--- title: Analytics Changelog image: https://developers.cloudflare.com/cf-twitter-card.png --- [Skip to content](#%5Ftop) # Changelog New updates and improvements at Cloudflare. [ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) Analytics ![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) Apr 08, 2026 1. ### [Real-time alerts and daily digests for Threat Events](https://developers.cloudflare.com/changelog/post/2026-04-08-threat-events-notification/) [ Security Center ](https://developers.cloudflare.com/security-center/) You can now automate your threat monitoring by setting up custom alerts in your saved views. Instead of manually checking the dashboard for updates, you can subscribe to notifications that trigger whenever new data matches your specific filter sets, like new activity associated to a particular threat actor or spikes in activity within your industry. #### Stay ahead of emerging threats By linking your saved views to the Cloudflare Notifications Center, you can ensure the right information reaches your team at the right time. * **Immediate Alerts**: receive real-time notifications the moment a critical event is detected that matches your saved criteria. This is essential for high-priority monitoring, such as tracking active campaigns from specific APT groups. * **Daily Digests**: opt for a summarized report delivered once a day. This is ideal for maintaining situational awareness of broader trends, like regional activity shifts or industry-wide threat landscapes, without cluttering your inbox. ![Threat Events notifications](https://developers.cloudflare.com/_astro/threat-events-notifications.3Fl8LGOn_S9A1r.webp) #### How to get started To set up an alert, go to **Application Security** \> **Threat Intelligence** \> **Threat Events**. From there: 1. Choose your datasets and apply your desired filters and select **Save View** (or select an existing one). 2. Open the **Manage Saved Views** menu. 3. Select **Add Alert** next to your chosen view to configure your notification preferences in the Cloudflare dashboard. For more technical details on configuring notifications, refer to the [Threat Events documentation](https://developers.cloudflare.com/security-center/cloudforce-one/). Apr 06, 2026 1. ### [New ResponseTimeMs field in Gateway DNS Logpush dataset](https://developers.cloudflare.com/changelog/post/2026-04-06-gateway-dns-response-time-ms/) [ Logs ](https://developers.cloudflare.com/logs/) Cloudflare has added a new field to the [Gateway DNS](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/gateway%5Fdns/#responsetimems) Logpush dataset: * **ResponseTimeMs**: Total response time of the DNS request in milliseconds. For the complete field definitions, refer to [Gateway DNS dataset](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/account/gateway%5Fdns/). Apr 02, 2026 1. ### [BigQuery as Logpush destination](https://developers.cloudflare.com/changelog/post/2026-04-02-bigquery-destination/) [ Logs ](https://developers.cloudflare.com/logs/) Cloudflare Logpush now supports **BigQuery** as a native destination. Logs from Cloudflare can be sent to [Google Cloud BigQuery ↗](https://cloud.google.com/bigquery) via [Logpush](https://developers.cloudflare.com/logs/logpush/). The destination can be configured through the Logpush UI in the Cloudflare dashboard or by using the [Logpush API](https://developers.cloudflare.com/api/resources/logpush/subresources/jobs/). For more information, refer to the [Destination Configuration](https://developers.cloudflare.com/logs/logpush/logpush-job/enable-destinations/bigquery/) documentation. Apr 01, 2026 1. ### [Routing Section Expansion on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-04-01-radar-routing-section/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) now features an expanded [Routing section ↗](https://radar.cloudflare.com/routing) with dedicated sub-pages, providing a more organized and in-depth view of the global routing ecosystem. This restructuring lays the groundwork for additional routing features and widgets coming in the near future. #### Dedicated sub-pages The single Routing page has been split into three focused sub-pages: * [**Overview** ↗](https://radar.cloudflare.com/routing) — Routing statistics, IP address space trends, BGP announcements, and the new Top 100 ASes ranking. * [**RPKI** ↗](https://radar.cloudflare.com/routing/rpki) — RPKI validation status, ASPA deployment trends, and per-ASN ASPA provider details. * [**Anomalies** ↗](https://radar.cloudflare.com/routing/anomalies) — BGP route leaks, origin hijacks, and Multi-Origin AS (MOAS) conflicts. ![Screenshot of the routing section menu](https://developers.cloudflare.com/_astro/routing-section-menu.CEq17il__Z247uNQ.webp) #### New widgets The routing overview now includes a **Top 100 ASes** table ranking autonomous systems by customer cone size, IPv4 address space, or IPv6 address space. Users can switch between rankings using a segmented control. ![Screenshot of the top-100 ASes