Companies that use Cloudflare (CDN, Zero Trust + Workers)

Optimizely PayPal AbbVie Notion Affirm Desktop Metal Collibra AllSaints American Century SeaWorld Ahrefs RevisionDojo All Aboard Nebraska Wesleyan

We dug into our own data to find which companies are using Cloudflare in production. Here are real-world examples of how they use it.

Optimizely

Software / MarTech - New York, New York

Optimizely makes a digital experience platform used by over 10,000 brands including H&M, PayPal, Zoom, and Toyota for content management, A/B testing, personalization, and commerce. Their core content delivery product -Optimizely Graph -is a high-traffic SaaS service that powers customer websites and mobile applications with GraphQL APIs and search.

Cloudflare is embedded across Optimizely's infrastructure in several distinct ways. Their DNS is managed through Cloudflare -optimizely.com resolves through harmony.ns.cloudflare.com and doug.ns.cloudflare.com -giving Cloudflare control over routing and protection at the domain level.

Cloudflare Workers are part of the core engineering stack for Optimizely Graph, alongside Kubernetes and TypeScript as the primary technologies the Graph team builds on. Workers handle edge compute for content delivery, keeping latency low for the customer websites and apps that depend on Graph. The Cloudflare Web Analytics beacon also runs on optimizely.com itself, meaning Optimizely uses Cloudflare's analytics tooling to measure their own website traffic.

PayPal

Financial Services - San Jose, California

PayPal is one of the world's largest digital payments platforms, operating across approximately 200 markets and serving hundreds of millions of consumers and merchants globally. At that scale, the infrastructure keeping payments fast, available, and secure is not a simple setup.

PayPal runs a split CDN architecture, with both Fastly and Cloudflare pointed to in their DNS simultaneously. Cloudflare handles bot detection on every visitor in the background, alongside firewall protection, DDoS mitigation, and edge compute through Cloudflare Workers. It is not a backup to Fastly but a parallel layer with its own active responsibilities.

The same pattern holds on the Braintree side, PayPal's developer-focused payments platform. Cloudflare is a named component of the core edge infrastructure stack there, sitting alongside HAProxy and AWS to power the load balancing and proxying layer that handles all global Braintree API traffic. The edge security team manages Cloudflare's WAF, bot management, and DDoS mitigation as active operational work, running it in parallel with Fastly, F5 Silverline, and Radware as part of a multi-vendor edge security posture.

PayPal has also built an MCP server at mcp.paypal.com, running on Cloudflare Agents, which allows AI tools to connect directly to PayPal's systems. It is one of the more prominent deployments of Cloudflare's agentic infrastructure that we have come across.

AbbVie

Pharmaceutical - North Chicago, Illinois

AbbVie is a global biopharmaceutical company with medicines across immunology, oncology, neuroscience, and eye care, including Humira, one of the best-selling drugs in history. Their web presence spans a large public site serving patients, healthcare professionals, and investors across multiple markets.

Cloudflare is deeply integrated across AbbVie's web infrastructure. All static assets on abbvie.com return Server: cloudflare headers, meaning their entire website is served through Cloudflare's network. The Cloudflare Web Analytics beacon also runs on the homepage. The full product suite is in active use: CDN, WAF, Bot Management, Rate Limiting, Cloudflare Access, Argo Smart Routing, Load Balancing, DNS, and SSL/TLS, all managed through infrastructure as code via Terraform.

What makes AbbVie stand out in this report is the depth of the deployment. Most companies use Cloudflare for one or two things. AbbVie runs the full stack, with a dedicated Cloudflare engineering function responsible for maintaining it. For a pharma company where website availability and security touch patient-facing communications and regulatory obligations, that level of commitment to a single edge provider is notable.

Notion

Software - San Francisco, California

Notion is an all-in-one workspace platform used by millions of people and companies including OpenAI, Toyota, Figma, and Ramp for notes, wikis, project management, and more.

Notion's static assets are served through Cloudflare. They've also built an MCP server at mcp.notion.com on Cloudflare Agents - same pattern as PayPal, letting AI tools connect to their platform.

