Cloudflare likes to position itself as plumbing. Pipes, not content. Infrastructure, not a publisher. That framing shows up again and again in its newly released H1 2025 Transparency Report on abuse, and to be fair, the company largely sticks to that line. But once you dig into the numbers, it becomes clear that Cloudflare now sits in a place where “just infrastructure” still translates into very real power over what people can and cannot reach online.
The report focuses on how Cloudflare handles abuse complaints, takedown requests, and legal orders across its services. The key distinction Cloudflare keeps hammering home is the difference between hosted content and pass through services. If Cloudflare is simply providing DDoS protection or acting as a CDN, it insists it cannot remove content and usually forwards complaints to the actual hosting provider. If the content is hosted directly on Cloudflare infrastructure, that is when takedowns can and do happen.
That distinction matters, because the internet increasingly runs through Cloudflare whether site owners realize it or not.
One thing that jumps off the page immediately is how much copyright enforcement exploded in the first half of 2025. Cloudflare received nearly 125,000 copyright reports related to hosted content, a massive jump compared to the prior reporting period. More than 54,000 of those resulted in action, and most were tied to unlicensed sports streaming. Cloudflare openly acknowledges that it worked more closely with rightsholders, automated much of the process, and resolved the majority of those cases in under an hour. It also terminated tens of thousands of related storage accounts tied to repeat activity.
This is not a small shift. It signals that piracy enforcement is becoming faster, more automated, and far less visible to the public. Entire streams can disappear almost instantly, often without any human review. Whether that is good or bad likely depends on where you sit, but it is a far cry from the slower, messier takedown process many people still imagine.
Phishing remains Cloudflare’s biggest battlefield by sheer volume. More than 131,000 phishing reports involving hosted content were filed in H1 2025 alone. Cloudflare also acted against tens of thousands of phishing sites on its own initiative, meaning no external complaint was even required. In many cases, visitors are redirected to warning pages rather than the malicious site itself. This is one area where Cloudflare clearly sees itself as an active security gatekeeper, not a neutral pipe, and most users probably appreciate that.
Where things get more politically sensitive is government takedown pressure. On hosted content, Cloudflare reports only two government orders in H1 2025, one from France and one from Belgium, both tied to illegal online gambling. In both cases, Cloudflare says the customers themselves geoblocked the content rather than Cloudflare pulling it globally. That is an important nuance. Cloudflare wants readers to understand that it prefers regional restrictions over global removals whenever possible.
The pressure is heavier on the pass through side. Courts in countries like France, Italy, Belgium, and the United Kingdom issued orders requiring Cloudflare to block access to copyright infringing sites through its CDN services. Cloudflare complied by geoblocking access in those countries and posting interstitial notices explaining why the sites were unavailable. It also makes clear that it considers these measures limited and somewhat symbolic, since sites can simply move off Cloudflare if they want to bypass the blocks.
One red line Cloudflare continues to defend is DNS. Despite repeated legal requests, Cloudflare says it has still never blocked content through its 1.1.1.1 public DNS resolver. The company argues that DNS level blocking would apply globally, affect users outside a given country’s jurisdiction, and set a dangerous precedent. So far, it has chosen to fight those requests rather than comply.
Another area where Cloudflare does not hedge is child sexual abuse material. In H1 2025, the company terminated more than 1,400 domains and over 400 accounts tied to verified CSAM. It also submitted thousands of reports to the National Center for Missing and Exploited Children. There is no ambiguity here and no attempt at neutrality. Cloudflare treats this as a hard stop.
What is notable is what did not happen. Cloudflare reports zero voluntary terminations tied to controversial or harmful speech. None. That runs counter to the popular narrative that infrastructure companies are quietly pulling the plug on sites for ideological reasons. At least in this reporting period, the data does not support that claim.
Still, it would be naive to read this report and conclude that Cloudflare’s role is shrinking. It is expanding. Automation, legal compliance, and the growth of Cloudflare’s own hosting products mean the company is increasingly involved in decisions that shape access to content, even if it does not like to frame it that way.
Cloudflare may not be censoring the internet, but it is absolutely helping define the rules of engagement. And as more of the web flows through a handful of massive infrastructure providers, those rules matter more than ever.
