Skip to main content
mcpFirst-partyLow risk Safety Privacy
Cloudflare logo

Cloudflare MCP Server - MCP Servers

Build applications, analyze traffic, and manage security settings through Cloudflare

HarnessClaude CodeCodexCursorClaude Desktop

Citation facts

Source-backed facts for citing this resource, derived directly from the registry — also available as plain text for AI assistants.

Source URLs
https://developers.cloudflare.com/agents/model-context-protocol/cloudflare/servers-for-cloudflare/, https://github.com/JSONbored/awesome-claude/blob/main/content/mcp/cloudflare-mcp-server.mdx
Brand
Cloudflare
Brand domain
cloudflare.com
Brand asset source
brandfetch
Package URL
/downloads/mcp/cloudflare-mcp-server.mcpb
Package SHA256
06a4d88be66de572abcbfe34634a8ce927597249e591ec5717ef6b9c6a520212
Safety notes
Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.
Privacy notes
Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.
Author
Cloudflare
Claim status
unclaimed
Last verified
2025-09-18

Decision playbook

Ready to evaluate for your workflow

Signals are comparatively strong, but you should still validate source, privacy posture, and package provenance for your environment.

Compare context
Selected

0

Current score

96

Baseline

Delta

No baseline selected

No major trust-signal divergence detected in the current selection.

Source and provenance checks

Complete

Confirm ownership and provenance before trusting install instructions.

  • Source link availableRequired

    Open the canonical repository and verify ownership.

    Done
  • Source provenance statusRequired

    Marked as first-party.

    Done
  • Metadata reviewed

    Registry metadata indicates a reviewed listing.

    Done

Safety and privacy checks

Complete

Validate risk disclosures before installation or API wiring.

  • Safety notes presentRequired

    Review the listed safety guidance before running commands.

    Done
  • Privacy notes presentRequired

    Review data handling notes before connecting accounts or secrets.

    Done
  • Trust level risk gateRequired

    Trust level does not block evaluation.

    Done

Package and install checks

Complete

Check package metadata and artifact integrity signals.

  • Install payload available

    Install or copy payload is available for review.

    Done
  • Package verification flag

    Package marked verified.

    Done
  • Checksum metadata

    SHA-256 hash is present.

    Done

Compare-driven decision checks

Needs review

Use compare context to validate trade-offs before adoption.

  • Compare tray has multiple entries

    Add at least one more entry to compare trust differences.

    Pending
  • Baseline comparison available

    No baseline peer selected yet.

    Pending
  • Diverging trust signals identified

    No major trust-signal divergence found.

    Pending

Setup at a glance

Package install

Copy-ready — paste the snippet to get started.

2 minutes

Install command

Provided

Config snippet

Provided

Copy snippet

Provided

Prerequisites

10 to clear

Platforms

4 listed

Difficulty

5/100

Adoption plan

Balanced adoption plan

Current risk score 0/100. Use staged verification before broader rollout.

Risk 0

Pre-adoption checks

Validate source and review signals before any execution.

  • Confirm source provenanceRequired

    Source URL/provenance metadata is present.

    Done
  • Confirm metadata review state

    Listing has review metadata.

    Done
  • Verify install payload

    Install/config payload exists and can be inspected.

    Done

Security checks

Confirm safety, privacy, and package integrity signals.

  • Review safety notesRequired

    Safety notes are present.

    Done
  • Review privacy notesRequired

    Privacy notes are present.

    Done
  • Verify package integrity metadata

    Package verification/checksum metadata is available.

    Done

Rollout

Adopt in controlled steps based on the selected plan.

  • Run in isolated sandbox firstRequired

    Use a constrained sandbox and observe behavior across multiple tasks.

    Pending
  • Roll out graduallyRequired

    Roll out to a small cohort before wider usage.

    Pending
  • Set monitoring and fallback

    Define rollback path and monitor errors after adoption.

    Pending

Evidence readiness

Evidence readiness matrix · balanced

Required evidence gates are covered (6/6 signals complete).

Risk 0

Source provenance

Present

Source repository/provenance is listed.

Required in this preset

Metadata review

Present

Review metadata is present.

Required in this preset

Safety notes

Present

Safety notes are present.

Required in this preset

Privacy notes

Present

Privacy notes are present.

Optional in this preset

Package integrity

Present

Package integrity metadata is present.

Optional in this preset

Install payload

Present

Install payload is available.

Required in this preset

Required evidence gates are covered for this preset.

Decision timeline

Decision timeline · balanced

6/6 steps complete with no blocking gaps for this preset.

Risk 0

triage

Confirm source provenanceRequired

Source/provenance metadata is available.

Done

triage

Check metadata review statusRequired

Review metadata is available.

Done

verify

Review safety notesRequired

Safety notes are available.

Done

verify

Review privacy notes

Privacy notes are available.

Done

verify

Validate package integrity metadata

Package integrity metadata is available.

