click "Custom Purge" to remove a specific page from the Cloudflare cache. Wildcards are not supported, the complete URL must be entered.
If you are working on your website and want to make changes directly visible, you can activate the Development Mode. This temporarily deactivates the cache and the website is loaded completely from the source server.
By activating the feature Always Online static pages can be delivered even if your server is not online. However, the function is only supported for the most visited pages of the website. Since access to dynamic content requires communication with the source server, the function is only of limited use. Nevertheless I recommend to activate the Always Online option.
With Cloudflare the access speed of websites can be increased significantly. This is especially true for global accesses, as these can be handled much faster by the various worldwide Cloudflare servers than by a single server. The degree of speed improvement depends on the type of website and the configuration of the Cloudflare cache. The larger the proportion of static content on a website, the greater the speed advantage of using Cloudflare. Normally, Cloudlare does not cache HTML pages because they can contain dynamic elements. However, if there are no dynamic elements, caching an entire website can achieve an enormous improvement in load times. How this works is explained in the section How to cache my entire website?.
Another way to speed up HTTPS traffic is Brotli compression. If this compression method is not supported by the client, it uses the normal gzip compression. Therefore I recommend to activate the Brotli compression if SSL encryption is used on your site. Further options to improve loading times are only available for paid plans.
Regardless of the selected plan, the option Argo Tunnel can be purchased. To do this, click on "Traffic" at the top of the menu and then on "Activate Argo". With Smart Routing, traffic is always routed over the fastest possible Cloudflare connection, reducing latency times by an average of about 30%. It can also reduce the number of connection errors. The Argo Tunnel option currently costs $5 per site per month plus $0.10 for each gigabyte of traffic between Cloudflare and site visitors.
The protection of websites against attacks is another important aspect of Cloudflare's CDN. For example, if a website is exposed to continuous DDoS attacks, switching to Cloudflare can help. Surprisingly, most of the protection features are completely free and usually successful. If the own website is handled by Cloudflare, the IP address of the own server becomes invisible from the outside. However, this only works as long as there are no DNS entries pointing to the IP address of your own server. This forces attackers to attack Cloudflare to bring your site down. Since Cloudflare is specialized in such attacks, attackers have a very hard time.
DDoS protection for all known variants of DDoS attacks is automatically activated for all users, regardless of the plan. Click on Firewall at the top of the main menu and then on Settings at the top right for more security options.
Since increased security also entails restrictions for some visitors to the website, the Security Level can be set as required. On the basis of different criteria Cloudflare determines for each visitor whether this could be a threat for the website. Visitors who are classified as threatening have to solve a captcha challenge to get to the website. This is applied with varying degrees of severity depending on the security level. There are four normal security levels, ranging from "Essentially Off" to "High". The security measures can only be switched off entirely in the Enterprise plan. The maximum security level "I'm Under Attack" should only be selected if the website is actually exposed to a DDoS attack. This is because this level leads to massive restrictions for all visitors to the website. All visitors are then first directed to a transition page where the traffic is analyzed and a captcha must be solved.
The Browser Integrity Check can be switched on or off independently of the security level. This check analyzes the HTTP headers transmitted by the Web browser. Browsers that are considered a threat are not allowed on the website. Since a further check means additional waiting time for the website visitors, I recommend to disable this option. However, if your website is subject to automated attacks, activation makes sense.
By using Page Rules, Cloudflare settings can be customized for individual URLs and groups of URLs. For example, it is possible for certain URLs to change the security level, adjust the cache behaviour or deactivate Auto-Minify. The asterisk (*) is a placeholder that can represent any character. This allows you to combine groups of URLs.For example, the entry
Often you can also reduce the number of page rules by using the asterisk. This can be very important because there are only a limited number of page rules available. The free plan includes three page rules. This may not sound like much at first, but depending on the type and configuration of the website it can be quite sufficient. Sometimes no page rules are needed at all. The Pro plan contains 20 page rules, the Business plan 50 and the Enterprise plan 100. In addition, page rules can be purchased independently of the selected plan: Five page rules cost $5 per month.
If you use an email address with the domain name entered on Cloudflare, there are a few things you should be aware of. To specify one or more mail servers, DNS entries of the type "MX" are used. If your web hosting provider has taken care of managing email addresses in the past, in most cases nothing needs to be changed. If you want to use your own mail server, it should have a different IP address than your main server. This is because MX records are visible to everyone and could make your main server visible as well.
The use of Cloudflare actually has different effects on the search engine rankings of a website. I can report here from my own experience, as I have moved some of my projects, including McZak, to Cloudflare.