table](https://developers.cloudflare.com/_astro/top-100-ases-table.ZBSReN_5_ZvHO93.webp) The RPKI sub-page introduces a **RPKI validation** view for per-ASN pages, showing prefixes grouped by RPKI validation status (Valid, Invalid, Unknown) with visibility scores. ![Screenshot of the RPKI validation view](https://developers.cloudflare.com/_astro/rpki-validation-view.D3eQih4x_1IAam0.webp) #### Improved IP address space chart The [IP address space ↗](https://radar.cloudflare.com/routing) chart now displays both IPv4 and IPv6 trends stacked vertically and is available on global, country, and AS views. ![Screenshot of the IPv4 and IPv6 combined IP space chart](https://developers.cloudflare.com/_astro/combined-ipv4-ipv6-space.DQ5qc8la_281LcA.webp) Check out the [Radar routing section ↗](https://radar.cloudflare.com/routing) to explore the data, and stay tuned for more routing insights coming soon. Mar 26, 2026 1. ### [URL Scanner improvements on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-03-26-url-scanner-improvements/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) ships several improvements to the [URL Scanner ↗](https://radar.cloudflare.com/scan) that make scan reports more informative and easier to share: * **Live screenshots** — the summary card now includes an option to capture a live screenshot of the scanned URL on demand using the [Browser Rendering](https://developers.cloudflare.com/browser-rendering/) API. * **Save as PDF** — a new button generates a print-optimized document aggregating all tab contents (Summary, Security, Network, Behavior, and Indicators) into a single file. * **Download as JSON** — raw scan data is available as a JSON download for programmatic use. * **Redesigned summary layout** — page information and security details are now displayed side by side with the screenshot, with a layout that adapts to narrower viewports. * **File downloads** — downloads are separated into a dedicated card with expandable rows showing each file's source URL and SHA256 hash. * **Detailed IP address data** — the Network tab now includes additional detail per IP address observed during the scan. ![Screenshot of the redesigned URL Scanner summary on Radar](https://developers.cloudflare.com/_astro/url-scanner-summary-redesign.DO4wDjQ3_ZcLVPN.webp) Explore these improvements on the [Cloudflare Radar URL Scanner ↗](https://radar.cloudflare.com/scan). Mar 25, 2026 1. ### [Logpush — More granular timestamps](https://developers.cloudflare.com/changelog/post/2026-03-25-logpush-granular-timestamps/) [ Logpush ](https://developers.cloudflare.com/logs/logpush/)[ Logs ](https://developers.cloudflare.com/logs/) Logpush now supports higher-precision timestamp formats for log output. You can configure jobs to output timestamps at millisecond or nanosecond precision. This is available in both the Logpush UI in the Cloudflare dashboard and the [Logpush API](https://developers.cloudflare.com/api/resources/logpush/subresources/jobs/). To use the new formats, set `timestamp_format` in your Logpush job's `output_options`: * `rfc3339ms` — `2024-02-17T23:52:01.123Z` * `rfc3339ns` — `2024-02-17T23:52:01.123456789Z` Default timestamp formats apply unless explicitly set. The dashboard defaults to `rfc3339` and the API defaults to `unixnano`. For more information, refer to the [Log output options](https://developers.cloudflare.com/logs/logpush/logpush-job/log-output-options/) documentation. Mar 18, 2026 1. ### [Real-time logo match preview](https://developers.cloudflare.com/changelog/post/2026-03-18-brand-protection-logo-match-preview/) [ Security Center ](https://developers.cloudflare.com/security-center/) We are introducing **Logo Match Preview**, bringing the same pre-save visibility to visual assets that was previously only available for string-based queries. This update allows you to fine-tune your brand detection strategy before committing to a live monitor. #### What’s new: * Upload your brand logo and immediately see a sample of potential matches from recently detected sites before finalizing the query * Adjust your similarity score (from 75% to 100%) and watch the results refresh in real-time to find the balance between broad detection and noise reduction * Review the specific logos triggered by your current settings to ensure your query is capturing the right level of brand infringement If you are ready to test your brand assets, go to the [Brand Protection dashboard ↗](https://developers.cloudflare.com/security-center/brand-protection/) to try the new preview tool. Mar 11, 2026 1. ### [Ingest field selection for Log Explorer](https://developers.cloudflare.com/changelog/post/2026-03-11-ingest-field-selection/) [ Log Explorer ](https://developers.cloudflare.com/log-explorer/) Cloudflare Log Explorer now allows you to customize exactly which data fields are ingested and stored when enabling or managing log datasets. Previously, ingesting logs often meant taking an "all or nothing" approach to data fields. With **Ingest Field Selection**, you