A friend approached me asking to do a Cloudflare review wondering if this free service does what it promises so I set out to do some testing.
Cloudflare says “Give us five minutes and we’ll supercharge your website.” – Cloudflare has you point the DNS records of your website to their DNS servers which results in all requests for your website being redirected to them first.
When they receive a request for your information, they analyze where the request came from (the ip address) to make sure it’s a legitimate request and not a spam bot, compromised pc or known threat. They also cache your content and spread it around servers they own in many locations so that your website is served faster.
In my Cloudflare review, I tested three servers of mine, one dedicated and extremely fast, another a high-end VPS and the other a slower shared server. To do the testing, I used a website recommend by Google, webpagetest, which allows testing from multiple locations throughout the world. Below you’ll find my test results:
Website A on dedicated server w/o cloudflare
From: Dulles, VA – IE8 – DSL (3.796)
First View 3.302s and repeat was 2.306s
First View 4.290s and repeat was 2.373s
From: London, UK – IE7 – DSL (4.9215)
First View 4.784s and repeat was 3.039s
First View 5.059s and repeat was 3.706sWebsite A on dedicated server with cloudflare
From: Dulles, VA – IE8 – DSL (3.3165)
First View 2.294s and repeat was 0.995s
First View 4.339s and repeat was 1.791s
From: London, UK – IE7 – DSL (4.001)
First View 3.423s and repeat was 2.993s
First View 4.579s and repeat was 3.806s
Website B on High-end VPS w/o cloudflare
Testing from Dulles, VA – IE8 – DSL (1.649)
First View 1.670s and repeat was .833
First View 1.628s and repeat was .829sWebsite B on High-end VPS with cloudflare
Testing from Dulles, VA – IE8 – DSL (2.152)
First View 1.628s and repeat was 1.231
First View 2.676s and repeat was 2.254s
Website C on shared server w/o cloudflare
From: Dulles, VA – IE8 – DSL (1.952)
First View 2.044s and repeat was 0.850s
First View 1.861s and repeat was 0.894s
From: London, UK – IE7 – DSL (3.118)
First View 3.281s and repeat was 2.291s
First View 2.956s and repeat was 1.939sWebsite C on shared server with cloudflare
From: Dulles, VA – IE8 – DSL (1.503)
First View 1.520s and repeat was 0.538s
First View 1.486s and repeat was 0.516s
From: London, UK – IE7 – DSL (4.191)
First View 4.102s and repeat was 1.319s
First View 4.280s and repeat was 1.386s
How I factored the results in my Cloudflare review
First View and repeat is completed with the same browser session. I then closed the browser and initiated the second set of tests, so you’ll see two sets of First View and repeat results.
I took the first view times of both tests, then averaged them without looking at the repeat times. My focus is on what the googlebot would see at first visit.
Cloudflare Reports the following for each site:
Website A as taking 1.65 sec to load without their service and .94 seconds with their service making it 43% faster yet my tests show 3.796 sec to load w/o cloudflare and 3.3165 w cloudflare making it 12% faster
Website B as taking 1.33 sec to load without their service and .73 seconds with their service making it 45% faster yet my tests show 1.649 sec to load w/o cloudflare and 2.152 w cloudflare making it 23% slower
Website C as taking 1.28 sec to load without their service and .61 seconds with their service making it 52% faster yet my tests show 1.952 sec to load w/o cloudflare and 1.503 w cloudflare making it 23% faster
Final Cloudflare Speed Test Results
It appears that my high-end virtual private server (which is in the cloud) performs much better without cloudflare, my dedicated server noticed a small increase and my shared (low end) server noticed a nice increase in speed. Why their results are so different from webpagetest’s results is unknown, but as you can see, I tested this at multiple locations.
Cloudflare shows a cached image of your site when it’s offline and during my initial research, I noticed mention of a banner that’s placed on your cached content. I took my site offline and put this to the test – I did not find any additional code (except for the email obfuscation which can be turned off) in my cached content.
Update!
