---
title: Analytics Changelog
image: https://developers.cloudflare.com/cf-twitter-card.png
---

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

Analytics

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Jan 12, 2026
1. ### [Cloudflare Threat Events now support STIX2 format](https://developers.cloudflare.com/changelog/post/2026-01-12-stix2-available-for-threat-events-api/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
We are excited to announce that **Cloudflare Threat Events** now supports the **STIX2 (Structured Threat Information Expression)** format. This was a highly requested feature designed to streamline how security teams consume and act upon our threat intelligence.  
By adopting this industry-standard format, you can now integrate Cloudflare's threat events data more effectively into your existing security ecosystem.  
#### Key benefits  
   * Eliminate the need for custom parsers, as STIX2 allows for "out of the box" ingestion into major **Threat Intel Platforms (TIPs)**, **SIEMs**, and **SOAR** tools.  
   * STIX2 provides a standardized way to represent relationships between indicators, sightings, and threat actors, giving your analysts a clearer picture of the threat landscape.  
For technical details on how to query events using this format, please refer to our [Threat Events API Documentation ↗](https://developers.cloudflare.com/api/resources/cloudforce%5Fone/subresources/threat%5Fevents/methods/list/).  
---

Jan 07, 2026
1. ### [Workers Analytics Engine SQL now supports filtering using HAVING and LIKE](https://developers.cloudflare.com/changelog/post/2026-01-07-analytics-engine-support-for-like-and-having/)  
[ Workers Analytics Engine ](https://developers.cloudflare.com/analytics/analytics-engine/)[ Workers ](https://developers.cloudflare.com/workers/)  
You can now use the `HAVING` clause and `LIKE` pattern matching operators in [Workers Analytics Engine ↗](https://developers.cloudflare.com/analytics/analytics-engine/).  
Workers Analytics Engine allows you to ingest and store high-cardinality data at scale and query your data through a simple SQL API.  
#### Filtering using `HAVING`  
The `HAVING` clause complements the `WHERE` clause by enabling you to filter groups based on aggregate values. While `WHERE` filters rows before aggregation, `HAVING` filters groups after aggregation is complete.  
You can use `HAVING` to filter groups where the average exceeds a threshold:  
```  
SELECT  
    blob1 AS probe_name,  
    avg(double1) AS average_temp  
FROM temperature_readings  
GROUP BY probe_name  
HAVING average_temp > 10  
```  
You can also filter groups based on aggregates such as the number of items in the group:  
```  
SELECT  
    blob1 AS probe_name,  
    count() AS num_readings  
FROM temperature_readings  
GROUP BY probe_name  
HAVING num_readings > 100  
```  
#### Pattern matching using `LIKE`  
The new pattern matching operators enable you to search for strings that match specific patterns using wildcard characters:  
   * `LIKE` \- case-sensitive pattern matching  
   * `NOT LIKE` \- case-sensitive pattern exclusion  
   * `ILIKE` \- case-insensitive pattern matching  
   * `NOT ILIKE` \- case-insensitive pattern exclusion  
Pattern matching supports two wildcard characters: `%` (matches zero or more characters) and `_` (matches exactly one character).  
You can match strings starting with a prefix:  
```  
SELECT *  
FROM logs  
WHERE blob1 LIKE 'error%'  
```  
You can also match file extensions (case-insensitive):  
```  
SELECT *  
FROM requests  
WHERE blob2 ILIKE '%.jpg'  
```  
Another example is excluding strings containing specific text:  
```  
SELECT *  
FROM events  
WHERE blob3 NOT ILIKE '%debug%'  
```  
#### Ready to get started?  
Learn more about the [HAVING clause](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/statements/#having-clause) or [pattern matching operators](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/operators/#pattern-matching-operators) in the Workers Analytics Engine SQL reference documentation.