can now choose from a list of available and recommended fields for each dataset. This allows you to reduce noise, focus on the metrics that matter most to your security and performance analysis, and manage your data footprint more effectively. #### Key capabilities * **Granular control:** Select only the specific fields you need when enabling a new dataset. * **Dynamic updates:** Update fields for existing, already enabled logstreams at any time. * **Historical consistency:** Even if you disable a field later, you can still query and receive results for that field for the period it was captured. * **Data integrity:** Core fields, such as `Timestamp`, are automatically retained to ensure your logs remain searchable and chronologically accurate. #### Example configuration When configuring a dataset via the dashboard or API, you can define a specific set of fields. The `Timestamp` field remains mandatory to ensure data indexability. ``` { "dataset": "firewall_events", "enabled": true, "fields": [ "Timestamp", "ClientRequestHost", "ClientIP", "Action", "EdgeResponseStatus", "OriginResponseStatus" ] } ``` For more information, refer to the [Log Explorer documentation](https://developers.cloudflare.com/log-explorer/). Mar 09, 2026 1. ### [New MCP Portal Logs dataset and new fields across multiple Logpush datasets in Cloudflare Logs](https://developers.cloudflare.com/changelog/post/2026-03-09-log-fields-updated/) [ Logs ](https://developers.cloudflare.com/logs/) Cloudflare has added new fields across multiple [Logpush datasets](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/): #### New dataset * **MCP Portal Logs**: A new dataset with fields including `ClientCountry`, `ClientIP`, `ColoCode`, `Datetime`, `Error`, `Method`, `PortalAUD`, `PortalID`, `PromptGetName`, `ResourceReadURI`, `ServerAUD`, `ServerID`, `ServerResponseDurationMs`, `ServerURL`, `SessionID`, `Success`, `ToolCallName`, `UserEmail`, and `UserID`. #### New fields in existing datasets * **DEX Application Tests**: `HTTPRedirectEndMs`, `HTTPRedirectStartMs`, `HTTPResponseBody`, and `HTTPResponseHeaders`. * **DEX Device State Events**: `ExperimentalExtra`. * **Firewall Events**: `FraudUserID`. * **Gateway HTTP**: `AppControlInfo` and `ApplicationStatuses`. * **Gateway DNS**: `InternalDNSDurationMs`. * **HTTP Requests**: `FraudEmailRisk`, `FraudUserID`, and `PayPerCrawlStatus`. * **Network Analytics Logs**: `DNSQueryName`, `DNSQueryType`, and `PFPCustomTag`. * **WARP Toggle Changes**: `UserEmail`. * **WARP Config Changes**: `UserEmail`. * **Zero Trust Network Session Logs**: `SNI`. For the complete field definitions for each dataset, refer to [Logpush datasets](https://developers.cloudflare.com/logs/logpush/logpush-job/datasets/). Mar 06, 2026 1. ### [Region Filtering, AS Traffic Volume, and Navigation Improvements on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-03-06-radar-region-filtering-traffic-volume-navigation/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) ships several new features that improve the flexibility and usability of the platform, as well as visibility into what is happening on the Internet. #### Region filtering All location-aware pages now support filtering by region, including continents, geographic subregions ([Middle East ↗](https://radar.cloudflare.com/middle-east), [Eastern Asia ↗](https://radar.cloudflare.com/eastern-asia), etc.), political regions ([EU ↗](https://radar.cloudflare.com/european-union), [African Union ↗](https://radar.cloudflare.com/african-union)), and US Census regions/divisions (for example, [New England ↗](https://radar.cloudflare.com/traffic/us-new-england), [US Northeast ↗](https://radar.cloudflare.com/traffic/us-northeast)). ![Screenshot of region filtering on Radar - Middle east](https://developers.cloudflare.com/_astro/region-filtering-middle-east.D__dYNBw_i7aR.webp) #### Traffic volume by top autonomous systems and locations A new traffic volume view shows the top autonomous systems and countries/territories for a given location. This is useful for quickly determining which network providers in a location may be experiencing connectivity issues, or how traffic is distributed across a region. ![Screenshot of traffic volume by top autonomous systems in US](https://developers.cloudflare.com/_astro/traffic-volume-top-as-us.DhnbB8gy_ZyvEEM.webp) The new AS and location dimensions have also been added to the [Data Explorer ↗](https://radar.cloudflare.com/explorer) for the HTTP, DNS, and NetFlows datasets. Combined with other available filters, this provides a powerful tool for generating unique insights. ![Screenshot of AS and location dimensions in Data Explorer](https://developers.cloudflare.com/_astro/data-explorer-top-as-pt.DAWOCd_b_1riM1l.webp) Finally, breadcrumb navigation is now available on most pages, allowing easier navigation between parent and related pages. Check out these features on [Cloudflare Radar ↗](https://radar.cloudflare.com). Mar 06, 2026 1. ### [Dismiss and filter matches in Brand