February 7, 2025
Cloudflare Review
This is a leading Content Delivery Network and much more, but is it any good? Cloudflare is packed with features and starts on a Free Tier.

Firstly, who or what is Cloudflare?

Cloudflare is a Content Delivery Network (CDN). They have a presence in hundreds of data centers located in more than 100 countries and over 250 Cities. Cloudflare is one of the largest CDNs in the world. Their vast global network, which is one of the fastest on the planet, is trusted by millions of web properties. With direct connections to nearly every service provider and cloud provider. The Cloudflare network can reach 95% of the world’s population within 50 ms.

The company has raised millions in funding from some of the top venture capital firms in the world. Including Union Square Ventures, New Enterprise Associates, Venrock, Google Capital, and many others.

Cloudflare is the creator of 1.1.1.1 for Families, read about their Free Malware and Adult Content Protection Service.

Before we get to the review results, we need to cover what it does, how it does it, how good it is at going it, and what it costs.

Some Cloudflare Features

  • A Global Content distribution network in over 100 Countries and 250 Cities.
  • Arguably the Fastest DNS servers in the world 1.1.1.1
  • A DNS Registrar with cost price Domain names
  • A DNS Control Panel with easy to use addons like DNSSEC, SPF+ DKIM, DMARC tools
  • Free SSL Certificates for your website, blog or online store.
  • Global Web Content Cache for your website, blog or online store.
  • Auto Minification of CSS, HTML and Javascript
  • Brotli compression which speeds up page load times for your visitor’s HTTPS traffic.
  • A Firewall service that protects you from Bots, DDOS and more.
  • An extensive WAF (Web Application Firewall)
Before and After Cloudflare 1 1024x437 What is Cloudflare, and is it any good?
WebpageTest Results, Before and After Cloudflare

The Basics

Firstly Cloudflare is a full-featured, possibly the fullest featured CDN we have seen. It isn’t just a CDN, it isn’t just a Domain Registrar, it isn’t just a reverse proxy. Cloudflare is a platform that is great for any beginner with a little knowledge and as your site and content grow so will your dependence on Cloudflare.

Some advantages are more low-level. Cloudflare knows all about your web traffic, and it can filter it in various ways. The service blocks threats based on reputation, HTTP headers, blacklists, and more. It can stop or restrict abusive bots, limit comment spam, protect key ports (SSH, telnet, FTP) from hackers, or detect and mitigate DDoS attacks in various ways.

Cloudflare offers some helpful image optimizations. The “Polish” technology reduces the file size of images by 35%, and the “Mirage” feature optimizes how images are displayed on mobile devices. These features alone could make a huge difference to some websites.

While Cloudflare has a strong focus on ease-of-use and consumer-friendly features, the service also offers plenty for more demanding users. You get support for IPv6, HTTP/3, WebSockets, page rules to manipulate traffic, a REST API, dedicated SSL certificates, and more. Content translation: Translation of content is not an easy task. Essentially this platform is for almost anyone at any level of expertise, from solo bloggers to multinational enterprises.

Setting up and Account.

Creating a Cloudflare account is simple and easy. First, you will enter your email address, then choose a password for the account. That’s it!

You start the process of accelerating your first website by entering its domain. Cloudflare will grab every DNS record associated with that domain if it already exists, i.e. you are using it on your existing website. If you are starting from the beginning there probably won’t be much if anything to import.

If you did not register your domain with Cloudflare, then the only remaining step is to set your domain name servers with your current registrar to point at the Cloudflare designated servers that they will supply to you as a part of the process. Your DNS registrar will have a how-to on this, Here is a link to GoDaddy’s how-to.

One thing to keep in mind is that Cloudflare only proxies HTTP/HTTPS traffic, so don’t enable the Proxy option for FTP or Mail / MX servers. This will break your mail delivery. If in doubt read this support article “Email undeliverable when using Cloudflare

Cloudflare’s web console opens with a quick walkthrough of some useful security settings. Enabling Automatic HTTPS Rewrites redirects HTTP queries to HTTPS whenever possible; Auto Minify reduces the size of your site’s HTML, CSS, and JavaScript files, and Brotli is a smart Google-developed compression algorithm that typically shrinks text files by 10-20% more than even Gzip does. 

It’s good news that Cloudflare is supporting Brotli, especially for a free product. Some commercial CDN plans still don’t support Brotli. Amazon CloudFront didn’t get it until late 2020.

Feature Overview

Cloudflare’s web console opens with an Overview page that displays your current site status. 

The console displays small icons for 16 more function areas, including Analytics, DNS, Firewall, Speed, Caching, Page Rules, and the new Zaraz.