The most important aspect in terms of SEO is the reduction of the loading time of a website, which has a positive effect on the ranking. This is especially true for international accesses, as they do not have to take the long way to a central server. If a search engine like Google determines that a website has a central server in a country, then that country is considered the primary destination. The search engine rankings outside this target area are then correspondingly worse. If Cloudflare is used, the entire world is considered the target area, so to speak. The website is therefore able to achieve good rankings in all countries of the world.
Another aspect is the SSL encryption of a website. Google rewards sites that use SSL encryption with a slightly improved ranking. This also works with the free SSL certificate provided by Cloudflare. You can find more information about this in the section Cloudflare SSL.
If a website is switched to Cloudflare, the IP address visible from the outside also changes. It is an American Cloudflare IP, so search engines assume that the main server is located in California. However, according to my knowledge this has no great influence on the international rankings of a website. The effect of the so-called IP neighbourhood, i.e. other websites that use the same IP, is also negligible. That' s because the Google algorithm recognizes that these pages do not belong together despite the same IP.
Cloudflare offers an easy way to switch to SSL encryption and the HTTPS protocol. The free plan even includes an SSL certificate. I will explain the advantages and disadvantages of such a certificate in the following section. The configuration options of the SSL connection are covered in the section SSL Encryption Modes.
The free plan actually contains a free SSL certificate, which can be set up easily. Universal SSL is used to provide users with SSL without having to create a separate SSL certificate for each user. This works with so-called SHA+ECDSA certificates. This type of certificate requires web browsers that support Elliptic Curve Cryptography (ECC) and Server Name Indication (SNI). The free SSL certificates are therefore not compatible with all web browsers. For this reason, the respective website cannot be accessed by users with very old browsers.Minimum required web browser on desktop PC
Since these old web browsers are gradually disappearing, the associated compatibility problem is also becoming less and less. The fact that more and more websites use universal SSL technology is accelerating the extinction of these browsers. Today, the market share of these old browsers is negligible.
As I will show in the following section, the compatibility problem will not be solved by a paid dedicated SSL certificate. For improved browser compatibility, SSL for paid plans is required instead.
For $5 per domain per month, a dedicated SSL certificate can be purchased. I can report here from my own experience, since I bought such a SSL certificate a few years ago. However, I have found that the dedicated certificates have the same compatibility issues as the universal certificates described above. Server Name Indication (SNI) and the Elliptic Curve Digital Signature Algorithm (ECDSA) are also used for dedicated certificates. The list of compatible web browsers in the previous section also applies to dedicated certificates in the free plan. SSL without SNI technology is only available for the paid plans Pro, Business and Enterprise.
For the paid plans Pro, Business and Enterprise Cloudflare provides additional SSL certificates, which leads to a slightly higher compatibility with older browsers. However, SAN technology (Subject Alternative Names) is also used for paid plans so that Cloudflare can use the same certificate for different domains. As with the free plan, this leads to limited compatibility with older web browsers. The following list therefore differs only slightly from the list above.Minimum required web browser on desktop PC
Thus certain incompatibilities with the SSL certificates used by Cloudflare cannot be eliminated. For maximum browser compatibility, you need to upload and use your own SSL certificate. Unfortunately, this is only possible with the Business and Enterprise plan.
End-to-end encryption is required to provide maximum security for the website visitor. This means that both the data traffic between website visitors and Cloudflare and the data traffic between Cloudflare and your server is encrypted. Click on "SSL/TLS" in the main menu to choose between different modes. I will explain these modes in the following.
The "Off" option completely disables encryption. There is no encryption between website visitors and Cloudflare. All requests are answered unencrypted via the HTTP protocol. Website visitors who wish to access the website via HTTPS are redirected to HTTP.
With the flexible encryption mode Cloudflare offers an extremely simple way to switch a website to HTTPS. A separate SSL certificate is not required for this. Changes to your own server configuration are also not necessary. However, in this mode the encryption only takes place between website visitors and Cloudflare. The data traffic between Cloudflare and your server remains unencrypted. The website visitor is still shown a secure SSL connection, although it is only secure up to the Cloudflare server. This is problematic because the user assumes full encryption. If you want to switch your site to flexible SSL mode, you should consider these consequences.
The full mode, on the other hand, provides true end-to-end encryption. The data traffic between Cloudflare and website visitors is encrypted as well as the data traffic between Cloudflare and your server. This requires a separate SSL certificate, which is installed on your server. Cloudflare communicates exclusively via HTTPS with your server, but has no possibility to verify the certificate. The mode full (strict) is required to allow the certificate to be checked.
In strict mode, your server's SSL certificate is checked for validity with each request. This mode requires a certificate from a known certification authority or Cloudflare Origin CA. You can create such a certificate for free. To do this, click on the submenu "Origin Server" in the "SSL/TLS" menu and then on the button "Create Certificate". Then you can download the SSL certificate and install it on your server.