Just noticed this banner:
It said my server was unavailable and was serving a cached page. I checked the server and other sites on that server and found everything was running, so I’m guessing the problem was on their end but they served this message anyway. The image above is what was at the top of my site as they delivered my cached page.
If you’re into link love, will, you’re giving them a ton of it when this happens! Odd that when I first signed up, I didn’t see this banner, but after being with them awhile, it’s showing up now.
I did notice that when accessing their site (happened in multiple local locations), sometimes I would receive “The connection was reset. The connection to the server was reset while the page was loading.” – odd for a company that has servers around the world?
Incorrect IP addresses with Cloudflare
Cloudflare behaves like a reverse proxy, so let me take a sec and explain what this is:
A proxy is a server acting as an intermediary for requests from a website visitor seeking resources from a website. When you (the visitor) request information from a website, the proxy server hides your IP address and uses its own instead. The owner of the website sees the proxy’s IP address, not yours – the proxy is working for you, the visitor.
A reverse proxy works for the server, not the visitor. It acts as a gateway to a web server or web server farm by acting as the final IP address for requests from visitors. It hides the IP address of the webserver rather than the visitor.
Because Cloudflare acts as a reverse proxy, the IP address in your comments and applications running on your webserver will show a Cloudflare IP address and NOT the visitor’s ip address. This can mess up your log files and interfere with tracking and more. For adsense users, watch closely your adsense stats before and after using cloudflare – search Google for “cloudflare adsense” to research this yourself.
Cloudflare has an apache module called mod_cloudflare which can help record the correct ip address of visitors and for WordPress users, there is a Cloudflare plugin to ensure you have the correct IPs.
For details on a reverse proxy, check out sans.org/reading_room/whitepapers/webservers/reverse-proxy-proxy-name_302
Cloudflare and Supercache
I use supercache to speed up my websites and found no problems running cloudflare and supercache together. I read on the web that supercache made the site respond slower when running with cloudflare, but did not find this to be true; I tested with and without the plugin.
Cloudflare’s is not about making your site faster as much as it is about security. You’ll notice the threatening IP addresses that were blocked or challenged, along with the amount of bandwidth you saved by using their free service. Providing such a free service is expensive, especially if you have multiple servers distributing cached content around the world, but it’s not really free if you consider the information you’re providing them in return.
Cloudflare Privacy Concerns
By pointing your domain name’s name servers to Cloudflare, you’re giving them the crown jewels of your website. Some of my best sites were started because I reviewed my server log files and found patterns that revealed a niche; without those log files, my life would be much different.
As it stands now, when you start a website, you’re guessing that a term is popular and there is no grantee your idea is going to take off. But imagine the value of a database containing factual, verifiable data containing the hottest terms along with traffic numbers, referrals and more! Just one term could make you rich depending on the niche!
“CloudFlare may aggregate data we acquire about you and the visitors to your site.” and “If we assemble this sort of data and provide it to external parties, your personal information (such as your name, email address, and other information specifically tagged to your identity) will never be attached to or included in the aggregated data. Please note, public data you provide us, such as log files of your site’s visitors, may be included in the aggregate data, reports and statistics.”
and Information Collection:
“CloudFlare is the sole owner of the information collected on this site and through any CloudFlare service. As visitors browse our web site, or your sites if they are protected by CloudFlare, we sometimes track them in order to provide a better service.”
I could read this as, by using our free service, we own any information we gather from your website such as log files, we can track your visitors, we can compile a list of your hottest keywords and then sell this data as long as it doesn’t contain information that would identify you as a person. Cloudflare states “We will always maintain the overriding principle that we will not sell, rent, or give away any personal information…” which pertains only to your person and not your log files, hot topics, popular pages, referrers and other data.
Don’t confuse this with free dns services for individuals where activity can be tracked and then matched to other individuals to find a pattern (Free DNS companies still have to guess what’s popular). With Cloudflare, there is no matching, they have the motherlode, your server and proof that a topic or niche exists.
