Available Notifications

Who is it for?

Customers who want to receive a notification when the usage of a product goes above a set level.

Other options / filters

You can choose the product that you want to be notified about and the threshold that fires the notification. Thresholds depend on the product chosen.

For example:

• Argo Smart Routing has Notify when total bytes of traffic exceeds as a threshold.
• Load Balancing has Notify when total number of DNS Queries exceeds as a threshold.

Included with

Professional plans or higher.

What should you do if you receive one?

Review your product usage and adjust the configuration and/or increase the alerting threshold.

Who is it for?

Access customers who want to receive a notification when their service token is about to expire.

Other options / filters

None.

Included with

Purchase of Access

What should you do if you receive one?

Refresh your service token in the Teams dashboard Open external link under Configuration > Service Auth.

Who is it for?

Customers interested in knowing about planned Cloudflare maintenance for specific data centers. The notification lets you know when maintenance has been scheduled, changed, or canceled on an entire point of presence.

Other options / filters

You can filter maintenance notifications for specific points of presence and updates (scheduled, changed, canceled).

Included with

All Cloudflare plans.

What should you do if you receive one?

If the notification is announcing new scheduled maintenance, you may want to add the maintenance to your calendar. During these maintenance windows, you may experience a slight increase in latency to the edge location which is under maintenance.

Who is it for?

Customers interested in knowing about Cloudflare incidents. The notification lets you know when Cloudflare incidents are created, updated, and resolved.

Other options / filters

You can filter incident alerts to specific impact levels (minor, major, critical).

Additionally, incident alerts can be filtered to incidents affecting specific components. By default, incident alerts will trigger a notification for incident updates across all impact levels and components.

The impact level and affected components of an incident may change as the incident progresses. A notification will only be sent if the configured filters match at the time of the incident update. Updates will not be sent retroactively.

Included with

All Cloudflare plans.

What should you do if you receive one?

Review your analytics page to see if your domain is impacted.

Who is it for?

WAF or CDN customers who want to receive a notification when Cloudflare has mitigated an attack.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.

Who is it for?

WAF or CDN customers with the Advanced DDoS Protection subscription who want to receive a notification when Cloudflare has mitigated an attack with certain characteristics.

Other options / filters

You can choose when to trigger a notification.

Available filters include:

• The zones in the account for which they wish to receive notifications.
• The specific hostnames for which they wish to receive notifications.
• The minimum requests-per-second rate that will trigger the alert.

Included with

Enterprise plans.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.

Who is it for?

BYOIP and Magic Transit customers with Network Analytics who want to receive a notification when Cloudflare has mitigated an attack with certain characteristics.

Other options / filters

You can choose when to trigger a notification.

Available filters include:

• The IP prefixes for which they wish to receive notifications.
• The specific IP addresses for which they wish to receive notifications.
• The minimum packets-per-second rate that will trigger the alert.
• The minimum megabits-per-second rate that will trigger the alert.
• The protocols for which they wish to receive notifications.

Included with

Purchase of Magic Transit and/or BYOIP (Enterprise plans).

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.

Who is it for?

Enterprise customers who have at least one secondary zone in their account and want to receive a notification if all of their primary nameservers are failing.

Other options / filters

None.

Included with

Purchase of Secondary DNS

What should you do if you receive one?

1. Confirm that your primary nameservers are up and running.
2. Confirm that the Access Control Lists (ACLs) on your primary nameservers are configured correctly.
3. Confirm that your primary nameservers are configured correctly in your Cloudflare account (correct IP, port, TSIG).

Who is it for?

Enterprise customers who have at least one secondary zone and want to receive a notification if at least one of their primary nameservers is failing.

Other options / filters

None.

Included with

Purchase of Secondary DNS.

What should you do if you receive one?

1. Confirm that your primary nameservers are up and running.
2. Confirm that the Access Control Lists (ACLs) on your primary nameservers are configured correctly.
3. Confirm that your primary nameservers are configured correctly in your Cloudflare account (correct IP, port, TSIG).

Who is it for?

Enterprise customers who have at least one secondary zone in their account and want to receive a notification on successful zone transfers.

Other options / filters

None.

Included with

Purchase of Secondary DNS.

What should you do if you receive one?

No action needed. Everything is working correctly.

Who is it for?

Customers who are using Cloudflare for Secondary DNS and want to receive notifications about the failure or success of zone transfers from their primary nameservers.

Other options / filters

None.

Included with

Enterprise plans.

What should you do if you receive one?

Success alerts require no further action. Actions for failure notifications will depend on the type of failure.

Possible actions include:

• Checking the Access Control List (ACL) on your primary nameserver.
• Checking if Cloudflare IPs have been configured correctly on your primary nameserver.
• Checking logs on primary nameservers for other errors.