In the submenu Edge Certificates there are further setting options. The option Always use HTTPS can be very helpful. This redirects all website requests made via HTTP to the corresponding HTTPS page. The forwarding is done via HTTP status code 301 ("Moved Permanently"). If you want to make your entire website available via HTTPS, I recommend enabling this option. The feature Always use HTTPS is also available as Page Rule. This allows the redirection to be set up for a part of the website.
When an entire website is switched over to the HTTPS protocol, it often still contains individual resources (such as images) that are provided via HTTP URL. The website is then delivered only partially encrypted, which usually leads to a warning of the web browser ("mixed content"). The solution is to make all website resources available via HTTPS URL. This means that all HTTP URLs must be rewritten.
If this is too much work for you, you can use the feature Automatic HTTPS-Rewrites. Cloudflare then checks with all HTTP resources whether they can be delivered via HTTPS protocol. Wherever possible, the URLs are adjusted accordingly. However, this does not reliably prevent mixed content. It happens, for example, that resources cannot be loaded via HTTPS. Cloudflare then provides the HTTP version, which leads to mixed content. I do not use the feature Automatic HTTPS rewrites. It should only be used if manual adjustment would involve too much work.
DNS servers are an elementary part of the technical structure of the Internet. Their primary task is to translate domain names into IP addresses. When a user visits a website, the web browser must first contact a DNS server to find out the correct IP address. The requested website can only be accessed once this information is available. This means that the loading speed of websites also depends on the response speed of the nearest DNS server. Cloudflare also uses its considerable server infrastructure to offer its own free DNS servers with very fast response times.
Note: The Cloudflare DNS servers described here have nothing to do with the DNS settings of Cloudflare CDN, which are described in the section Add Website. Cloudflare's DNS servers are designed for end users to help them access websites more quickly. However, a website cannot be switched to Cloudflare DNS servers. Even switching your own server to Cloudflare DNS does not improve the speed of your website. This is because it is not the server that has to contact a DNS server when a website query is made, but the respective website visitor.
Switching your own computer to Cloudflare DNS servers brings measurable speed advantages in almost all cases. Depending on the technology used, the DNS servers must be changed either in the network settings of the operating system or in the router settings. The IP addresses of the current DNS servers must be replaced with the IP addresses of the Cloudflare DNS servers (18.104.22.168 and 22.214.171.124). You can find more detailed information and instructions for the setup on different operating systems such as Windows, MacOS, Linux, Android and iOS on the official Cloudflare DNS information page.
Cloudflare now also operates as a domain name registrar. The special thing about it is that Cloudflare does not require any additional fees. Cloudflare only passes on its own costs. This means that all domains are significantly cheaper than with other registrars.
Domains cannot be registered directly via Cloudflare so far, only a domain change to Cloudflare is possible.
Many people wonder what the catch is. Because nobody has anything to give away, or so the argument goes. However, offering free services was part of the Cloudflare strategy from the very beginning. The more people switch to Cloudflare, the more Cloudflare can earn with its paid offers. From my point of view, there is nothing against moving your own domains to Cloudflare Registrar.
Cloudflare is a worldwide server network which is mainly used as Content Delivery Network (CDN). By caching information on nearby servers, website access times can be significantly accelerated. In addition, attacks on a website (such as DDoS attacks) are made considerably more difficult because the IP address of your own server is no longer publicly visible. Cloudflare also provides own DNS servers to accelerate DNS queries.
Yes, that's right. While there are some additional options with costs, Cloudflare can also be used completely free of charge. You can add as many websites as you like and there is no limit to the data volume or number of website hits. Cloudflare even offers afree SSL certificate with which the website can be switched to the HTTPS protocol. However, there are some limitations in web browser compatibility, see the Free SSL section for more information.
One hundred percent security can never be achieved in network technology. However, in recent years it has been shown that Cloudflare uses reliable technology and makes websites more secure. With the correct use of Cloudflare the IP address of the own server becomes invisible. This means that an attack on a website would have to take place via a Cloudflare server. Since Cloudflare is specialized in the defense of such attacks, attackers have a much harder time than without the use of Cloudflare.
Cloudflare has two main advantages: Speed and security. By using Cloudflare, access and loading times for websites are significantly improved. This is especially true for worldwide website accesses, as these can be handled by a nearby Cloudflare server. In addition, security is increased because the IP address of your own server is no longer visible from the outside. Even concrete threats (such as DDoS attacks) can usually be successfully warded off by Cloudflare. In addition Cloudflare offers many further advantages, e.g. the saving of own data volume, the automatic optimization of the website code and a free SSL certificate.
