Cloudflare is a hugely successful American CDN service which combines a reverse proxy with a content delivery network, and throws a host of bonus security and optimization tools into the technical mix.
The service isn’t a conventional CDN. You don’t have to choose the specific content you’d like to cache, and there’s no need to edit your site code. Instead, you update your DNS nameservers to use Cloudflare, and once the changes have spread around the internet (this could take 24 hours, typically it’s much less) the service kicks in automatically.
Some of the benefits are similar to other CDNs. Cloudflare detects the location of any visitors and directs them to its nearest data center. This serves your content from its own cache if possible, improving response times.
Other advantages are more low-level. Because Cloudflare knows all about your web traffic, it can filter it in various ways. The service blocks threats based on reputation, HTTP headers, blacklists and more. It can stop or restrict abusive bots, limit comment spam, protect key ports (SSH, telnet, FTP) from hackers, or detect and mitigate DDoS attacks in various ways.
Quality extras include some effective image optimizations. Cloudflare’s ‘Polish’ technology works to reduce image file sizes by an average of 35%, while ‘Mirage’ uses multiple techniques to optimize how images are displayed on mobile devices. These features alone could make a huge speed difference to some sites.
While Cloudflare has a strong focus on ease-of-use and consumer-friendly features, the service also offers plenty for the more demanding and technical user. You get support for IPv6, HTTP/3, WebSockets, page rules to manipulate traffic, a REST API, dedicated SSL certificates and more.
The Cloudflare product range starts with a basic free plan. This places strict limits on some features (basic DDoS protection only, just 3 page rules included), and drops others entirely (no image optimisations), but there are no stupid restrictions to try and force you to upgrade. You get the same access to some advanced features, like the REST API, as the commercial accounts. The plan is free forever, too, with no bandwidth limits.
Cloudflare Pro is a $20 a month account aimed at professional users. This extends the free plan with Cloudflare’s Web Application Firewall, throws in the image optimization tools, and allows up to 20 page rules. The email support gets a median response time of two hours. There are more user agent and firewall rules, and real-time alerts of DDoS attacks. Overall, there’s probably enough functionality here to justify the cost, especially for high traffic sites which would be hit with extra bandwidth charges on other CDNs.
Cloudflare Business ramps up the high-end features with advanced DDoS protection, custom SSL certificate upload, optimized delivery of dynamic content, PCI compliance, prioritized support and up to 50 page rules. All this sounds good to us, although we’re less convinced by the $200 a month price tag.
You can extend these plans with a range of add-ons. A dedicated SSL certificate costs only $5 a month; 5 extra page rules costs $5; smart routing and load balancing also start at $5 a month, and rate limiting protects against denial-of-service attacks, brute-force password attempts and more for $0.05 per 10,000 good requests.
Unsurprisingly, Cloudflare Free is the standout product here. It’s simple enough for beginners to use, yet has enough power to be useful for heavy-duty sites. The lack of page and firewall rules mean it’s not nearly as configurable as the commercial products, though, and the lack of support might be an issue if you’re using it with anything business-critical.
Creating a Cloudflare account works much like any other web service. Enter your email address, choose a password, and that’s essentially it.
You start the process of accelerating your first website by entering its domain. Cloudflare grabbed every DNS record we knew existed and a few we didn’t, then it provides an option to add more, and allows the user to decide which settings it’s going to take over, and which they’ll manage themselves. (If you’ve no idea, just accept the default settings – they can be changed later, if necessary).
After that, the only remaining step is to set your domain name servers to point at Cloudflare. It’s about as simple a process as DNS tweaking gets, and the Cloudflare site even tells you which records to change (something like, replace ns1.yourhost.com and ns2.yourhost.com with bayan.ns.cloudflare.com and megan.ns.cloudflare.com.)
While this looks surprisingly straightforward, there’s a catch. Cloudflare only proxies HTTP traffic, and simply switching your nameservers could break other services. The company spells out one of the possible dangers here: ‘Cloudflare’s default configuration only allows proxying of HTTP traffic and will break mail traffic.‘ Oops.
Take a look at that article to understand any potential email issues, and be aware that enabling Cloudflare might have some unexpected effects. Choose a quiet time to experiment, maybe a weekend, whenever any problems are less likely to have an effect.