Done

rollout

Verify install payload and commandsRequired

Install payload is available.

Done

No required blockers for this timeline preset.

Prerequisite readiness

Prerequisite readiness

10 prerequisites to line up before setup. Have accounts and credentials ready first.

0/10 ready
Account & credentials4Install & runtime1Configuration2Network & hosting1General22 minutes

Safety & privacy surface

Safety & privacy surface

1 safety and 1 privacy notes across 2 risk areas. Review closely: credentials & tokens.

2 areas
  • SafetyCredentials & tokensUse a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.
  • PrivacyData retentionZone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.

Safety notes

  • Use a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.

Privacy notes

  • Zone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.

Prerequisites

  • Cloudflare account with active zones
  • Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  • Cloudflare Account ID (found in Cloudflare dashboard)
  • Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
  • Internet connection for accessing Cloudflare API (https://api.cloudflare.com endpoints)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Rate limit awareness: 1,200 requests per 5 minutes (global limit, ~4 requests per second)
  • Understanding of Cloudflare zones, DNS records, Workers, Pages, and security settings
  • Appropriate API token permissions (read, write, deploy as needed for target operations)
  • Content-Type: application/json header for API requests and Bearer authentication (not email/key pair)

Schema details

Install type
package
Reading time
1 min
Difficulty score
5
Troubleshooting
Yes
Breaking changes
No
Package metadata
Package verified
Yes
SHA-256
06a4d88be66de572abcbfe34634a8ce927597249e591ec5717ef6b9c6a520212
Skill and platform metadata
Retrieval sources
https://developers.cloudflare.com/agents/model-context-protocol/mcp-servers-for-cloudflare/
Collection metadata
Estimated setup
2 minutes
Difficulty
beginner
Full copyable content
{
  "cloudflare": {
    "env": {
      "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
      "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
    },
    "args": [
      "-y",
      "@cloudflare/mcp-server-cloudflare"
    ],
    "command": "npx"
  }
}

About this resource

Content

Manage Cloudflare services and configurations through Claude for comprehensive infrastructure control.

Features

  • Configure DNS settings and records
  • Manage security rules and WAF
  • Analyze traffic patterns and metrics
  • Control caching behavior and purging
  • Deploy Workers and Pages
  • Advanced Cloudflare zone and DNS management with CDN configuration, security rules, and analytics integration
  • Batch operations support for efficient bulk DNS record creation, updates, and cache purging with automatic rate limit handling and retry logic
  • Real-time configuration synchronization capabilities with webhook integration support for monitoring zone changes and triggering automated workflows

Use Cases

  • Deploy edge functions globally
  • Configure WAF rules for security
  • Manage DNS records programmatically
  • Analyze attack patterns and threats
  • Optimize site performance with caching
  • Build automated infrastructure management workflows that sync external systems with Cloudflare zones for real-time DNS and security configuration

Installation

Claude Code

  1. claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID
  2. Verify installation: claude mcp list
  3. Test connection: claude mcp status cloudflare

Claude Desktop

  1. Get your Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  2. Find your Account ID in the Cloudflare dashboard
  3. Open Claude Desktop configuration file
  4. Add the Cloudflare MCP server configuration with your credentials
  5. Restart Claude Desktop

Requirements

  • Cloudflare account with active zones
  • Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  • Cloudflare Account ID (found in Cloudflare dashboard)
  • Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
  • Internet connection for accessing Cloudflare API (https://api.cloudflare.com endpoints)
  • Claude Desktop 0.7.0+ or Claude Code with MCP support
  • Rate limit awareness: 1,200 requests per 5 minutes (global limit, ~4 requests per second)
  • Understanding of Cloudflare zones, DNS records, Workers, Pages, and security settings
  • Appropriate API token permissions (read, write, deploy as needed for target operations)
  • Content-Type: application/json header for API requests and Bearer authentication (not email/key pair)

Configuration

{
  "cloudflare": {
    "env": {
      "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
      "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
    },
    "args": ["-y", "@cloudflare/mcp-server-cloudflare"],
    "command": "npx"
  }
}

Examples

Add DNS record for subdomain

Common usage pattern for this MCP server

Ask Claude: "Add DNS record for subdomain"

Deploy Worker script

Common usage pattern for this MCP server

Ask Claude: "Deploy Worker script"

Show traffic analytics

Common usage pattern for this MCP server

Ask Claude: "Show traffic analytics"

Configure firewall rule

Common usage pattern for this MCP server

Ask Claude: "Configure firewall rule"

Create DNS Record

Create a new Cloudflare DNS A record with TTL configuration

// Create Cloudflare DNS record
const record = await cloudflare.dns.records.create({
  zone_id: "zone-id",
  type: "A",
  name: "example.com",
  content: "192.0.2.1",
  ttl: 3600,
});

