Service-Specific Terms

Last updated November 18, 2024 (note that the "Supplemental Terms" have been renamed to the "Service-Specific Terms" as of May 10, 2023)

The following Service-Specific Terms (“Service-Specific Terms”), are an integral part of the Self-Serve Subscription Agreement, Enterprise Subscription Agreement, or any other agreement governing your use and access to Cloudflare's Service(s), as applicable (“Subscription Terms”). Unless defined below, all capitalized terms will have the definitions given to such terms in the Subscription Terms. For Enterprise customers, all references to “you” and “your” in the Service-Specific Terms below refer to the Customer named in the applicable Order Form or other ordering document.

Please click on the following links to navigate to the Service-Specific Terms applicable to your specific Cloudflare Services.


Always Online™

  1. Always Online is a Service that serves a limited copy of the portions of your Zone (as defined in the Service-Specific Terms Units of Measurements) that are available from the Internet Archive’s Wayback Machine in case your server goes offline. You can learn more about the Internet Archive here.

  2. By enabling Always Online on your Zone, you authorize Cloudflare to share your Zone’s hostname and frequently-visited URLs with the Internet Archive, and to serve a limited copy of your Zone from the Internet Archive’s Wayback Machine when Cloudflare determines your origin server is unavailable by forwarding portions of client requests to your Zone to the Internet Archive to retrieve and serve requested content from the Internet Archive (e.g., requested URL, Accept request-header field).

  3. The Internet Archive is an independent entity and is not endorsed or sponsored by Cloudflare. You understand and agree that Cloudflare has no control over and is not responsible for the data shared with the Internet Archive, the content provided by the Internet Archive, whether and what portion of your content the Internet Archive chooses to archive, how often the Internet Archive updates your archived content, and/or whether the Internet Archive will take down any of your content upon request. You can learn more about the Internet Archive’s Terms of Use, Privacy Policy, and Copyright Policy here.

  4. You understand that Always Online is made available to you on an “as is” and “as available” basis. Always Online is not covered by Cloudflare customer support and does not have an SLA. Cloudflare reserves the right to modify or discontinue Always Online at any time without notice to you.

  5. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, ALWAYS ONLINE , WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.


Bot Management

Customer will not be billed for any requests that Cloudflare reasonably determines were generated by bad bots (e.g., requests with a low cf.bot_management.score that are not included in Cloudflare’s or Customer’s list of allowed bots).


Content Delivery Network (Free, Pro, or Business)

Cloudflare’s content delivery network (the “CDN”) Service can be used to cache and serve web pages and websites. Unless you are an Enterprise customer, Cloudflare offers specific Paid Services (e.g., the Developer Platform, Images, and Stream) that you must use in order to serve video and other large files via the CDN. Cloudflare reserves the right to disable or limit your access to or use of the CDN, or to limit your End Users’ access to certain of your resources through the CDN, if you use or are suspected of using the CDN without such Paid Services to serve video or a disproportionate percentage of pictures, audio files, or other large files. We will use reasonable efforts to provide you with notice of such action.


CSAM Scanning Tool

  1. Acknowledgement of Relevant Legal Requirements

    In connection with your obligation to comply with all laws and regulations applicable to your use of Cloudflare Services as set out in the Subscription Terms, you acknowledge that the content of the data you identify using the CSAM Scanning Tool may be subject to specific legal requirements which may include, but are not limited to, laws requiring the reporting of any facts or circumstances from which you obtain actual knowledge of an apparent violation of laws relating to Child Sexual Abuse Material (CSAM) to the National Center for Missing and Exploited Children (NCMEC) and/or a government agency in your jurisdiction. Any information that Cloudflare provides to you regarding the use of the CSAM Scanning Tool is not intended as legal advice and is not a substitute for the advice of your own legal counsel.

  2. Purpose limitation, Your instructions to Audit and report to NCMEC

    The purpose of the CSAM Scanning Tool is to prevent the spread of child sexual abuse content, and to support investigations targeted to stopping the distribution and possession of child sexual abuse content (“Purpose”). You may use the CSAM Scanning Tool solely for the Purpose, and you must not use it for any other purposes. To achieve the Purpose, it is important for you and Cloudflare to work together to maintain the integrity of the service.

    Accordingly:


    (a) You hereby authorize Cloudflare to take steps to monitor and audit your usage of the CSAM Scanning Tool to help ensure that the service is used solely for the Purpose, and otherwise in accordance with these Terms and the Subscription Terms.