Dec 18, 2025
1. ### [Improved accuracy of cached request classification in analytics](https://developers.cloudflare.com/changelog/post/2025-12-18-cached-request-classification/)  
[ Analytics ](https://developers.cloudflare.com/analytics/)  
The cached/uncached classification logic used in Zone Overview analytics has been updated to improve accuracy.  
Previously, requests were classified as "cached" based on an overly broad condition that included blocked 403 responses, Snippets requests, and other non-cache request types. This caused inflated cache hit ratios — in some cases showing near-100% cached — and affected approximately 15% of requests classified as cached in rollups.  
The condition has been removed from the Zone Overview page. Cached/uncached classification now aligns with the heuristics used in [HTTP Analytics](https://developers.cloudflare.com/analytics/account-and-zone-analytics/zone-analytics/), so only requests genuinely served from cache are counted as cached.  
**What changed:**  
   * **Zone Overview** — Cache ratios now reflect actual cache performance.  
   * **HTTP Analytics** — No change. HTTP Analytics already used the correct classification logic.  
   * **Historical data** — This fix applies to new requests only. Previously logged data is not retroactively updated.

Dec 11, 2025
1. ### [SentinelOne as Logpush destination](https://developers.cloudflare.com/changelog/post/2025-12-11-sentinelone-destination/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
Cloudflare Logpush now supports **SentinelOne** as a native destination.  
Logs from Cloudflare can be sent to [SentinelOne AI SIEM ↗](https://www.sentinelone.com/) via [Logpush](https://developers.cloudflare.com/logs/logpush/). The destination can be configured through the Logpush UI in the Cloudflare dashboard or by using the [Logpush API](https://developers.cloudflare.com/api/resources/logpush/subresources/jobs/).  
For more information, refer to the [Destination Configuration](https://developers.cloudflare.com/logs/logpush/logpush-job/enable-destinations/sentinelone/) documentation.

Nov 24, 2025
1. ### [Cloud Services Observability in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-11-24-radar-cloud-observability/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) introduces HTTP Origins insights, providing visibility into the status of traffic between Cloudflare's global network and cloud-based origin infrastructure.  
The new [Origins](https://developers.cloudflare.com/api/resources/radar/subresources/origins/) API provides provides the following endpoints:  
   * [/origins](https://developers.cloudflare.com/api/resources/radar/subresources/origins/methods/list/) \- Lists all origins (cloud providers and associated regions).  
   * [/origins/{origin}](https://developers.cloudflare.com/api/resources/radar/subresources/origins/methods/get/) \- Retrieves information about a specific origin (cloud provider).  
   * [/origins/timeseries](https://developers.cloudflare.com/api/resources/radar/subresources/origins/methods/timeseries/) \- Retrieves normalized time series data for a specific origin, including the following metrics:  
         * `REQUESTS`: Number of requests  
         * `CONNECTION_FAILURES`: Number of connection failures  
         * `RESPONSE_HEADER_RECEIVE_DURATION`: Duration of the response header receive  
         * `TCP_HANDSHAKE_DURATION`: Duration of the TCP handshake  
         * `TCP_RTT`: TCP round trip time  
         * `TLS_HANDSHAKE_DURATION`: Duration of the TLS handshake  
   * [/origins/summary](https://developers.cloudflare.com/api/resources/radar/subresources/origins/methods/summary/) \- Retrieves HTTP requests to origins summarized by a dimension.  
   * [/origins/timeseries\_groups](https://developers.cloudflare.com/api/resources/radar/subresources/origins/methods/timeseries%5Fgroups/) \- Retrieves timeseries data for HTTP requests to origins grouped by a dimension.  
The following dimensions are available for the `summary` and `timeseries_groups` endpoints:  
   * `region`: Origin region  
   * `success_rate`: Success rate of requests (2XX versus 5XX response codes)  
   * `percentile`: Percentiles of metrics listed above  
Additionally, the [Annotations](https://developers.cloudflare.com/api/resources/radar/subresources/annotations/) and [Traffic Anomalies](https://developers.cloudflare.com/api/resources/radar/subresources/traffic%5Fanomalies/) APIs have been extended to support origin outages and anomalies, enabling automated detection and alerting for origin infrastructure issues.  
![Screenshot of the cloud service status heatmap](https://developers.cloudflare.com/_astro/cloud-service-status.DoGHSNmz_Z13ev1d.webp)  
Check out the [new Radar page ↗](https://radar.cloudflare.com/cloud-observatory).