Who is it for?

Customers who want to be warned about changes to server health as determined by health checks.

Other options / filters

Available filters include:

• You can search for and add health checks from your list of health checks.
• You can choose a trigger to fire the notification when your server becomes unhealthy, healthy, or either healthy or unhealthy.

Included with

Professional plans or higher.

What should you do if you receive one?

Review your health check analytics.

Who is it for?

Customers who want to be warned about status changes (enabled/disabled) in their pools.

Other options / filters

Available filters include:

• You can search for and add pools from your list of pools.
• You can also choose the trigger that fires the notification when the Load Balancing pool is enabled, disabled, and either enabled or disabled.

Included with

Purchase of Load Balancing.

What should you do if you receive one?

No action is needed.

Who is it for?

Customers who want to be warned about changes in health status in their pools or origins.

Other options / filters

Available filters include:

• You can search for and add pools from your list of pools, as well as Include future pools (if all pools are selected).
• You can choose the trigger that fires the notification when the health status becomes unhealthy, healthy, or either unhealthy or healthy
• You can choose the trigger that fires the notification when the event source health status changes in pool, origin, or either pool or origin.

Included with

Purchase of Load Balancing.

What should you do if you receive one?

Evaluate load balancing analytics to review changes in health status over time.

Who is it for?

Enterprise customers who use Logpush and want to monitor their job health.

Other options / filters

• Notification Name: A custom name for the notification.
• Description (optional): A custom description for the notification.
• Notification Email (can be multiple emails): The email address of the recipient for the notification.

Included with

Enterprise plans.

What should you do if you receive one?

In the email for the notification, you can find the destination name for the failing Logpush job. With this destination name, you should be able to figure out which zone this relates to. There can be multiple reasons why a job fails, but it is best to test that the destination endpoint is healthy, and that necessary credentials are still working. You can also check that the destination has allowlisted Cloudflare IPs Open external link .

Who is it for?

Magic Transit on-demand customers who use Flow-Based Monitoring and want alerts when Magic Transit is automatically enabled.

Other options / filters

None.

Included with

Purchase of Magic Transit.

What should you do if you receive one?

No action is needed. You can go to the Cloudflare dashboard Open external link to review the health and status of your tunnels.

Who is it for?

BYOIP customers and Spectrum customers with Network Analytics who want to receive a notification when Cloudflare has mitigated an attack.

Other options / filters

None.

Included with

Purchase of Magic Transit and/or BYOIP.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.

Who is it for?

Magic Transit on-demand customers who are using Flow-Based Monitoring to detect attacks when Magic Transit is disabled.

Other options / filters

None.

Included with

Purchase of Magic Transit.

What should you do if you receive one?

If you do not have auto advertisement enabled, you need to advertise your IP prefixes to enable Magic Transit. For more information, refer to Dynamic advertisement.

Who is it for?

Magic Transit and Magic WAN customers who wish to receive alerts when the percentage of successful health checks for a Magic Tunnel drops below the selected service-level objective (SLO).

Other options / filters

• Notification Name: A custom name for the notification.
• Description (optional): A custom description for the notification.
• Notification Email (can be multiple emails): The email address of recipient for the notification.
• Webhooks
• Tunnels: Choose one or more tunnels to monitor.
• SLO: Define SLO threshold for Magic Tunnel health alerts. Available options are High, Medium, and Low.

Included with

Purchase of Magic Transit and Magic WAN.

What should you do if you receive one?

Refer to the Magic Transit tunnel health or Magic WAN tunnel health for more information on what the issue might be.

Who is it for?

Page Shield customers who want to receive a notification when JavaScript dependencies change in the pages of their domain.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Investigate to confirm that it is an expected change.

Who is it for?

Page Shield customers who want to receive a notification when resources from new host domains appear in their domain.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Investigate to confirm that it is an expected change.

Who is it for?

Page Shield customers who want to receive a notification when resources from a known malicious domain appear in their domain. For more information, refer to Malicious script and connection detection.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious resources, then update the pages where those resources were detected.

For more information, refer to Review scripts and connections considered malicious.

Who is it for?

Page Shield customers who want to receive a notification when Cloudflare classifies JavaScript dependencies in their domain as malicious. For more information, refer to Malicious script and connection detection.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious resources, then update the pages where those resources were detected.

For more information, refer to Review scripts and connections considered malicious.

Who is it for?

Page Shield customers who want to receive a notification when resources from a known malicious URL appear in their domain. For more information, refer to Malicious script and connection detection.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious resources, then update the pages where those resources were detected.

For more information, refer to Review scripts and connections considered malicious.

Who is it for?