Speed

The Analytics area has a pile of detailed reports including bandwidth usage, requests, DNS traffic, cache effectiveness, unique visitors, threats blocked, and more. While the free plan gets most of these, there are some significant time-related limits (the DNS report covers the last 6 hours only; the Pro account maintains up to a day; the Enterprise plan keeps 30 days data) That said the Performance is a reverse of that, Although you will get 30 Days of performance information on the free account you will not be able to access the anything less than 1 day. 

The Speed area has 2 parts; 

The overview section wish will run a speed test on your site and give you an indication of the difference between using Cloudflare and not. 

Optimization area offering settings for Auto Minify, Brotli, HTTP/2 Prioritization, Automatic Platform Optimization for WordPress ($5 per month) There are also other treats in there like Image Resizing and Polish, Resizing will resize and convert images to WebP format on the fly and cache them on the Cloudflare edge, Polish will Improve image load time by optimizing images by making them Lossy, Glossy, Lossless, etc. This way you don’t have to worry about using heavy WordPress plugins for image optimization. Let Cloudflare do the heavy lifting, at a cost of course. But the Pro Version is $20 per month and will give you a bunch of these tools and features. It’s worth every cent if you need to take your site performance and security to the next level. Of course, you can start with the free option. 

SSL/TLS 

Overview: This section will allow you to set 4 options around the encryption of your site and content. 

Off: (Not Secure) No encryption applied, If you have a very basic site you could use this, but rather enable SSL/TLS

Flexible: Encrypts traffic between the browser and Cloudflare, this is if you have a host that does not offer free encryption, this is ok for a blog, but if you are collecting user information or are an online store, rather use Full of Struct. 

Full: Encrypts end-to-end, using a self-signed certificate on the server. Cloudflare can generate a self-signed edge certificate for your web host, or you can do it if you have the know-how. Cloudflare will then allow users to connect to your site via a valid signed HTTPS connection to your hosting server/platform. This is a good option. You can also enable Authenticated Pulls, (fully secure data transaction between the Cloudflare and your Server) If you can use the Full option there is almost no reason why you can’t use the Strict Option below. 

Strict: Encrypts end-to-end, but requires a trusted CA or Cloudflare Origin CA certificate on the server. This by far is the best option. Your web host or server will need a valid and trusted CA. You can use a free Let’s Encrypt Certificate to achieve this and will give your page visitors the best level of security and is perfect for an eCommerce Site, All of this can be done on the Free Tier. 

Edge Certificates:

Here there are a number of options to look at that will make your site even more secure and trusted. 

Always use HTTPS: This will automatically redirect any user accessing your page using HTTP:// to HTTPS:// 

HTTP Strict Transport Security (HSTS): This enables a number of security policies that can substantially improve the security of your website. However, there are important considerations to keep in mind when enabling HSTS. When you enable this there will be a screen that pops up and explains what this does and what things to keep in mind. 

There are a number of other options in the SSL/TLS area including opportunistic encryption, minimum TLS version, you can also enable TLS 1.3 support, and much more, Cloudflare takes security very seriously. 

Almost everything under the SSL/TLS section is included in the Free Tier.

Cloudflare SSL TLS 1024x368 What is Cloudflare, and is it any good?
SSL/TLS on Cloudflare

Caching

The Caching option gives you a fairly powerful level of control over your cache settings, even on the Free Tier. You can clear the cache in full, or delete individual objects; set a default time for a visitor’s browser to cache files (30 minutes minimum). Generally, 30 Days is recommended by sites like WebpageTest.org You can decide on how to treat query strings.

You can enable Development Mode which is useful for then you are making a lot of changes to your site, this enables you to essentially bypass caching and brings traffic directly to your server. There is also the well knows Always Online feature which will display your page from the Internet Archive’s Wayback Machine. This means that if your site is down due to an outage, people can still see a limited version of your site. 

There is also a new Beta for Crawler Hints. This is an interesting add-on and promises to provide high-quality data to search engines and other crawlers when sites using Cloudflare change their content. This allows crawlers to precisely time crawling, avoid wasteful crawls, and generally reduce resource consumption on origins and other Internet infrastructure.

Although possibly better suited to being in the Firewall area there is a very important tool if you host images that can be uploaded by the public. That is the CSAM Scanning Tool. Or Child Sexual Abuse Material Scanning Tool allows website owners to proactively identify and take action on potential CSAM located on their website. 