Nov 21, 2025
1. ### [Threat insights are now available in the Threat Events platform](https://developers.cloudflare.com/changelog/post/2025-11-21-threat-events-now-show-events-insights/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
The threat events platform now has threat insights available for some relevant parent events. Threat intelligence analyst users can access these insights for their threat hunting activity. Insights are also highlighted in the Cloudflare dashboard by a small `lightning icon` and the insights can refer to multiple, connected events, potentially part of the same attack or campaign and associated with the same threat actor.  
For more information, refer to [Analyze threat events](https://developers.cloudflare.com/security-center/cloudforce-one/#analyze-threat-events).

Nov 13, 2025
1. ### [Fixed custom SQL date picker inconsistencies](https://developers.cloudflare.com/changelog/post/2025-11-13-fixed-custom-date/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
We've resolved a bug in Log Explorer that caused inconsistencies between the custom SQL date field filters and the date picker dropdown. Previously, users attempting to filter logs based on a custom date field via a SQL query sometimes encountered unexpected results or mismatching dates when using the interactive date picker.  
This fix ensures that the custom SQL date field filters now align correctly with the selection made in the date picker dropdown, providing a reliable and predictable filtering experience for your log data. This is particularly important for users creating custom log views based on time-sensitive fields.

Nov 13, 2025
1. ### [Log Explorer adds 14 new datasets](https://developers.cloudflare.com/changelog/post/2025-11-13-new-datasets/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
We've significantly enhanced Log Explorer by adding support for 14 additional Cloudflare product datasets.  
This expansion enables Operations and Security Engineers to gain deeper visibility and telemetry across a wider range of Cloudflare services. By integrating these new datasets, users can now access full context to efficiently investigate security incidents, troubleshoot application performance issues, and correlate logged events across different layers (like application and network) within a single interface. This capability is crucial for a complete and cohesive understanding of event flows across your Cloudflare environment.  
The newly supported datasets include:  
#### Zone Level  
   * `Dns_logs`  
   * `Nel_reports`  
   * `Page_shield_events`  
   * `Spectrum_events`  
   * `Zaraz_events`  
#### Account Level  
   * `Audit Logs`  
   * `Audit_logs_v2`  
   * `Biso_user_actions`  
   * `DNS firewall logs`  
   * `Email_security_alerts`  
   * `Magic Firewall IDS`  
   * `Network Analytics`  
   * `Sinkhole HTTP`  
   * `ipsec_logs`  
Note  
`Auditlog` and `Auditlog_v2` datasets require `audit-log.read` permission for querying.  
The `biso_user_actions` dataset requires either the `Super Admin` or `ZT PII` role for querying.  
#### Example: Correlating logs  
You can now use Log Explorer to query and filter with each of these datasets. For example, you can identify an IP address exhibiting suspicious behavior in the `FW_event` logs, and then instantly pivot to the `Network Analytics` logs or `Access` logs to see its network-level traffic profile or if it bypassed a corporate policy.  
To learn more and get started, refer to the [Log Explorer documentation](https://developers.cloudflare.com/log-explorer/) and the [Cloudflare Logs documentation](https://developers.cloudflare.com/logs/).