Website resources are only cached by Cloudflare when they are actually accessed. Thus the first website access is always slower than the subsequent accesses. Access to uncached resources takes longer with Cloudflare than without Cloudflare. These must first be loaded from the source server. Another disadvantage is that the SSL certificates used by Cloudflare are not compatible with all web browsers. However, an individual SSL Certificate can only be uploaded in Business and Enterprise plans. You can find more information about browser compatibility in the Cloudflare SSL section.
The basic features of Cloudflare are completely free. This gives you the opportunity to test the functionality extensively. First you need an account, which you can create on the Cloudflare website. Now enter your website and select the free plan. After the website has been entered, the name servers used for your domain must be changed to Cloudflare. The corresponding servers are displayed by Cloudflare. If you do not know how to change over your name servers, ask your domain registrar. It then takes up to 24 hours to complete the changeover.
For almost all websites, the average access time can be significantly accelerated by using Cloudflare. How large the difference is, depends on various factors. If website accesses are coming from different regions of the world, the advantage of using Cloudflare is much greater than with regional websites. This is due to the fact that Cloudflare does not have one central server, but many worldwide distributed servers. The path from the server to the website visitor is thus shortened, which improves the loading time. It is also crucial which of the website resources are cached and which are not. Only static resources can be cached by Cloudflare. All dynamic resources such as contact forms must still be loaded from your server. This is why purely static websites benefit most from a switch to Cloudflare.
A page in the Pro plan is not faster than a page in the free plan, provided the same settings are used. However, the Pro plan provides a number of setting options that can improve loading times. For example, a website can be automatically optimized for mobile devices. In addition, a loss-free image optimization is available.
The Business and Enterprise plans, on the other hand, can actually improve loading times, depending on the region. This is because additional data centres are available for these plans. There are also further options for optimizing the website.
Regardless of the plan used, the access and loading times of a website can be improved with the fee-based Argo Tunnel. Here Cloudflare always chooses the fastest possible connection, which leads to average loading time improvements of 30%. Argo Tunnel costs $5 per month for each website and $0.10 per gigabyte of traffic.
A website can also be completely cached by Cloudflare without contacting your server every time the site is accessed. The prerequisite for this is that there are only static and no dynamic elements on the website. The term dynamic refers to all website elements that require communication with your server for their use. These include, for example, contact forms or web applications. In the default setting of Cloudflare, websites are not completely cached due to such dynamic elements. However, if you have a website that only consists of static elements, you can let Cloudflare cache it completely. This is very easy with page rules: Click on "Page Rules" at the top of the menu and then on "Create Page Rule". With the help of the asterisk symbol you can create a page rule that includes all subpages (e.g. example.com/*). Click "Pick a Setting", then click Cache Level and select Cache Everything.
If only a part of the website contains dynamic elements, this part can be excluded and only the static part can be cached. This works the same way as described above, except that the page rule only contains the static part of the website. Unfortunately only three page rules are available in the free plan. If these are not enough, you can switch to a paid plan or buy additional page rules.
When you make changes to your website, these changes are initially only saved on your server. The provided data of the Cloudflare servers remain the same, which is why changes are not immediately visible. Only when the Cloudflare cache is cleared, the new data is loaded from your server and all changes become visible. For instructions on how to clear the Cloudflare cache, see the section Purge Cache.
To temporarily switch off Cloudflare, I recommend using the Development Mode. This can be activated in the menu item Caching. In Development Mode the Cloudflare cache is inactive and all website changes are directly visible. To completely deactivate Cloudflare, the name servers of your domain must be set to a different provider. This option is available at most domain registrars and web hosting providers. To switch off Cloudflare without changing the name servers, you can click on the yellow cloud symbols in the Cloudflare menu item DNS. The cloud symbols then turn grey and Cloudflare is only used as DNS server.
The use of Cloudflare affects website ranking in search engines in different ways. The most significant effect is that the website is quickly accessible from all parts of the world through Cloudflare. This improves the ranking especially in countries that are far away from your own server. Overall, the ranking of a website can usually be slightly improved by using Cloudflare, negative effects are very rare. In the section Cloudflare and SEO you can find more information.
Depending on the configuration of your Internet connection, the DNS servers are selected either by your operating system (e.g. Windows or Android) or by your router. Therefore different steps are necessary depending on the configuration. You can find instructions for changing the DNS servers for routers and different operating systems on the official Cloudflare DNS information page. More information is available in the Cloudflare DNS section.
At the moment it is not yet possible to register a new domain with Cloudflare. Only already existing domains can be moved to Cloudflare. To do this, click on the menu item "Domains" after logging in. For the move of a domain to Cloudflare an authorization code is required. You can get this authorization code from your current domain registrar or web hosting provider. The special feature of Cloudflare Registrar is that Cloudflare only passes on its own costs. No additional fees are charged. Therefore a domain change to Cloudflare is worthwhile in most cases.