This type of data is in high demand and companies pay big bucks for such services! Information such as this is exactly what giants like Google look for when buying a company and I have no doubt that not to far in the distant future, the founders of cloudflare will be well rewarded for their creativity! (or Google / Microsoft will start a similar service : )
I mention the privacy concerns not because I distrust Cloudflare or have reason to believe their intentions are anything but honest, but because people can often forget what they are giving away when they accept free services such as this. I suggest you review their privacy policy at cloudflare.com/security-policy.html to learn more.
Summary Review of Cloudflare
If you have a site that’s performing well and don’t want that data sold to the highest bidder, then think carefully before jumping into such services. If however, you’re not concerned with data and focused instead on speed, Cloudflare may be for you. In my case, I tested three sites and found that it reduced the performance on the high-end VPS but made a marked improvement on my lower-end shared server; there is also the added benefit of increased security.
Besides having access to all that verifiable data, Cloudflare also benefits from hosting companies recommending Cloudflare to their clients. Since Cloudflare caches content and saves the hosting company bandwidth and server resources, it makes sense to push this service!
They get high marks for creativity, great marks for security, great marks for low-end servers, poor marks for high-end virtual private servers and a BIG WARNING to those concerned about non-personal privacy (such as your best keywords, traffic, referrers, etc.)
CloudFlare launched publicly exactly one year ago today. In that year, we have grown from virtually no traffic to powering more than 15 billion page views and 350 million unique visitors in the last month. Today, to celebrate CloudFlare’s birthday, we thought we’d give our users a present in the form of a groundbreaking new feature.
CloudFlare set out to solve the Internet’s biggest challenges. One of the challenges a lot of people talk about, but few people are doing anything about, is the transition from IPv4 to IPv6. That changes today.
The IPv4 protocol was designed in the 1970s. It was built to accommodate about 4 billion devices connecting to the network. That seemed like a lot at the time, but the explosive growth of the Internet means we’re closing in on that number. In order to allow the Internet to continue to grow, a new protocol was created: IPv6.
Unfortunately, the IPv4 and IPv6 networks are incompatible. Unless you have a gateway of some kind, if you’re on one you can’t visit websites on the other. And, even more unfortunately, the gateway solutions typically are hardware-based and cost tens of thousands of dollars per website to deploy. This means that most the world’s websites are unavailable for the 1% of the Internet that is already using IPv6. And the percentage of users on IPv6-only networks is only going to grow.
At CloudFlare, we realized we were in a unique position to solve this problem. Today we’re publicly launching CloudFlare’s Automatic IPv6 Gateway. To enable it, visit your CloudFlare Settings page:
CloudFlare.com > My websites > Settings (pull down menu) > CloudFlare settings
You can choose two options: (FULL) which will enable IPv6 on all your CloudFlare Enabled subdomains, or (SAFE) which will automatically create specific IPv6-only subdomains (e.g., www.ipv6.yoursite.com). You do not need to change any of your DNS settings. After it is up and running, you can test your IPv6 compatibility and get a badge for your site at:
cloudflare.ipv6-test.com
We are providing the Automatic IPv6 Gateway for free to all CloudFlare users. We started CloudFlare in order to help solve some of the Internet’s toughest challenges. We are proud on our first birthday to be doing our part to help solve another one.
Our blog has more information. And, if you’re as excited as we are, you can Tweet about it!
Thanks!
Team CloudFlare
Just got this announcement:
We just introduced a new CloudFlare App, from Haileo, which chose CloudFlare to introduce their service to a wider audience for the first time.
This App offers site owners the opportunity to make money with contextual advertising on their image and video inventory.
To start, Haileo is limiting access to sites with more than 200,000 pageviews/month in the United States. Based on a CloudFlare estimate… you qualify!
Interested? Turn it on.
Once you give it a try, let us know what you think.
Thanks,
The CloudFlare Team
I wonder what percentage they get? Either a percentage of the impressions or account from Cloudflare signups. Money, money money!