    (b) You hereby authorize Cloudflare to provide reports to NCMEC on your behalf on the images you upload on the CSAM Scanning Tool that match the signatures of known CSAM images. You hereby instruct Cloudflare to use your NCMEC CyberTipline credentials and the email address you have specified for the CSAM Scanning Tool to submit these reports on your behalf. You understand that such reports do not relieve you of any legal requirements that might arise from your use of the CSAM Scanning Tool, including, but not limited to, any applicable preservation obligations and obligations that may be applicable in your local jurisdiction.

    (c) You hereby authorize Cloudflare to block images that the CSAM Scanning Tool matches to signatures of known CSAM images.

  3. Details for the CSAM Scanning Tool

    This applicable service details are as follows:

    (a) In order to use the CSAM Scanning Tool, you must provide Cloudflare with your NCMEC CyberTipline credentials and you will be required to verify the email address you have provided.

    (b) The CSAM Scanning Tool is provided free of charge. Accordingly, Cloudflare will have no liability for any harm or damage arising out of or in connection with your use of the CSAM Scanning Tool.

    (c) Cloudflare reserves the right to modify or discontinue offering the CSAM Scanning Tool at any time (including, without limitation, by limiting or discontinuing certain features of the CSAM Scanning Tool) without notice to you.

    (d) Cloudflare may limit or throttle your CSAM Scanning Tool transactions at any time, with or without notice.

    (e) Cloudflare may terminate all Cloudflare Services provided to you if we determine that you have failed to timely remove CSAM, or we suspect you are attempting to abuse the CSAM Scanning Tool.

  4. Internal Use Only

    You will use the CSAM Scanning Tool solely for your internal use. You may not use the CSAM Scanning Tool to provide a managed service solution.

  5. No Support or SLA

    The CSAM Scanning Tool is not covered by customer support and does not have an SLA.

  6. Limitation of Liability

    IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, THE CSAM SCANNING TOOL, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.


DDoS Botnet Threat Feed

  1. You must be an Internet, hosting, cloud computing, and/or other service provider that manages its own assigned or allocated IP space, Internet network(s) and/or autonomous system(s) (“Your Network”) to subscribe to the DDoS Botnet Threat Feed. The DDoS Botnet Threat Feed will make available a list of IP addresses associated with Your Network(s) that are suspected of participating in DDoS attacks along with other data related to such IP addresses such as the date of the last suspected attack (collectively, “Botnet Threat Data”). You represent and warrant that you will maintain accurate and up-to-date information about Your Network in PeeringDB and you agree to notify Cloudflare promptly if you cease to own, manage or control any IP space, Internet network(s) and/or autonomous system(s). You agree to notify Cloudflare promptly of any actual or suspected unauthorized use of any Credentials.

  2. You may use Botnet Threat Data solely for the purpose of reducing DDoS traffic originating from Your Network(s). The use of the Services for supporting DDoS attacks is prohibited. If Cloudflare suspects that you are engaging in this activity or otherwise attempting to otherwise abuse the DDoS Botnet Threat Feed tool, Cloudflare may immediately suspend or terminate all or part of Cloudflare Services provided to you.

  3. You may not share the Botnet Threat Data with any third party. You are solely responsible for any actions you take based on the Botnet Threat Data, including, but not limited to responding to any users of Your Network(s). Accordingly, you understand that Cloudflare may direct any inquiries from users of Your Network(s) to the contact information we have on file for you.

  4. You will not, and will not allow any third party to (a) license, sublicense, sell, resell, rent, lease, transfer, assign, loan, export, distribute or sell the Botnet Threat Data to any third party, (b) use any Botnet Threat Data for the purpose of: (i) benchmarking or competitive analysis of the Botnet Threat Data or Services; or (ii) developing, using, or providing a competing service, (c) reverse engineer the Botnet Threat Data to provide insights about the Service, or (d) modify, translate or create any derivative works of the Botnet Threat Data that compete, or are intended to compete, with the Services.

  5. BOTNET THREAT DATA IS PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS. CLOUDFLARE MAKE NO CLAIMS OR PROMISES ABOUT THE QUALITY, ACCURACY, OR RELIABILITY OF THE BOTNET THREAT DATA. CLOUDFLARE EXPRESSLY DISCLAIMS ALL WARRANTIES, WHETHER EXPRESS OR IMPLIED, INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

  6. IN NO EVENT WILL CLOUDFLARE BE LIABLE TO YOU OR ANY THIRD PARTY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES ARISING OUT OF OR RELATING TO YOUR ACCESS TO OR USE OF, OR YOUR INABILITY TO ACCESS OR USE, BOTNET THREAT DATA, WHETHER BASED ON WARRANTY, CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR ANY OTHER LEGAL THEORY, WHETHER OR NOT CLOUDFLARE HAS BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGE.