With this service enabled, the tool will attempt to match hashes of your cached images against hashes of known CSAM. if you run a picture-sharing site or a busy site that allows the public to upload images this is an essential reason to use Cloudflare. When a match is made, the tool will:

  • Report the content to National Center for Missing and Exploited Children (NCMEC) using the CyberTipline credentials you provide
  • Block the URL where the content has been found
  • Email you with the NCMEC report ID and the file path to enable you to permanently remove the image

Network

In the network area, you can enable HTTP/3 (with QUIC) QUIC improves encryption and performance compared to TCP and TLS. Read more about QUIC here. There are also options to enable 0-RTT Connection Resumption which Improves performance for clients who have previously connected to your website. Web Sockets, which creates a single connection and doesn’t need multiple HTTP headers, WebSockets can provide anywhere from 500:1 to a 1000:1 reduction in unnecessary HTTP header traffic compared to HTTP polling solutions. And SSL / HTTPS is supported.

Traffic

There are a number of options here, one that really stands out, and although paid for is very affordable. That is Argo Smart Routing. Argo is a service that uses optimized routes across the Cloudflare network to decrease loading times, increase reliability, and reduce bandwidth costs. Enabling Argo activates Argo Smart Routing, reducing Internet latency by 30% and connection errors by 27% on average.

Argo’s smart routing algorithm uses real-time network intelligence to route traffic through the fastest Cloudflare network paths while maintaining open, secure connections to eliminate latency imposed by connection setup. Argo Tunnels use a lightweight daemon installed on the origin infrastructure. It includes containers or virtual machines. Argo Tunnel creates an encrypted tunnel between the nearest Cloudflare data center, and an application’s origin server, without opening a public inbound port.

You can start using ARGO for as little as $5 per month for 1GB of Argo traffic, or $5.90 for 10GB. by contrast 1TB of Argo Traffic is only $104,90

Zaraz (beta)

This is very new. Essentially Zaraz is the ability to run 3rd party scripts on the cloud edge.

It gives you control over third-party tools and services for your website. It allows you to offload them to Cloudflare’s edge, improving the speed and security of your website. This tool allows you to run analytics tools, advertising pixels, scripts, chatbots, marketing automation tools, and more, in the most optimized way. This is because all of these services can run from the Cloudflare edge infrastructure and not on your web host.

The Zaraz service is built for speed, privacy, and security, and you can use it to load as many tools as you need. There is a near-zero performance hit. Best of All it’s available on the Free Tier.

Firewall

On the Free Tier, there are some extensive firewall options. Cloudflare Firewall Rules offer power and flexibility by targeting HTTP traffic and applying custom criteria to block, challenge, log, or allow certain requests.

Bot Fight mode will challenge requests that match patterns of known bots before they access your site.

DDoS Protection can automate DDoS protection systems. It constantly analyzes traffic and generates real-time signatures to mitigate attacks across the network and application layers. These mitigations are automatically enabled for all customers across all plans

WAF, or Web Application Firewall. Cloudflare maintains a managed et of rules that you can enable on a rule by rule basis. If you are running WordPress Joomla and other CMS platforms there are a huge amount of rules that they include to protect your site.

Other Notable Options and Features

Cloudflare has so many features that it’s almost impossible to go into all of them. So I will give a brief list below

Access: With Access, you can secure access to internal applications without a VPN, there is no need to do network segmentation. It’s easy to enforce access to specific applications on a per-user basis with easy-to-create and manage rules. This can be done with your existing SSO setup on your corporate network.

Scrape Shield: You can protect the content of your site with Scrape Shield. Display obfuscated email addresses on your website to prevent harvesting by bots and spammers. Your human visitors will see your actual email address. There is also the ability to enable Hotlink Protection which stops your images from off-site linking.

Pricing

Cloudflare Pricing 1 1024x419 What is Cloudflare, and is it any good?

For a full list of features by plan check out the Our Plans Page on Cloudflare

Review Conclusion

Simply put, Cloudflare gives you a lot of features for free, even more on the Pro Level. Most bloggers, eCommerce store operators, business sites, etc. probably never need much more than what you could get on Cloudflare for $20. It’s very possible to run a site safely and reliably on Cloudflare for Free. Personally, I have over 10 websites currently running on Cloudflare. This started out as a way of testing a bunch of sites, some dummy stores, some blogs for the purpose of testing and writing this article. Ultimately I think that I will continue to use Cloudflare in the future. This site although as of January 2022 is in its infancy making use of Cloudflare.

* Ensuring your website, especially when using WordPress and other CMS systems funs as fast as it can there are a number of things to consider. Including your Web Host or Server. Website Them, Image sizes and optimization, caching plugins, etc.

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Share via
Copy link
Powered by Social Snap