Protection](https://developers.cloudflare.com/changelog/post/2026-03-06-brand-protection-dismiss-match/) [ Security Center ](https://developers.cloudflare.com/security-center/) We have introduced new triage controls to help you manage your Brand Protection results more efficiently. You can now clear out the noise by dismissing matches while maintaining full visibility into your historical decisions. #### What's new * **Dismiss matches**: Users can now mark specific results as dismissed if they are determined to be benign or false positives, removing them from the primary triage view. * **Show/Hide toggle**: A new visibility control allows you to instantly switch between viewing only active matches and including previously dismissed ones. * **Persistent review states**: Dismissed status is saved across sessions, ensuring that your workspace remains organized and focused on new or high-priority threats. #### Key benefits of the dismiss match functionality: * Reduce alert fatigue by hiding known-safe results, allowing your team to focus exclusively on unreviewed or high-risk infringements. * Auditability and recovery through the visibility toggle, ensuring that no match is ever truly "lost" and can be re-evaluated if a site's content changes. * Improved collaboration as your team members can see which matches have already been vetted and dismissed by others. Ready to clean up your match queue? Learn more in our [Brand Protection documentation](https://developers.cloudflare.com/security-center/brand-protection/). Mar 03, 2026 1. ### [Network Quality Test on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-03-03-radar-network-quality-test/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) now includes a [Network Quality Test ↗](https://radar.cloudflare.com/speedtest) page. The tool measures Internet connection quality and performance, showing connection details such as IP address, server location, network (ASN), and IP version. For more detailed speed test results, the page links to [speed.cloudflare.com ↗](https://speed.cloudflare.com/). ![Screenshot of the Network Quality Test page on Radar](https://developers.cloudflare.com/_astro/network-quality-test.BwQ-CoTH_Z90pOd.webp) Feb 27, 2026 1. ### [Post-Quantum Encryption and Key Transparency on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-27-radar-pq-key-transparency/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) now tracks post-quantum encryption support on origin servers, provides a tool to test any host for post-quantum compatibility, and introduces a Key Transparency dashboard for monitoring end-to-end encrypted messaging audit logs. #### Post-quantum origin support The new [Post-Quantum](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/) API provides the following endpoints: * [/post\_quantum/tls/support](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/subresources/tls/methods/support/) \- Tests whether a host supports post-quantum TLS key exchange. * [/post\_quantum/origin/summary/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/methods/summary/) \- Returns origin post-quantum data summarized by key agreement algorithm. * [/post\_quantum/origin/timeseries\_groups/{dimension}](https://developers.cloudflare.com/api/resources/radar/subresources/post%5Fquantum/methods/timeseries%5Fgroups/) \- Returns origin post-quantum timeseries data grouped by key agreement algorithm. The new [Post-Quantum Encryption ↗](https://radar.cloudflare.com/post-quantum) page shows the share of customer origins supporting [X25519MLKEM768](https://developers.cloudflare.com/ssl/post-quantum-cryptography/pqc-support/#x25519mlkem768), derived from daily automated TLS scans of TLS 1.3-compatible origins. The scanner tests for algorithm support rather than the origin server's configured preference. ![Screenshot of the origin post-quantum support graph on Radar](https://developers.cloudflare.com/_astro/pq-origin-support.Bn5Dw_It_Z12sKNz.webp) A host test tool allows checking any publicly accessible website for post-quantum encryption compatibility. Enter a hostname and optional port to see whether the server negotiates a post-quantum key exchange algorithm. ![Screenshot of the post-quantum host test tool on Radar](https://developers.cloudflare.com/_astro/pq-host-test.dRqwoOvo_Z2hjMhW.webp) #### Key Transparency A new [Key Transparency ↗](https://radar.cloudflare.com/key-transparency) section displays the audit status of Key Transparency logs for end-to-end encrypted messaging services. The page launches with two monitored logs: WhatsApp and Facebook Messenger Transport. Each log card shows the current status, last signed epoch, last verified epoch, and the root hash of the Auditable Key Directory tree. The data is also available through the [Key Transparency Auditor API](https://developers.cloudflare.com/key-transparency/api/). ![Screenshot of the Key Transparency dashboard on Radar](https://developers.cloudflare.com/_astro/key-transparency-dashboard.DNQgLsb0_25IWgQ.webp) Learn more