Nov 12, 2025
1. ### [DEX Logpush jobs](https://developers.cloudflare.com/changelog/post/2025-11-12-dex-logpush-jobsmdx/)  
[ Digital Experience Monitoring ](https://developers.cloudflare.com/cloudflare-one/insights/dex/)  
[Digital Experience Monitoring (DEX)](https://developers.cloudflare.com/cloudflare-one/insights/dex/) provides visibility into WARP device metrics, connectivity, and network performance across your Cloudflare SASE deployment.  
We've released four new WARP and DEX device data sets that can be exported via [Cloudflare Logpush](https://developers.cloudflare.com/cloudflare-one/insights/logs/logpush/). These Logpush data sets can be exported to R2, a cloud bucket, or a SIEM to build a customized logging and analytics experience.  
   1. [DEX Application Tests](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/dex%5Fapplication%5Ftests/)  
   2. [DEX Device State Events](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/dex%5Fdevice%5Fstate%5Fevents/)  
   3. [WARP Config Changes](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/warp%5Fconfig%5Fchanges/)  
   4. [WARP Toggle Changes](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/warp%5Ftoggle%5Fchanges/)  
To create a new DEX or WARP Logpush job, customers can go to the account level of the Cloudflare dashboard > Analytics & Logs > Logpush to get started.  
![DEX logpush job creation dashboard](https://developers.cloudflare.com/_astro/dex_logpush_datasets.CtCk36pX_Z1tuyHu.webp)

Nov 12, 2025
1. ### [More SQL aggregate, date and time functions available in Workers Analytics Engine](https://developers.cloudflare.com/changelog/post/2025-11-12-analytics-engine-further-sql-enhancements/)  
[ Workers Analytics Engine ](https://developers.cloudflare.com/analytics/analytics-engine/)[ Workers ](https://developers.cloudflare.com/workers/)  
You can now perform more powerful queries directly in [Workers Analytics Engine ↗](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library.  
Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.  
Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:  
[**New aggregate functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/)  
   * `countIf()` \- count the number of rows which satisfy a provided condition  
   * `sumIf()` \- calculate a sum from rows which satisfy a provided condition  
   * `avgIf()` \- calculate an average from rows which satisfy a provided condition  
[**New date and time functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/date-time-functions/)  
   * `toYear()`  
   * `toMonth()`  
   * `toDayOfMonth()`  
   * `toDayOfWeek()`  
   * `toHour()`  
   * `toMinute()`  
   * `toSecond()`  
   * `toStartOfYear()`  
   * `toStartOfMonth()`  
   * `toStartOfWeek()`  
   * `toStartOfDay()`  
   * `toStartOfHour()`  
   * `toStartOfFifteenMinutes()`  
   * `toStartOfTenMinutes()`  
   * `toStartOfFiveMinutes()`  
   * `toStartOfMinute()`  
   * `today()`  
   * `toYYYYMM()`  
#### Ready to get started?  
Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](https://developers.cloudflare.com/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/).

Nov 11, 2025
1. ### [Resize your custom SQL window in Log Explorer](https://developers.cloudflare.com/changelog/post/2025-11-11-resize-sql-window/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
We're excited to announce a quality-of-life improvement for Log Explorer users. You can now resize the custom SQL query window to accommodate longer and more complex queries.  
Previously, if you were writing a long custom SQL query, the fixed-size window required excessive scrolling to view the full query. This update allows you to easily drag the bottom edge of the query window to make it taller. This means you can view your entire custom query at once, improving the efficiency and experience of writing and debugging complex queries.  
To learn more and get started, refer to the [Log Explorer documentation](https://developers.cloudflare.com/log-explorer/).

Nov 11, 2025
1. ### [Logpush Health Dashboards](https://developers.cloudflare.com/changelog/post/2025-11-11-health-dashboards/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
We’re excited to introduce **Logpush Health Dashboards**, giving customers real-time visibility into the status, reliability, and performance of their [Logpush](https://developers.cloudflare.com/logs/logpush/) jobs. Health dashboards make it easier to detect delivery issues, monitor job stability, and track performance across destinations. The dashboards are divided into two sections:  
   * **Upload Health**: See how much data was successfully uploaded, where drops occurred, and how your jobs are performing overall. This includes data completeness, success rate, and upload volume.  
   * **Upload Reliability** – Diagnose issues impacting stability, retries, or latency, and monitor key metrics such as retry counts, upload duration, and destination availability.  
![Health Dashboard](https://developers.cloudflare.com/_astro/Health-Dashboard.CP0mV0IW_Z1GdXr6.webp)  
Health Dashboards can be accessed from the Logpush page in the Cloudflare dashboard at the account or zone level, under the Health tab. For more details, refer to our [**Logpush Health Dashboards**](https://developers.cloudflare.com/logs/logpush/logpush-health) documentation, which includes a comprehensive troubleshooting guide to help interpret and resolve common issues.