Setup time scheduled, head off to your domain registrar, make the changes in its control panel, and Cloudflare should be enabled fairly quickly. (Domain registrars like to quote a time of 24-48 hours, but that’s a worst case – ours was ready in minutes.)
That’s good news, especially for a free product. Some commercial CDN plans still don’t support Brotli compression, for instance, and even the giant Amazon CloudFront didn’t get it until September 2020.
Cloudflare’s web console opens with an Overview page which displays your current site status, which should change to ‘Great news! Cloudflare is now protecting your site’ once your new DNS settings have propagated.
The console displays small icons for 15 more function areas, including Analytics, DNS, Firewall, Speed, Caching, Page Rules, Network, Traffic and Customize. Even experts will be left guessing at what might be in some of these, but clicking each one in turn reveals more.
The Analytics area has a stack of detailed reports covering bandwidth usage, requests, DNS traffic, cache effectiveness, unique visitors, threats blocked and more. Even the free plan gets most of these, although there are some significant time-related limits (the DNS report covers the last 6 hours only; the Pro account maintains up to a day; the Enterprise plan keeps 30 days data).
Click the Speed button and Cloudflare runs some performance tests on your site, reporting any improvements you saw from enabling the CDN and its initial optimization settings (Auto Minify, Brotli and so on.) These claimed our test site load time was now 62% faster. Clicking the Optimization tab displays a list of speedup tweaks you can apply, but most of these are only available with the paid plans.
The Caching area gives a good level of control over your cache settings, especially for a free service. You can clear the cache in full, or delete individual objects; set a default time for a visitor’s browser to cache files (30 minutes minimum), or decide how to treat query strings. (When there’s a URL like example.com/pic.jpg?with=query, do you ignore the text after the ‘?’ and cache only a single pic.jpg, or do you cache a separate pic.jpg for every change in the query string?)
An Always Online feature serves content for your website even if your origin server is unavailable, reducing the effects of any down time. Serving stale content is a standard feature of many good CDNs, but Cloudflare can optionally integrate with the Internet Archive’s Wayback Machine to serve a more complete version of the site. This won’t work for everyone, but it’s an interesting idea.
There are plenty more settings available, covering DNS, page rules, low-level network configuration, and a host of ‘apps’ to enhance your website: Google Analytics, PayPal buttons, embedded YouTube videos, live chat, NoAdBlock ad-blocking detection, social media buttons and more.
Cloudflare has an impressive feature set, and even the free version contains plenty of power. If we have one concern, it’s the way that mission-critical options often sit alongside more standard settings, rather than being hidden away in an ‘Experts Only’ panel. One click in the wrong place could easily break your site, so it’s wise to think very carefully before you change anything.
Working out which is the fastest CDN for you is a complicated business. Every service has its own network which might excel in one country, but disappoint in another. A CDN has to match up with your website visitors, too. Top performance in Europe is no use at all if your visitors are mostly from North America.
CDNPerf can point you in the right direction, listing the fastest providers by country, continent or worldwide.
As we write, Cloudflare rates an average 11th place (out of 20) for worldwide queries, with an average response time of 36ms. That’s not amazing, but it’s also not bad, with the company beating several big names (CDN77, StackPath and CacheFly were 13th, 14th and 15th) and only milliseconds behind many others (G-Core, Fastly, JsDelivr and Akamai are no more than 5 milliseconds ahead.)
The worldwide averages are a little misleading, though, as Cloudflare’s results vary considerably between regions. The company rated a relatively disappointing 14th in North America, for instance, and 17th in Europe. But it made an excellent 2nd place in Asia, and 4th in Africa, presumably because Cloudflare has such a widespread network that it can reach the areas others miss.
Keep in mind that this isn’t the whole story, and sites will see different performance gains depending on their setup, which Cloudflare features they use and how they use them. But overall, there’s a lot of performance boosting potential here, more than enough to justify signing up for the free plan and trying it for yourself.
Cloudflare is easy-to-use and provides loads of features, great security, and effective website optimisations, not to mention a huge global network which reaches areas other CDNs often miss. That makes it a must for your performance boosting shortlist.