about these features in our [blog post ↗](https://blog.cloudflare.com/radar-origin-pq-key-transparency-aspa) and check out the [Post-Quantum Encryption ↗](https://radar.cloudflare.com/post-quantum) and [Key Transparency ↗](https://radar.cloudflare.com/key-transparency) pages to explore the data. Feb 25, 2026 1. ### [RPKI ASPA Deployment Insights on Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-25-radar-aspa-insights/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) now includes [Autonomous System Provider Authorization (ASPA) ↗](https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-verification/) deployment insights, providing visibility into the adoption and verification of ASPA objects across the global routing ecosystem. #### New API endpoints The new [ASPA](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/) API provides the following endpoints: * [/bgp/rpki/aspa/snapshot](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/snapshot/) \- Retrieves current or historical ASPA objects. * [/bgp/rpki/aspa/changes](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/changes/) \- Retrieves changes to ASPA objects over time. * [/bgp/rpki/aspa/timeseries](https://developers.cloudflare.com/api/resources/radar/subresources/bgp/subresources/rpki/subresources/aspa/methods/timeseries/) \- Retrieves ASPA object counts over time as a timeseries. #### New Radar widgets The [global routing page ↗](https://radar.cloudflare.com/routing) now shows the ASPA deployment trend over time by counting daily ASPA objects. ![Screenshot of the ASPA deployment trend chart](https://developers.cloudflare.com/_astro/aspa-global-trend.CXGWGFL4_ZEk9sF.webp) The global routing page also displays the most recent ASPA objects, searchable by ASN or AS name. ![Screenshot of the ASPA objects table](https://developers.cloudflare.com/_astro/aspa-global-table.vHUyNoTh_17BSkd.webp) On country and region routing pages, a new widget shows the ASPA deployment rate for ASNs registered in the selected country or region. ![Screenshot of the ASPA deployment trent chart for Germany](https://developers.cloudflare.com/_astro/aspa-germany-trend.DIH6CESC_Z1CWuGi.webp) On AS routing pages, the connectivity table now includes checkmarks for ASPA-verified upstreams. All ASPA upstreams are listed in a dedicated table, and a timeline shows ASPA changes at daily granularity. ![Screenshot of the ASPA changes timeline on an AS routing page](https://developers.cloudflare.com/_astro/aspa-asn-timeline.Bnl6upJs_Z1DgRWG.webp) Check out the [Radar routing page ↗](https://radar.cloudflare.com/routing) to explore the data. Feb 23, 2026 1. ### [Saved views for Threat Events](https://developers.cloudflare.com/changelog/post/2026-02-23-saved-views-in-threat-events/) [ Security Center ](https://developers.cloudflare.com/security-center/) **TL;DR:** You can now create and save custom configurations of the Threat Events dashboard, allowing you to instantly return to specific filtered views — such as industry-specific attacks or regional Sankey flows — without manual reconfiguration. #### Why this matters Threat intelligence is most effective when it is personalized. Previously, analysts had to manually re-apply complex filters (like combining specific industry datasets with geographic origins) every time they logged in. This update provides material value by: * Analysts can now jump straight into "Known Ransomware Infrastructure" or "Retail Sector Targets" views with a single click, eliminating repetitive setup tasks * Teams can ensure everyone is looking at the same data subsets by using standardized saved views, reducing the risk of missing critical patterns due to inconsistent filtering. Cloudforce One subscribers can start saving their custom views now in [Application Security > Threat Intelligence > Threat Events ↗](https://dash.cloudflare.com/?to=/:account/security-center/threat-intelligence/threat-events). Feb 19, 2026 1. ### [DEX Supports EU Customer Metadata Boundary](https://developers.cloudflare.com/changelog/post/2026-02-19-dex-supports-cmb-eu/) [ Digital Experience Monitoring ](https://developers.cloudflare.com/cloudflare-one/insights/dex/) [Digital Experience Monitoring (DEX)](https://developers.cloudflare.com/cloudflare-one/insights/dex/) provides visibility into [WARP](https://developers.cloudflare.com/warp-client/) device connectivity and performance to any internal or external application. Now, all DEX logs are fully compatible with Cloudflare's [Customer Metadata Boundary](https://developers.cloudflare.com/data-localization/metadata-boundary/) (CMB) setting for the 'EU' (European Union), which ensures that DEX logs will not be stored outside the 'EU' when the option is configured. If a Cloudflare One customer using DEX enables CMB 'EU', they will not see any DEX data in the Cloudflare One dashboard. Customers can ingest DEX data via [LogPush](https://developers.cloudflare.com/logs/logpush/), and build their own analytics and dashboards. If a customer enables CMB in their