Nov 05, 2025
1. ### [Logpush Permission Update for Zero Trust Datasets](https://developers.cloudflare.com/changelog/post/2025-11-05-logpush-permissions-update/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
[Permissions](https://developers.cloudflare.com/logs/logpush/permissions/) for managing Logpush jobs related to [Zero Trust datasets](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/) (Access, Gateway, and DEX) have been updated to improve data security and enforce appropriate access controls.  
To view, create, update, or delete Logpush jobs for Zero Trust datasets, users must now have both of the following permissions:  
   * Logs Edit  
   * Zero Trust: PII Read  
Note  
Update your UI, API or Terraform configurations to include the new permissions. Requests to Zero Trust datasets will fail due to insufficient access without the additional permission.

Nov 04, 2025
1. ### [Log Explorer now supports query cancellation](https://developers.cloudflare.com/changelog/post/2025-11-04-query-cancellation/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
We're excited to announce that Log Explorer users can now cancel queries that are currently running.  
This new feature addresses a common pain point: waiting for a long, unintended, or misconfigured query to complete before you can submit a new, correct one. With query cancellation, you can immediately stop the execution of any undesirable query, allowing you to quickly craft and submit a new query, significantly improving your investigative workflow and productivity within Log Explorer.

Nov 04, 2025
1. ### [Log Explorer now shows query result distribution](https://developers.cloudflare.com/changelog/post/2025-11-13-query-result-distribution/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
We're excited to announce a new feature in Log Explorer that significantly enhances how you analyze query results: the Query results distribution chart.  
This new chart provides a graphical distribution of your results over the time window of the query. Immediately after running a query, you will see the distribution chart above your result table. This visualization allows Log Explorer users to quickly spot trends, identify anomalies, and understand the temporal concentration of log events that match their criteria. For example, you can visually confirm if a spike in traffic or errors occurred at a specific time, allowing you to focus your investigation efforts more effectively. This feature makes it faster and easier to extract meaningful insights from your vast log data.  
The chart will dynamically update to reflect the logs matching your current query.

Oct 31, 2025
1. ### [Report logo misuse to Cloudflare directly from the Brand Protection dashboard](https://developers.cloudflare.com/changelog/post/2025-10-31-brand-protection-logo-dashboard-report-abuse/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
The Brand Protection logo query dashboard now allows you to use the **Report to Cloudflare** button to submit an Abuse report directly from the Brand Protection logo queries dashboard. While you could previously report new domains that were impersonating your brand before, now you can do the same for websites found to be using your logo wihtout your permission. The abuse reports wiull be prefilled and you will only need to validate a few fields before you can click the submit button, after which our team process your request.  
Ready to start? Check out the [Brand Protection docs](https://developers.cloudflare.com/security-center/brand-protection/).

Oct 27, 2025
1. ### [Azure Sentinel Connector](https://developers.cloudflare.com/changelog/post/2025-10-27-sentinel-connector/)  
[ Logs ](https://developers.cloudflare.com/logs/)  
Logpush now supports integration with [Microsoft Sentinel ↗](https://www.microsoft.com/en-us/security/business/siem-and-xdr/microsoft-sentinel).The new Azure Sentinel Connector built on Microsoft’s Codeless Connector Framework (CCF), is now avaialble. This solution replaces the previous Azure Functions-based connector, offering significant improvements in security, data control, and ease of use for customers. Logpush customers can send logs to Azure Blob Storage and configure this new Sentinel Connector to ingest those logs directly into Microsoft Sentinel.  
This upgrade significantly streamlines log ingestion, improves security, and provides greater control:  
   * Simplified Implementation: Easier for engineering teams to set up and maintain.  
   * Cost Control: New support for Data Collection Rules (DCRs) allows you to filter and transform logs at ingestion time, offering potential cost savings.  
   * Enhanced Security: CCF provides a higher level of security compared to the older Azure Functions connector.  
   * ata Lake Integration: Includes native integration with Data Lake.  
Find the new solution [here ↗](https://marketplace.microsoft.com/en-us/product/azure-application/cloudflare.azure-sentinel-solution-cloudflare-ccf?tab=Overview) and refer to the [Cloudflare's developer documention ↗](https://developers.cloudflare.com/analytics/analytics-integrations/sentinel/#supported-logs:~:text=WorkBook%20fields,-Analytic%20rules)for more information on the connector, including setup steps, supported logs and Microsfot's resources.

