[2][8][9] Prince and Holloway had previously collaborated on Project Honey Pot, a product of Unspam Technologies that served as some inspiration for the basis of Cloudflare.

Cloudflare received media attention in June 2011 for providing DDoS mitigation for the website of LulzSec, a black hat hacking group.

[38] In 2014, Cloudflare began providing free DDoS mitigation for artists, activists, journalists, and human rights groups under the name "Project Galileo".

[46] In July 2021, the company claimed to have absorbed a DDoS attack three times larger than any they'd previously recorded, which their corporate blog implied was over 1.2 Tbit/s in total.

[57] Through a contract with the Cybersecurity and Infrastructure Security Agency, Cloudflare provides registry and authoritative DNS services to the .gov top-level domain.

[64] Cloudflare One announced the acquisition of Area 1 Security in February 2022, a company who developed a product for combating phishing email attacks.

In 2019, Cloudflare released a VPN service called WARP,[66][67] and open sourced the custom underlying WireGuard implementation written in Rust.

[68][69] In January 2021, the company began providing its "Waiting Room" digital queue product for free for COVID-19 vaccination scheduling under the title "Project Fair Shot".

[70] Project Fair Shot later won a Webby People's Choice Award in 2022 for Event Management under the Apps & Software category.

[71] In March 2023, Cloudflare announced post-quantum cryptography will be made freely and forever available to cloud services, applications and Internet connections.

They allegedly used social engineering to trick AT&T support staff into giving them access to Prince's voicemail, then exploited a vulnerability in Cloudflare's use of Google's two-factor authentication system.

[89] He told Business Insider: "The ability of somebody to single-handedly choose to knock content offline doesn’t align with core ideas of due process or justice.

"[89] As a self-described "free speech absolutist", Prince, in a blog post, vowed never to succumb to external pressure again and sought to create a "political umbrella" for the future.

[86] Prince further addressed the dangers of large companies deciding what is allowed to stay online, a concern that is shared by a number of civil liberties groups and privacy experts.

[90][91][92] The Electronic Frontier Foundation, a US digital rights group, said that services such as Cloudflare "should not be adjudicating what speech is acceptable", adding that "when illegal activity, like inciting violence or defamation, occurs, the proper channel to deal with it is the legal system".

[99] Cloudflare did not terminate service to 8chan until public and legal pressure mounted in the wake of the 2019 El Paso shooting, in which the associated manifesto was published to 8chan.

[107][103] Cloudflare provided DDoS mitigation and acted as a reverse proxy for Kiwi Farms, a far-right[108][109] Internet forum dedicated to discussion and trolling of online figures or communities.

[116][117][118][119] Although Cloudflare was not the primary website host, they did perform critical services to keep Kiwi Farms on-line, both protecting the site from denial-of-service attacks and optimizing content delivery.

[120][5][121][122] In 2022, a campaign was launched by transgender activist Clara Sorrenti, who has previously been targeted by the forum, to pressure Cloudflare into terminating service for Kiwi Farms.

[123][124] Cloudflare responded by issuing a statement on its abuse policies and saying it didn't want to set precedent for speech on the internet with its "extraordinary" decision.

[125] The company also released a blog post[126] and likened their services to that of a public utility, stating that "Just as the telephone company doesn't terminate your line if you say awful, racist, bigoted things, we have concluded ... that turning off security services because we think what you publish is despicable is the wrong policy", but that it would certainly be the "popular choice" to drop sites that the Cloudflare team "personally feels [are] disgusting and immoral".

[127][128] The company also defended their decision by saying that "where they had provided DDoS protection services to an anti-LGBTIQ+ website, they donated 100% of the fees earned to an organisation fighting for LGBTIQ+ rights".

SESTA weakened protections for Internet infrastructure companies and was criticized on free speech grounds due to concerns about disproportionate impact and disruptions to the lives of sex workers.

[156] Cloudflare CEO Matthew Prince responded that the company decided to remain providing services to Russian people to counter Russia's attempts to raise a 'digital iron curtain'.