account, they will see the following message in the Digital Experience dashboard: "DEX data is unavailable because Customer Metadata Boundary configuration is on. Use Cloudflare LogPush to export DEX datasets." ![Digital Experience Monitoring message when Customer Metadata Boundary for the EU is enabled](https://developers.cloudflare.com/_astro/dex_supports_cmb.6YOLXjHN_ZJh3uv.webp) Feb 19, 2026 1. ### [Cloudforce One Threat events graphs are now visible in the dashboard](https://developers.cloudflare.com/changelog/post/2026-02-19-threat-events-graphs/) [ Security Center ](https://developers.cloudflare.com/security-center/) We have introduced dynamic visualizations to the Threat Events dashboard to help you better understand the threat landscape and identify emerging patterns at a glance. What's new: * **Sankey Diagrams**: Trace the flow of attacks from country of origin to target country to identify which regions are being hit hardest and where the threat infrastructure resides. ![Sankey Diagram](https://developers.cloudflare.com/_astro/2026-02-19-sankey-diagram.VZMSmdZL_Z1dxq3E.webp) * **Dataset Distribution over time**: Instantly pivot your view to understand if a specific campaign is targeting your sector or if it is a broad-spectrum commodity attack. ![Events over time](https://developers.cloudflare.com/_astro/2026-02-19-events-over-time.CqD7VKqA_Z20JNi0.webp) * **Enhanced Filtering**: Use these visual tools to filter and drill down into specific attack vectors directly from the charts. Cloudforce One subscribers can explore these new views now in [Application Security > Threat Intelligence > Threat Events ↗](https://dash.cloudflare.com/?to=/:account/security-center/threat-intelligence/threat-events). Feb 18, 2026 1. ### [New cfWorker metric in Server-Timing header](https://developers.cloudflare.com/changelog/post/2026-02-18-cfworker-server-timing/) [ Analytics ](https://developers.cloudflare.com/analytics/) The Server-Timing header now includes a new `cfWorker` metric that measures time spent executing Cloudflare Workers, including any subrequests performed by the Worker. This helps developers accurately identify whether high Time to First Byte (TTFB) is caused by Worker processing or slow upstream dependencies. Previously, Worker execution time was included in the `edge` metric, making it harder to identify true edge performance. The new `cfWorker` metric provides this visibility: | Metric | Description | | -------- | ------------------------------------------------------------------------------------- | | edge | Total time spent on the Cloudflare edge, including Worker execution | | origin | Time spent fetching from the origin server | | cfWorker | Time spent in Worker execution, including subrequests but excluding origin fetch time | #### Example response ``` Server-Timing: cdn-cache; desc=DYNAMIC, edge; dur=20, origin; dur=100, cfWorker; dur=7 ``` In this example, the edge took 20ms, the origin took 100ms, and the Worker added just 7ms of processing time. #### Availability The `cfWorker` metric is enabled by default if you have [Real User Monitoring (RUM)](https://developers.cloudflare.com/web-analytics/) enabled. Otherwise, you can enable it using [Rules](https://developers.cloudflare.com/rules/). This metric is particularly useful for: * **Performance debugging**: Quickly determine if latency is caused by Worker code, external API calls within Workers, or slow origins. * **Optimization targeting**: Identify which component of your request path needs optimization. * **Real User Monitoring (RUM)**: Access detailed timing breakdowns directly from response headers for client-side analytics. For more information about Server-Timing headers, refer to the [W3C Server Timing specification ↗](https://www.w3.org/TR/server-timing/). Feb 17, 2026 1. ### [Cloudflare One Product Name Updates](https://developers.cloudflare.com/changelog/post/2026-02-17-product-name-updates/) [ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)[ Network Flow ](https://developers.cloudflare.com/network-flow/) We are updating naming related to some of our Networking products to better clarify their place in the Zero Trust and Secure Access Service Edge (SASE) journey. We are retiring some older brand names in favor of names that describe exactly what the products do within your network. We are doing this to help customers build better, clearer mental models for comprehensive SASE architecture delivered on Cloudflare. #### What's changing * **Magic WAN** → **Cloudflare WAN** * **Magic WAN IPsec** → **Cloudflare IPsec** * **Magic WAN GRE** → **Cloudflare GRE** * **Magic WAN Connector** → **Cloudflare One Appliance** * **Magic Firewall** → **Cloudflare Network Firewall** * **Magic Network Monitoring** → **Network Flow** * **Magic Cloud Networking** → **Cloudflare One Multi-cloud Networking** **No action is required by you** — all functionality, existing configurations, and billing will remain exactly the same. For more information, visit the [Cloudflare