  1. The Cloudflare Engagement Stack consists of the following Services: (i) Zaraz, a Service that manages the operation of Third-Party Products (e.g., tag managers); (ii) Consent Management Platform, a Service that manages End User consent to cookies; and (iii) Engagement Analytics, a Service that allows you to directly measure, track, and derive insights on End User activity.

  2. By using any Engagement Stack Service, you represent and warrant that you (i) lawfully own or control your Internet Properties or are otherwise authorized to apply the Services to such Internet Properties; (ii) will only use Third-Party Products in full compliance with any terms and conditions, policies, and documentation associated with such Third-Party Products (“Third-Party Terms”); and (iii) will comply with all applicable laws, policies, and regulations relating to the collection of information from End Users.

  3. Unlike most Cloudflare Services, certain features of the Engagement Stack may require the use of cookies and related technologies on End User devices. You represent and warrant that your Internet Properties will (i) provide notice to and obtain all consents (with an opportunity to opt-out) from your End Users as required by applicable law or Third-Party Terms, including with respect to use of cookies, cross-device tracking, or any ad targeting methods; and (ii) include a privacy policy that, at minimum, (a) discloses your use of any Engagement Stack Service, including how it collects and processes data and (b) provides clear and comprehensive information regarding the storing and accessing of cookies or other data on End User devices, including whether such data can be connected to other data you have about the End User.

  4. Cloudflare’s enablement of any Third-Party Products is solely on your behalf and at your direction, using the logic you define to configure when and how the Third-Party Products are enabled on your Internet Properties. Cloudflare has no control over any Third-Party Products, and assumes no responsibility for the content, privacy policies, required consents, or practices of such Third-Party Products. Cloudflare does not own the Third-Party Products, and Cloudflare is not affiliated with the owners of such Third-Party Products. You are solely responsible for your use of any Third-Party Products via the Service, including compliance with any Third-Party Terms.

  5. You acknowledge and agree that Cloudflare may, on your behalf, (i) use your API keys, identifiers, or other credentials that you provide to Cloudflare to enable the Third-Party Products on your Internet Properties; and (ii) scan, analyze, re-direct, block, modify, and otherwise manipulate requests and responses between your Internet Properties and Third-Party Products, including, but not limited to, by adding scripts to your pages.

  6. THE ENGAGEMENT STACK MAY ADVERSELY AFFECT THE MANNER IN WHICH YOUR INTERNET PROPERTIES ACCESS OR COMMUNICATE WITH THIRD-PARTY PRODUCTS. CLOUDFLARE DOES NOT REPRESENT OR WARRANT THAT (I) THE SERVICES WILL PREVENT YOUR OR YOUR END USERS’ DATA FROM REACHING A THIRD PARTY; (II) THE SERVICES OR ANY THIRD-PARTY PRODUCTS CONFIGURED THROUGH THE SERVICES WILL BE RELIABLE, ERROR-FREE, OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, OR (III) THAT THE SERVICE OR ANY THIRD-PARTY PRODUCTS CONFIGURED THROUGH THE SERVICES WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS.


First-Party Mode for Google Marketing Platform

  1. First-Party Mode for the Google Marketing Platform is a Service that allows mutual customers of Cloudflare and Google to use supported Google tagging solutions, such as the Google tag or Google Tag Manager (“Google Marketing Services”), on Zones in their Cloudflare account.

  2. By using the Service, you represent and warrant that you (i) will only use the Service in full compliance with the terms you have in place with Google governing the Google Marketing Services (“Google Terms”); and (ii) will provide notice to and obtain all consents from your End Users as required by applicable law or Google Terms, including with respect to use of cookies or other cross-device tracking and ad targeting methods.

  3. By using the Service, you direct Cloudflare, on your behalf, to (i) use your API keys or other credentials to enable the Google Marketing Services on your Internet Properties; (ii) send data to Google for the purpose of enabling Google Marketing Services; and (iii) scan, analyze, re-direct, block, modify, and otherwise manipulate requests and responses between your Internet Properties and Google Marketing Services, including, but not limited to, by adding scripts to your pages.

  4. Cloudflare has no control over Google Marketing Services, and assumes no responsibility for the content, privacy policies, required consents, or practices of Google Marketing Services. Cloudflare does not own Google Marketing Services, and Cloudflare is not affiliated with Google. You are solely responsible for your use of Google Marketing Services, including compliance with any Google Terms.


SSL for SaaS

SNI Rewrite functionality is only available to Enterprise customers when using custom origin functionality. It may only be enabled and used for the purpose of origin servers serving a correct certificate based on custom hostnames.

SNI Rewrite functionality may not be used for domain fronting. Such use constitutes a material breach of the Agreement. Cloudflare may suspend or terminate all or part of Cloudflare Services provided to you if Cloudflare determines you have used or are using SNI Rewrite for domain fronting.