Oct 27, 2025
1. ### [TLD Insights in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-10-27-radar-tld-insights/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now introduces Top-Level Domain (TLD) insights, providing visibility into popularity based on the DNS magnitude metric, detailed TLD information including its type, manager, DNSSEC support, RDAP support, and WHOIS data, and trends such as DNS query volume and geographic distribution observed by the [1.1.1.1](https://developers.cloudflare.com/1.1.1.1/) DNS resolver.  
The following dimensions were added to the Radar DNS API, specifically, to the [/dns/summary/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/dns/methods/summary%5Fv2/) and [/dns/timeseries\_groups/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/dns/methods/timeseries%5Fgroups%5Fv2/) endpoints:  
   * `tld`: Top-level domain extracted from DNS queries; can also be used as a filter.  
   * `tld_dns_magnitude`: Top-level domain ranking by [DNS magnitude](https://developers.cloudflare.com/radar/glossary#dns-magnitude).  
And the following endpoints were added:  
   * [/tlds](https://developers.cloudflare.com/api/resources/radar/subresources/tlds/methods/list/) \- Lists all TLDs.  
   * [/tlds/{tld}](https://developers.cloudflare.com/api/resources/radar/subresources/tlds/methods/get/) \- Retrieves information about a specific TLD.  
![Screenshot of the TLD ranking by DNS magnitude](https://developers.cloudflare.com/_astro/tld-ranking-by-dns-magnitude.DbmrooPK_1wHWG1.webp)  
Learn more about the new Radar DNS insights in our [blog post ↗](https://blog.cloudflare.com/introducing-tld-insights-on-cloudflare-radar/), and check out the [new Radar page ↗](https://radar.cloudflare.com/tlds).

Oct 27, 2025
1. ### [Cloudforce One RFI tokens are now visible in the dashboard](https://developers.cloudflare.com/changelog/post/2025-10-27-rfi-tokens-in-dash/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
The Requests for Information (RFI) dashboard now shows users the number of tokens used by each submitted RFI to better understand usage of tokens and how they relate to each request submitted.  
![Cloudforce One RFI tokens](https://developers.cloudflare.com/_astro/2025-10-24RFITokens.DPm1e8uC_2g3fE3.webp)  
What’s new:  
   * Users can now see the number of tokens used for a submitted request for information.  
   * Users can see the remaining tokens allocated to their account for the quarter.  
   * Users can only select the Routine priority for the `Strategic Threat Research` request type.  
Cloudforce One subscribers can try it now in [Application Security > Threat Intelligence > Requests for Information ↗](https://dash.cloudflare.com/?to=/:account/security-center/threat-intelligence/requests).

Oct 17, 2025
1. ### [New Application Security reports (Closed Beta)](https://developers.cloudflare.com/changelog/post/2025-10-17-app-sec-reports/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
Cloudflare's new **Application Security report**, currently in Closed Beta, is now available in the dashboard.  
[ Go to **Security reports** ](https://dash.cloudflare.com/?to=/:account/security-center/reports)  
The reports are generated monthly and provide cyber security insights trends for all of the Enterprise zones in your Cloudflare account.  
The reports also include an industry benchmark, comparing your cyber security landscape to peers in your industry.  
![Application Security report mock data](https://developers.cloudflare.com/_astro/2025-10-17-application-security-report-mock-data.Cz0-WuoX_15MbLt.webp)  
Learn more about the reports by referring to the [Security Reports documentation](https://developers.cloudflare.com/security-center/app-security-reports/).  
Use the feedback survey link at the top of the page to help us improve the reports.  
![Application Security report survey](https://developers.cloudflare.com/_astro/2025-10-17-report-feedback-survey.DPmUlWh2_Z1nYBN6.webp)