The most interesting thing we found is buried in their code. Notion fetches feature flags by sending a query to Cloudflare's DNS service and reading the answer from a special record type. DNS was built in the 1980s to translate website names into server addresses - Notion is using it to deliver feature flag settings to the browser instead. There's no extra server to maintain, it's cached and globally distributed by default, and it's genuinely one of the cleverest uses of old technology we've come across.

Affirm

Financial Services - San Francisco, California

Affirm is a buy now, pay later platform used by millions of consumers and tens of thousands of merchants across the US.

Affirm's site runs through Cloudflare's CDN and loads Cloudflare's analytics tracker. They also run Cloudflare's bot protection, which silently checks visitors in the background without showing them a CAPTCHA.

Their email is also routed through Cloudflare - inbound messages go through Cloudflare's servers before reaching Affirm. Their DNS sits on Amazon's Route 53, so Amazon handles the domain name routing while Cloudflare handles the actual web traffic and email.

Desktop Metal

Industrial Manufacturing - Burlington, Massachusetts

Desktop Metal (NYSE: DM) makes industrial 3D printing systems for metal, polymer, and ceramic parts, used by manufacturers in automotive, aerospace, healthcare, and heavy industry.

Desktop Metal runs their site through Cloudflare's CDN, loads Cloudflare's analytics tracker, and uses Cloudflare's bot protection. Their email also routes through Cloudflare - the same setup as Affirm. An industrial manufacturing company running the same stack as a fintech.

Collibra

Software - New York / Brussels

Collibra is a data and AI governance platform used by over 700 companies including banks, hospitals, and government agencies to manage data quality and compliance.

Their DNS runs on Cloudflare, but their actual website traffic goes straight to Amazon's servers - Cloudflare isn't sitting in front of the site. What they do use Cloudflare for is Turnstile, which protects their forms without showing visitors a CAPTCHA, and Cloudflare Zero Trust for controlling internal employee access.

AllSaints

Retail - London, United Kingdom

AllSaints runs their entire site on Cloudflare - DNS, CDN, and all traffic routing go through Cloudflare. They also load Cloudflare's analytics tracker.

They also use Cloudflare Turnstile as a full-page check - visitors can be stopped before the site loads and asked to confirm they're human. For a fashion retailer, this is likely aimed at bots that scrape inventory or snap up limited drops before real customers can.

American Century Investments

Financial Services - Kansas City, Missouri

American Century Investments is an asset management firm managing over $200 billion across equity, fixed income, and multi-asset strategies.

American Century runs their site through Cloudflare's CDN and loads Cloudflare's analytics tracker. They also run Cloudflare's browser check, which shows visitors a "Performing security verification" screen before the site loads - every visit, not just ones that look suspicious. Given they're handling investor accounts, the extra caution makes sense.

SeaWorld

Entertainment - Orlando, Florida

SeaWorld Entertainment operates theme parks and marine animal experiences across the US, including SeaWorld, Busch Gardens, and Aquatica.

SeaWorld runs their full site on Cloudflare - DNS, CDN, and traffic routing all go through Cloudflare, and Cloudflare's analytics tracker loads on every page. Like American Century, they run the browser check that stops visitors before the page loads. For a ticketing site, blocking bots trying to grab reservations before real customers is a reasonable call.

Ahrefs

Software - Singapore

Ahrefs is an SEO toolset used by marketers and agencies worldwide for backlink analysis, keyword research, site auditing, and rank tracking.

Ahrefs runs their full site on Cloudflare and uses Cloudflare Workers. The detail worth noting is that their free backlink checker tool has Cloudflare Turnstile embedded in it. Ahrefs built their business by crawling the web at scale - and they're using bot protection to stop bots from hammering their own tools. They know better than most what that traffic looks like.

RevisionDojo

Education Technology - YC F24

RevisionDojo is an AI-powered study platform for IB students, offering practice questions, study notes, flashcards, and an AI tutor called Jojo. They have 2,000+ paying customers across 180 countries and 2,400 schools.

RevisionDojo runs their site through Cloudflare's CDN and uses Cloudflare Stream to host the product demo video on their homepage - video encoding, delivery, and thumbnail generation all handled by Cloudflare rather than a separate video service.

They also route their error monitoring through Cloudflare - rather than sending crash reports directly to Sentry's servers, the data goes through Cloudflare's infrastructure first. And they use Cloudflare Workers for running code at the edge.