Page Shield customers who want to receive a notification when new resources appear in their domain.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Investigate to confirm that it is an expected change.

Who is it for?

Page Shield customers who want to receive a notification when a resource’s URL exceeds the maximum allowed length.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Manually check the resource.

Who is it for?

Customers who want to receive notifications about project-level events in Cloudflare Pages.

Other options / filters

Available filters include:

• Pages projects
• Environments
• Different events: Deployment started, Deployment failed, or Deployment success

Included with

All Cloudflare plans.

What should you do if you receive one?

For failed deployments, review our debugging guide.

Who is it for?

BYOIP customers who want to receive a notification when their prefixes are advertised in places they should not be.

Other options / filters

None.

Included with

Purchase of BYOIP.

What should you do if you receive one?

Confirm your traffic is healthy. Reach out to your transit providers to ensure you are behaving as expected and ask them to follow up with any providers accepting the unauthorized routes.

Who is it for?

Customers who want a summary of activity related to Brand Protection.

Other options / filters

You can set up Brand Protection Alerts on individual monitored queries. For more details, refer to Brand Protection Alerts.

Included with

Professional plans or higher.

What should you do if you receive one?

Investigate and potentially block any suspicious domains that may be trying to impersonate your brand.

Who is it for?

Customers who want a summary of activity related to Brand Protection.

Other options / filters

You can set up Brand Protection Digest on individual monitored queries. For more details, refer to Brand Protection Alerts.

Included with

Professional plans or higher.

What should you do if you receive one?

Investigate and potentially block any suspicious domains that may be trying to impersonate your brand.

Who is it for?

Access customers that use client certificates for mutual TLS authentication. This notification will be sent 30 and 14 days before the expiration of the certificate.

Other options / filters

None.

Included with

Purchase of Access and/or Cloudflare for SaaS.

What should you do if you receive one?

Upload a renewed certificate.

Who is it for?

Customers with advanced certificates that want to be alerted on validation, issuance, renewal, and expiration of certificates.

Other options / filters

None.

Included with

When an advanced certificate is validated, issued, renewed, or expired.

What should you do if you receive one?

Action only needed if notification is about a certificate that failed to be issued. Refer to SSL expired or SSL mismatch errors for more information.

Who is it for?

Customers that upload their own certificate to use with hostname-level Authenticated Origin Pull (AOP) to secure connections from Cloudflare to their origin server. AOP certificate expiration notifications are sent 30 days and 14 days before the certificate expiry.

Other options / filters

None.

Included with

Authenticated Origin Pull.

What should you do if you receive one?

Upload a renewed certificate to use for hostname-level AOP.

Who is it for?

Customers with custom hostname certificates who want to receive a notification on validation, issuance, renewal, and expiration of certificates. For more details around data formatting for webhooks, refer to the Cloudflare for SaaS docs.

Other options / filters

None.

Included with

Purchase of Cloudflare for SaaS.

What should you do if you receive one?

You only need to take action if you are notified that you have a certificate that failed. You can find the reasons why a certificate is not being issued in Troubleshooting SSL errors.

Who is it for?

Customers with universal certificates who want to receive a notification on validation, issuance, and renewal of certificates.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

You only need to take action if you are notified that you have a certificate that failed. You can find the reasons why a certificate is not being issued in Troubleshooting SSL errors.

Who is it for?

Customers that upload their own certificate to use with zone-level Authenticated Origin Pull (AOP) to secure connections from Cloudflare to their origin server. AOP certificate expiration notifications are sent 30 days and 14 days before the certificate expiry.

Other options / filters

None.

Included with

Authenticated Origin Pull.

What should you do if you receive one?

Upload a renewed certificate to use for zone-level AOP.

Who is it for?

Customers who are using Stream and want to receive webhooks with the status of their videos.

Other options / filters

You can input Stream Live IDs to receive notifications only about those inputs. If left blank, you will receive a list for all inputs.

The following input states will fire notifications. You can toggle them on or off:

• live_input.connected
• live_input.disconnected

Included with

Stream subscription.

What should you do if you receive one?

Stream notifications are entirely customizable by the customer. Action will depend on the customizations enabled.

Who is it for?

Enterprise customers who want to receive a notification when Cloudflare detects edge and/or origin errors. Refer to HTTP Traffic Alerts for more information.

Other options / filters

Available filters include:

• You can search and add domains from your list of domains.
• You can filter alerts by edge status code, origin status code, and the IP Address.
• You can also choose the trigger that fires the notification. Available triggers are low sensitivity, medium sensitivity, high sensitivity, or very high sensitivity.

You can also toggle Alert Grouping to receive separate alerts for your domain, edge status code, and/or origin status code.