Oct 09, 2025
1. ### [Expanded CT log activity insights on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-10-09-radar-ct-log-activity-insights/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) has expanded its Certificate Transparency (CT) log insights with new stats that provide greater visibility into log activity:  
   * **Log growth rate**: The average throughput of the CT log over the past 7 days, measured in certificates per hour.  
   * **Included certificate count**: The total number of certificates already included in this CT log.  
   * **Eligible-for-inclusion certificate count**: The number of certificates eligible for inclusion in this log but not yet included. This metric is based on certificates signed by trusted root CAs within the log’s accepted date range.  
   * **Last update**: The timestamp of the most recent update to the CT log.  
These new statistics have been added to the response of the [Get Certificate Log Details](https://developers.cloudflare.com/api/resources/radar/subresources/ct/subresources/logs/methods/get/) API endpoint, and are displayed on the [CT log information page ↗](https://radar.cloudflare.com/certificate-transparency/log/nimbus2025#log-activity).  
![Screenshot of the CT log activity card on the CT log information page](https://developers.cloudflare.com/_astro/ct-log-activity.GHD-K7Mk_Z1eNOXK.webp)

Oct 06, 2025
1. ### [Browser Support Detection for PQ Encryption on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-10-06-radar-pq-encryption-test/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now includes browser detection for Post-quantum (PQ) encryption. The [Post-quantum encryption card ↗](https://radar.cloudflare.com/adoption-and-usage#post-quantum-encryption) now checks whether a user’s browser supports post-quantum encryption. If support is detected, information about the key agreement in use is displayed.  
![Screenshot of the PQ encryption browser support test on the Adoption & Usage page](https://developers.cloudflare.com/_astro/pq-encryption-test.gx_uoaMX_1GpnR5.webp)

Oct 02, 2025
1. ### [Workers Analytics Engine adds supports for new SQL functions](https://developers.cloudflare.com/changelog/post/2025-09-26-analytics-engine-sql-enhancements/)  
[ Workers Analytics Engine ](https://developers.cloudflare.com/analytics/analytics-engine/)[ Workers ](https://developers.cloudflare.com/workers/)  
You can now perform more powerful queries directly in [Workers Analytics Engine ↗](https://developers.cloudflare.com/analytics/analytics-engine/) with a major expansion of our SQL function library.  
Workers Analytics Engine allows you to ingest and store high-cardinality data at scale (such as custom analytics) and query your data through a simple SQL API.  
Today, we've expanded Workers Analytics Engine's SQL capabilities with several new functions:  
[**New aggregate functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/aggregate-functions/)  
   * `argMin()` \- Returns the value associated with the minimum in a group  
   * `argMax()` \- Returns the value associated with the maximum in a group  
   * `topK()` \- Returns an array of the most frequent values in a group  
   * `topKWeighted()` \- Returns an array of the most frequent values in a group using weights  
   * `first_value()` \- Returns the first value in an ordered set of values within a partition  
   * `last_value()` \- Returns the last value in an ordered set of values within a partition  
[**New bit functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/bit-functions/)  
   * `bitAnd()` \- Returns the bitwise AND of two expressions  
   * `bitCount()` \- Returns the number of bits set to one in the binary representation of a number  
   * `bitHammingDistance()` \- Returns the number of bits that differ between two numbers  
   * `bitNot()` \- Returns a number with all bits flipped  
   * `bitOr()` \- Returns the inclusive bitwise OR of two expressions  
   * `bitRotateLeft()` \- Rotates all bits in a number left by specified positions  
   * `bitRotateRight()` \- Rotates all bits in a number right by specified positions  
   * `bitShiftLeft()` \- Shifts all bits in a number left by specified positions  
   * `bitShiftRight()` \- Shifts all bits in a number right by specified positions  
   * `bitTest()` \- Returns the value of a specific bit in a number  
   * `bitXor()` \- Returns the bitwise exclusive-or of two expressions  
[**New mathematical functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/mathematical-functions/)  
   * `abs()` \- Returns the absolute value of a number  
   * `log()` \- Computes the natural logarithm of a number  
   * `round()` \- Rounds a number to a specified number of decimal places  
   * `ceil()` \- Rounds a number up to the nearest integer  
   * `floor()` \- Rounds a number down to the nearest integer  
   * `pow()` \- Returns a number raised to the power of another number  
[**New string functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/string-functions/)  
   * `lowerUTF8()` \- Converts a string to lowercase using UTF-8 encoding  
   * `upperUTF8()` \- Converts a string to uppercase using UTF-8 encoding  
[**New encoding functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/encoding-functions/)  
   * `hex()` \- Converts a number to its hexadecimal representation  
   * `bin()` \- Converts a string to its binary representation  
[**New type conversion functions:** ↗](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/type-conversion-functions/)  
   * `toUInt8()` \- Converts any numeric expression, or expression resulting in a string representation of a decimal, into an unsigned 8 bit integer  
#### Ready to get started?  
Whether you're building usage-based billing systems, customer analytics dashboards, or other custom analytics, these functions let you get the most out of your data. [Get started ](https://developers.cloudflare.com/analytics/analytics-engine/get-started/) with Workers Analytics Engine and explore all available functions in our [SQL reference documentation](https://developers.cloudflare.com/analytics/analytics-engine/sql-reference/).