One documentation](https://developers.cloudflare.com/cloudflare-one/). Feb 12, 2026 1. ### [Content Type Dimension for AI Bots in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-12-radar-ai-bots-content-type/) [ Radar ](https://developers.cloudflare.com/radar/) [**Radar**](https://developers.cloudflare.com/radar/) now includes content type insights for AI bot and crawler traffic. The new `content_type` dimension and filter shows the distribution of content types returned to AI crawlers, grouped by MIME type category. The content type dimension and filter are available via the following API endpoints: * [/ai/bots/summary/content\_type](https://developers.cloudflare.com/api/resources/radar/subresources/ai/subresources/bots/methods/summary%5Fv2/) * [/ai/bots/timeseries\_groups/content\_type](https://developers.cloudflare.com/api/resources/radar/subresources/ai/subresources/bots/methods/timeseries%5Fgroups/) Content type categories: * **HTML** \- Web pages (`text/html`) * **Images** \- All image formats (`image/*`) * **JSON** \- JSON data and API responses (`application/json`, `*+json`) * **JavaScript** \- Scripts (`application/javascript`, `text/javascript`) * **CSS** \- Stylesheets (`text/css`) * **Plain Text** \- Unformatted text (`text/plain`) * **Fonts** \- Web fonts (`font/*`, `application/font-*`) * **XML** \- XML documents and feeds (`text/xml`, `application/xml`, `application/rss+xml`, `application/atom+xml`) * **YAML** \- Configuration files (`text/yaml`, `application/yaml`) * **Video** \- Video content and streaming (`video/*`, `application/ogg`, `*mpegurl`) * **Audio** \- Audio content (`audio/*`) * **Markdown** \- Markdown documents (`text/markdown`) * **Documents** \- PDFs, Office documents, ePub, CSV (`application/pdf`, `application/msword`, `text/csv`) * **Binary** \- Executables, archives, WebAssembly (`application/octet-stream`, `application/zip`, `application/wasm`) * **Serialization** \- Binary API formats (`application/protobuf`, `application/grpc`, `application/msgpack`) * **Other** \- All other content types Additionally, individual [bot information pages ↗](https://radar.cloudflare.com/bots/directory/gptbot) now display content type distribution for AI crawlers that exist in both the Verified Bots and AI Bots datasets. ![Screenshot of the Content Type Distribution chart on the AI Insights page](https://developers.cloudflare.com/_astro/ai-bots-content-type.B7xP9p4S_Z2oYyEM.webp) Check out the [AI Insights page ↗](https://radar.cloudflare.com/ai-insights#content-type) to explore the data. Feb 12, 2026 1. ### [Enhanced Logo Matching for Brand Protection](https://developers.cloudflare.com/changelog/post/2026-02-12-brand-protection-logo-matching-percentage-selector/) [ Security Center ](https://developers.cloudflare.com/security-center/) We have significantly upgraded our Logo Matching capabilities within Brand Protection. While previously limited to approximately 100% matches, users can now detect a wider range of brand assets through a redesigned matching model and UI. #### What's new * **Configurable match thresholds**: Users can set a minimum match score (starting at 75%) when creating a logo query to capture subtle variations or high-quality impersonations. * **Visual match scores**: Allow users to see the exact percentage of the match directly in the results table, highlighted with color-coded lozenges to indicate severity. * **Direct logo previews**: Available in the Cloudflare dashboard — similar to string matches — to verify infringements at a glance. #### Key benefits * **Expose sophisticated impersonators** who use slightly altered logos to bypass basic detection filters. * **Faster triage** of the most relevant threats immediately using visual indicators, reducing the time spent manually reviewing matches. Ready to protect your visual identity? Learn more in our [Brand Protection documentation](https://developers.cloudflare.com/security-center/brand-protection/). Feb 09, 2026 1. ### [Tabs and pivots](https://developers.cloudflare.com/changelog/post/2026-02-09-tabs-and-pivots/) [ Log Explorer ](https://developers.cloudflare.com/log-explorer/) Log Explorer now supports multiple concurrent queries with the new Tabs feature. Work with multiple queries simultaneously and pivot between datasets to investigate malicious activity more effectively. #### Key capabilities * **Multiple tabs:** Open and switch between multiple query tabs to compare results across different datasets. * **Quick filtering:** Select the filter button from query results to add a value as a filter to your current query. * **Pivot to new tab:** Use Cmd + click on the filter button to start a new query tab with that filter applied. * **Preserved progress:** Your query progress is preserved on each tab if you navigate away and return. For more information, refer to the [Log Explorer documentation](https://developers.cloudflare.com/log-explorer/). Feb 03, 2026 1. ### [Threat actor identification with "also known