Included with

Enterprise plans.

What should you do if you receive one?

1. Use the link in the notification you received to see which error codes Cloudflare is seeing.
2. Depending on the statuses you are alerting on, refer to Troubleshooting Cloudflare 5XX errors.

Limitations

Traffic Monitoring alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Service level objectives (SLOs) are used to determine the threshold.

Who is it for?

Enterprise customers who want to receive a notification when Cloudflare is unable to access their origin server. Refer to HTTP Traffic Alerts for more information.

Other options / filters

Multiple filters available:

• You can search and add domains from your list of domains.
• You can also choose the trigger that fires the notification. Available triggers are low sensitivity, medium sensitivity, high sensitivity, or very high sensitivity.

Included with

Enterprise plans.

What should you do if you receive one?

1. Use the link in the Notification you received to see which error codes Cloudflare is seeing from your origin.
2. Refer to Troubleshooting Cloudflare 5XX errors to learn how to troubleshoot these errors.

Limitations

Traffic Monitoring alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Service level objectives (SLOs) are used to determine the threshold.

Who is it for?

Customers who want to receive a notification when Cloudflare is unable to access their origin. Customers will only receive this notification when their origin is returning a 521 error.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

Refer to Troubleshooting Cloudflare 5XX errors to learn how to troubleshoot these errors.

Limitations

Traffic Monitoring alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Service level objectives (SLOs) are used to determine the threshold.

Who is it for?

Enterprise customers who want to receive a notification when one zone is experiencing an unexpected spike or drop in traffic. Refer to HTTP Traffic Alerts for more information.

Other options / filters

Multiple filters available:

• You can search and add domains from your list of domains.
• You can include or exclude traffic mitigated by the Web Application Firewall (WAF).
• You can choose whether to be notified of either spikes or drops in traffic.

Included with

Enterprise plans.

What should you do if you receive one?

Use the link in the Notification you received to view if the spike or drop is significant enough to require further actions.

Limitations

Traffic Monitoring alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Z-score is used to determine the threshold.

Who is it for?

Customers who want to be notified when Cloudflare Trust & Safety rejects a request for block removal.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

Take care of any abuse on your website. Then, go to the Cloudflare dashboard Open external link and request a review.

Who is it for?

Customers who want to be notified when Cloudflare Trust & Safety places a block on their website.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

Take care of any abuse on your website. Then, go to the Cloudflare dashboard Open external link and request a review.

Who is it for?

Customers who want to be notified when Cloudflare Trust & Safety removes a block from their website.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

This is informational follow up.

Who is it for?

Customers who want to receive a notification when Cloudflare Tunnels are created or deleted in their account.

Other options / filters

None.

Included with

All Cloudflare Zero Trust plans.

What should you do if you receive one?

No action is needed.

Who is it for?

Customers who want to be warned about changes in health status for their Cloudflare Tunnels.

Other options / filters

None.

Included with

All Cloudflare Zero Trust plans.

What should you do if you receive one?

Monitor tunnel health over time and consider deploying cloudflared replicas or load balancers.

Who is it for?

Customers using Web Analytics to monitor their website’s performance.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

No action is needed. This notification is a weekly summary with reports from your Web Analytics account. Refer to Notifications Open external link in the Cloudflare dashboard to refine your notifications settings.

Who is it for?

Enterprise customers who want to receive alerts about spikes in specific services that generate log entries in Security Events. For more information, refer to WAF alerts.

Other options / filters

A mandatory filters Open API docs link selection is needed when you create a notification policy which includes the list of services and zones that you want to be alerted on.

• You can search for and add domains from your list of Enterprise zones.
• You can choose which services the alert should monitor (Managed Firewall, Rate Limiting, etc.).
• You can filter events by a targeted action.

Included with

Enterprise plans.

What should you do if you receive one?

Review the information in Security Events to identify any possible attack or misconfiguration.

Limitations

Security Events (WAF) alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Z-score is used to determine the threshold.

Who is it for?

Business and Enterprise customers who want to receive alerts about spikes across all services that generate log entries in Security Events. For more information, refer to WAF alerts.

Other options / filters

A mandatory filters Open API docs link selection is needed when you create a notification policy which includes the list of zones that you want to be alerted on.

• You can also search for and add domains from your list of business or enterprise zones. The notification will be sent for the domains chosen.
• You can filter events by a targeted action.

Included with

Business and Enterprise plans.

What should you do if you receive one?

Review the information in Security Events to identify any possible attack or misconfiguration.

Limitations

Security Events (WAF) alerts are not sent for each individual events, but only when a spike in traffic reaches the threshold for an alert to be sent.

These thresholds cannot be configured. Z-score is used to determine the threshold.