Their MCP server at mcp.revisiondojo.com is built on Cloudflare Agents and requires a login to access, so it's designed for external integrations - third-party AI tools connecting to RevisionDojo's content and student data. For a 10-person YC company, most of the technical stack runs on Cloudflare.

All Aboard

Travel Technology - Stockholm, Sweden

All Aboard is a European train booking platform and API, helping travel companies sell rail tickets across 100+ carriers. They're a team of about 8 people based in Stockholm.

All Aboard runs their entire infrastructure on Cloudflare - DNS, CDN, and all traffic routing go through Cloudflare. They've also built an MCP server at mcp.allaboard.eu on Cloudflare Agents, which lets AI tools connect to their booking platform.

Eight people, a full infrastructure on Cloudflare, and a production MCP server. Cloudflare makes it possible for a tiny team to run all of this without a dedicated ops person.

Nebraska Wesleyan University

Higher Education - Lincoln, Nebraska

Nebraska Wesleyan is a private liberal arts university in Lincoln with around 2,000 students. Their website is the primary front door for prospective students, and like most universities, the homepage needs to make an immediate impression.

The hero video on their homepage - the full-width looping footage that plays the moment a visitor arrives - is served through Cloudflare Stream. Rather than self-hosting video files or routing through a general-purpose CDN, Nebraska Wesleyan delivers that video directly from Cloudflare's platform. The video loads via an iframe pointing to cloudflarestream.com, with autoplay, muted looping, and a preloaded poster frame - the standard setup for a background hero video. For a university where that homepage video is likely a prospective student's first impression of campus life, getting it to load fast and reliably everywhere matters.

Beyond video delivery, Nebraska Wesleyan's site also makes POST requests to Cloudflare's error monitoring endpoint, indicating they are using Cloudflare's application performance and error tracking tooling to monitor how the site behaves in production.

We scanned the homepages of 1.4 million company domains, ranked by employee count, and checked which CDN was serving each one. Here is what the data shows.

How we figured this out

Cloudflare does many things. It is a CDN, a DDoS mitigation service, a Zero Trust security platform, a DNS provider, and increasingly a developer platform. Measuring its market share across all of those products is difficult. But the CDN layer is different: it leaves a clear, detectable fingerprint on every website it serves, making it the cleanest and most reliable way to measure how broadly Cloudflare has been adopted.

When a company routes their website through a CDN, it leaves fingerprints. Response headers like cf-ray for Cloudflare, x-fastly-request-id for Fastly, and DNS CNAME chains pointing to edgekey.net or edgesuite.net for Akamai. These signals are publicly visible to anyone who knows what to look for.

We scanned the homepages of 1.4 million company domains, ranked by number of employees, and checked their response headers and DNS records to determine which CDN, if any, was sitting in front of each one. No surveys, no self-reported data. Just the raw infrastructure signals companies leave on the open web.

The Results

Among companies with 5,000+ employees

Cloudflare dominates the CDN market by site count, and it is not close. Among company homepages running a major CDN, Cloudflare accounts for nearly 3 in every 4. That is a 4-to-1 ratio over Fastly and a 40-to-1 ratio over Akamai.

Part of that is just gravity. Cloudflare's free tier is frictionless. A domain can be onboarded in minutes, and the combination of DDoS protection, SSL, and performance improvement in a single step made it the default choice for companies of every size. It became infrastructure before most alternatives were even in the conversation.

Fastly's 17.4% is concentrated in developer-facing companies and high-traffic consumer platforms. Its edge compute capabilities and real-time purging make it the CDN of choice for companies that need programmable infrastructure rather than a set-and-forget solution.

Akamai's 1.9% overall looks modest, but the enterprise picture tells a different story. Among companies with 5,000 or more employees, Akamai's share surges to nearly 23%, while Fastly drops to 6%. Akamai built its business serving the most demanding infrastructure on the internet, where uptime guarantees, dedicated support, and contractual SLAs matter more than ease of onboarding. Cloudflare's free-tier gravity pulls the overall numbers, but enterprise procurement works differently.

The takeaway: Cloudflare has won the market by volume. Akamai has held the market by importance.

Analysis based on response header and DNS detection across 1,400,000 company domains ranked by employee count. Data collected and analyzed by Bloomberry.com.