as" aliases](https://developers.cloudflare.com/changelog/post/2026-02-03-threat-actor-name-mapping/) [ Security Center ](https://developers.cloudflare.com/security-center/) Identifying threat actors can be challenging, because naming conventions often vary across the security industry. To simplify your research, **Cloudflare Threat Events** now include an **Also known as** field, providing a list of common aliases and industry-standard names for the groups we track. This new field is available in both the Cloudflare dashboard and via the API. In the dashboard, you can view these aliases by expanding the event details side panel (under the **Attacker** field) or by adding it as a column in your configurable table view. #### Key benefits * Easily map Cloudflare-tracked actors to the naming conventions used by other vendors without manual cross-referencing. * Quickly identify if a detected threat actor matches a group your team is already monitoring via other intelligence feeds. For more information on how to access this data, refer to the [Threat Events API documentation ↗](https://developers.cloudflare.com/api/resources/cloudforce%5Fone/subresources/threat%5Fevents/). Jan 15, 2026 1. ### [Network Services navigation update](https://developers.cloudflare.com/changelog/post/2026-01-15-networking-navigation-update/) [ Magic Transit ](https://developers.cloudflare.com/magic-transit/)[ Cloudflare Network Firewall ](https://developers.cloudflare.com/cloudflare-network-firewall/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)[ Network Flow ](https://developers.cloudflare.com/network-flow/) The Network Services menu structure in Cloudflare's dashboard has been updated to reflect solutions and capabilities instead of product names. This will make it easier for you to find what you need and better reflects how our services work together. Your existing configurations will remain the same, and you will have access to all of the same features and functionality. The changes visible in your dashboard may vary based on the products you use. Overall, changes relate to [Magic Transit ↗](https://developers.cloudflare.com/magic-transit/), [Magic WAN ↗](https://developers.cloudflare.com/magic-wan/), and [Magic Firewall ↗](https://developers.cloudflare.com/cloudflare-network-firewall/). **Summary of changes:** * A new **Overview** page provides access to the most common tasks across Magic Transit and Magic WAN. * Product names have been removed from top-level navigation. * Magic Transit and Magic WAN configuration is now organized under **Routes** and **Connectors**. For example, you will find IP Prefixes under **Routes**, and your GRE/IPsec Tunnels under **Connectors.** * Magic Firewall policies are now called **Firewall Policies.** * Magic WAN Connectors and Connector On-Ramps are now referenced in the dashboard as **Appliances** and **Appliance profiles.** They can be found under **Connectors > Appliances.** * Network analytics, network health, and real-time analytics are now available under **Insights.** * Packet Captures are found under **Insights > Diagnostics.** * You can manage your Sites from **Insights > Network health.** * You can find Magic Network Monitoring under **Insights > Network flow**. If you would like to provide feedback, complete [this form ↗](https://forms.gle/htWyjRsTjw1usdis5). You can also find these details in the January 7, 2026 email titled **\[FYI\] Upcoming Network Services Dashboard Navigation Update**. ![Networking Navigation](https://developers.cloudflare.com/_astro/networking-overview-and-navigation.CeMgEFaZ_Z20HKl.webp) Jan 14, 2026 1. ### [URL Scanner now supports PDF report downloads](https://developers.cloudflare.com/changelog/post/2026-01-14-download-url-scanner-report-pdf/) [ Security Center ](https://developers.cloudflare.com/security-center/) We have expanded the reporting capabilities of the Cloudflare URL Scanner. In addition to existing JSON and HAR exports, users can now generate and download a **PDF report** directly from the Cloudflare dashboard. This update streamlines how security analysts can share findings with stakeholders who may not have access to the Cloudflare dashboard or specialized tools to parse JSON and HAR files. **Key Benefits:** * Consolidate scan results, including screenshots, security signatures, and metadata, into a single, portable document * Easily share professional-grade summaries with non-technical stakeholders or legal teams for faster incident response **What’s new:** * **PDF Export Button:** A new download option is available in the URL Scanner results page within the Cloudflare dashboard * **Unified Documentation:** Access all scan details—from high-level summaries to specific security flags—in one offline-friendly file To get started with the URL Scanner and explore our reporting capabilities, visit the [URL Scanner API documentation ↗](https://developers.cloudflare.com/api/resources/url%5Fscanner/). --- [Search all changelog entries](https://developers.cloudflare.com/search/?contentType=Changelog+entry)