Oct 01, 2025
1. ### [New Confidence Intervals in GraphQL Analytics API](https://developers.cloudflare.com/changelog/post/2025-10-01-confidence-intervals/)  
[ Analytics ](https://developers.cloudflare.com/analytics/)  
The GraphQL Analytics API now supports confidence intervals for `sum` and `count` fields on adaptive (sampled) datasets. Confidence intervals provide a statistical range around sampled results, helping verify accuracy and quantify uncertainty.  
   * **Supported datasets**: Adaptive (sampled) datasets only.  
   * **Supported fields**: All `sum` and `count` fields.  
   * **Usage**: The confidence `level` must be provided as a decimal between 0 and 1 (e.g. `0.90`, `0.95`, `0.99`).  
   * **Default**: If no confidence level is specified, no intervals are returned.  
For examples and more details, see the [GraphQL Analytics API documentation](https://developers.cloudflare.com/analytics/graphql-api/features/confidence-intervals/).

Sep 29, 2025
1. ### [Regional Data in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2025-09-29-radar-regional-data/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now introduces Regional Data, providing traffic insights that bring a more localized perspective to the traffic trends shown on Radar.  
The following API endpoints are now available:  
   * [Get Geolocation](https://developers.cloudflare.com/api/resources/radar/subresources/geolocations/methods/get/) \- Retrieves geolocation by `geoId`.  
   * [List Geolocations](https://developers.cloudflare.com/api/resources/radar/subresources/geolocations/methods/list/) \- Lists geolocations.  
   * [NetFlows Summary By Dimension](https://developers.cloudflare.com/api/resources/radar/subresources/netflows/methods/summary%5Fv2/) \- Retrieves NetFlows summary by dimension.  
All `summary` and `timeseries_groups` endpoints in [HTTP](https://developers.cloudflare.com/api/resources/radar/subresources/http/) and [NetFlows](https://developers.cloudflare.com/api/resources/radar/subresources/netflows/) now include an `adm1` dimension for grouping data by first level administrative division (for example, state, province, etc.)  
A new filter `geoId` was also added to all endpoints in [HTTP](https://developers.cloudflare.com/api/resources/radar/subresources/http/) and [NetFlows](https://developers.cloudflare.com/api/resources/radar/subresources/netflows/), allowing filtering by a specific administrative division.  
Check out the new Regional traffic insights on a country specific traffic page [new Radar page ↗](https://radar.cloudflare.com/traffic/pt).

[Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)