I said in my post above that Google would either buy them out for the data or offer their own service and dominate the market and sure enough, Google has released “Page Speed Service”
Page Speed Service
Yup, almost the same thing as Cloudflare or Incapsula and I’ll guarantee they’ll have a security feature to beat them both – how could they not, they are Google. They even offer a demo on how you can test page speed before and after using their service, so that you can compare for yourself – Cloudflare shows you what “they claim” they have saved you in speed, but when testing yourself, the numbers just don’t add up (at least they didn’t for me).
I’ll bet the venture capitalists are in an uproar! It is a little risky for Google to release such a service right in the middle of a US Government Antitrust Investigation – talk about control of data, wow!
Also, I noticed that Google just announced today they launched Hotel Finder, so much for TripAdvisor, Hotels.com and other big players. It’s fair game though and Google is not one to sit on the sidelines.
I’ll be putting the new Page Speed Service to the test soon and will report back – can’t wait to see the results :)
Thanks Jim. I’m looking forward to that review.
Please let me know if you have any questions.
Regards,
Gil R.
Hi Gil,
Nice to know that you guys at Incapsula extend the definition of “personal information” to everything that a customer brings to your table and not just data that identifies you as a person! I consider everything in my server’s log files personal!
I’ll review your service using the exact same sites that I tested CloudFlare with and report the results.
Thanks,
Jim
Hi guys,
Thanks for the heads-up, the link has been fixed: incapsula.com/privacy-policy
BTW, the Privacy Policy section has always been accessible, as was Term of Use, at the bottom of the page.
As for the definition of “personal information”, Incapsula doesn’t share ANY of its users’ info. with a third-party or other organizations. I hope that clarifies that.
Incapsula’s privacy policy also states “personal information”. This is defined as any information that may identify you as an individual and nothing else. At least Cloudflare puts it right out there with this statement “such as your name, email address, and other information specifically tagged to your identity”.
Notice the mention of Incapsula’s privacy policy on their terms of service page? Go to incapsula.com/terms-of-use and look under Privacy Policy, copy their link, paste it into the browser and what do you get? Every other link or mention of a link on that Incapsula.com works except this one. If you want to review their privacy policy, then visit incapsula.com/privacy-policy.
Thank you for sharing your thoughts and concerns about CloudFlare, and I am truly impressed with the depth of your review. Speed results aside, how many of us actually bother to check the TOS and Privacy Policies of the services we sign up for?
Speaking of which, I’m actually with a competing service, namely Incapsula, because they have in their FREE plan the security that CloudFlare only has in their paid PRO plan, while the performance of my site isn’t any different, as I found out when I tested both on my site:
husdal.com/2011/07/01/incapsula-versus-cloudflare/
After reading your post I decided to scrutinize the small print of Incapsula’s TOS and Privacy Policy, and I did not find any such statement, rather the opposite: “Incapsula will not share, sell, auction off or give away your personal information to any third-party or other organization without first obtaining your prior written consent.” That is good to know.
Oh, the $20M that Marciag mentions in the comment above were actually received half a year ago (Source: techcrunch.com/2011/07/12/oh-by-the-way-cloudflare-raised-20-million-last-november/), but only announced yesterday. And the record 7 million pageviews isn’t that impressive if you consider how CloudFlare counts pageviews, which is any request that returns HTML (Source: blog.cloudflare.com/understanding-analytics-when-is-a-page-view-n). On my site this led to my CloudFlare pageviews being 10x my Google Analytics pageviews, and the latter is probably how most people would understand pageviews, and not the CloudFlare way of counting. And finally, I’m not sure where Marciag sees the 150,000 followers…@cloudflare only has 4370 by my last count.
That said, CloudFlare’s growth is remarkable, and hopefully it is not just a bubble.
A company starts in 2010, gets an initial $2 million funding from Venrock and Pelion Venture Partners, then yesterday, Cloudflare received $20 million in funding from nea.com (Enterprise Associates) and has grown to 7 billion page views per month, DOES NOT get that kind of money without a plan!
Promoted by Twitter, the company jumped to 150,000 followers. This will be the one of the biggest hosting companies on the planet (you didn’t think selling data was the end game did you?).
That is one fast moving company!!!