Security

  • Use API tokens with minimal scope
  • Enable 2FA on Cloudflare account
  • Regular security audits recommended
  • Monitor API usage and rate limits
  • Cloudflare API tokens and Global API keys must be securely stored and never exposed in client-side code or public repositories - use environment variables and secure credential management
  • Cloudflare API tokens should be scoped with minimal required permissions following the principle of least privilege - regularly audit API token permissions and remove unused tokens
  • Cloudflare zone IDs and account IDs may expose infrastructure architecture and domain information - ensure Cloudflare resource IDs are kept private and not shared in public configurations
  • Rate limiting and API quota management are critical for Cloudflare MCP servers - implement proper rate limit handling, retry logic, and quota monitoring to prevent service disruption
  • Cloudflare webhook configurations and payloads may contain sensitive DNS and security configuration data - ensure webhook endpoints are properly secured with authentication and HTTPS encryption

Troubleshooting

HTTP 429 error: API rate limit exceeded for 5 minutes

Cloudflare global rate limit is 1,200 requests per 5 minutes. Wait for 5-minute window to reset. Distribute API calls across time and implement request throttling to stay under 4 requests per second.

Rate limit API error: decoding not yet implemented

Add Content-Type: application/json header to your API request. Verify request body is properly formatted JSON and includes all required parameters for the endpoint.

Error: ratelimit.api.not_entitled for Enterprise features

Contact your Cloudflare Account Team to enable Enterprise rate limiting features. Verify your account tier supports advanced rate limiting or migrate to Ruleset Engine API.

Authentication error: token permission insufficient

Verify API token has Firewall Services Write permission for rate limiting. Check token hasn't expired and regenerate from Cloudflare dashboard if needed. Use Bearer authentication, not email/key pair.

Cannot configure rate limits or firewall rules

Ensure API token has correct zone and account-level permissions. Verify you're using Ruleset Engine API (not deprecated Rate Limiting API) and check account tier supports feature.

Cloudflare MCP server authentication errors with API tokens

Verify API token is valid and not expired. Check token permissions match required operations. Ensure token format is correct (Bearer token in Authorization header). For Global API keys, verify email and key combination is correct.

Cloudflare rate limit errors when managing large zones

Implement exponential backoff retry logic with jitter. Use batch operations to reduce API calls. Cache frequently accessed zone data. Monitor rate limit headers and adjust request frequency accordingly. Cloudflare allows 1,200 requests per 5 minutes per API token.

Cloudflare zone or DNS record access denied errors

Verify API token has access to the zone and account. Check zone permissions and account membership. Ensure API token scopes include required zone and DNS permissions.

Cloudflare MCP server connection timeouts or network errors

Check network connectivity and firewall settings. Verify Cloudflare API endpoints are accessible. Increase request timeout values. Implement connection pooling and retry mechanisms with exponential backoff.

Source citations

Add this badge to your README

Show that Cloudflare MCP Server - MCP Servers is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/mcp/cloudflare-mcp-server.svg)](https://heyclau.de/entry/mcp/cloudflare-mcp-server)

How it compares

Cloudflare MCP Server - MCP Servers side by side with 2 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

2 trust signals differ across this comparison (Package trust, Source provenance).

Field

Build applications, analyze traffic, and manage security settings through Cloudflare

Open dossier

Connect Claude to DigitalOcean — manage Apps, Droplets, managed Databases, Kubernetes, Container Registry, networking, and Functions — with DigitalOcean's official Model Context Protocol server.

Open dossier

Create, deploy, and manage websites on Netlify platform

Open dossier
Next steps
Trust
Review statusReviewedMaintainer reviewedReviewedMaintainer reviewedReviewedMaintainer reviewed
Package trustDiffersPackage verifiedPackage not verifiedPackage verified
Source provenanceDiffersSource-backedSource-backedNo submission link
Submitter
Install riskLow riskReview firstLow risk
Notes Safety Privacy Safety Privacy Safety Privacy
BrandCloudflare logoCloudflareKubernetes logoKubernetesNetlify logoNetlify
Categorymcpmcpmcp
Sourcefirst-partysource-backedfirst-party
AuthorCloudflareDigitalOceanNetlify
Added2025-09-182026-06-172025-09-18
Platforms
Claude CodeCodexCursorClaude Desktop
Claude CodeClaude Desktop
Claude CodeClaude Desktop
Source repo
Safety notesUse a least-privilege Cloudflare token because DNS, security, Worker, and deployment actions can affect production services.Tools can create, update, restart, and delete live infrastructure (Apps, Droplets, Databases) — scope the API token and select only the --services you need. Destructive actions (delete, rollback) act on production resources; confirm before running them through Claude.Scope Netlify team and site permissions because deploy, environment, and domain changes can affect production websites.
Privacy notesZone settings, analytics, logs, account identifiers, deployment metadata, and security configuration may be sent through model context.Resource metadata, logs, and metrics enter the MCP client context and the model's prompt. The DIGITALOCEAN_API_TOKEN is a secret — store it in the client config or environment, never in shared repositories.Build logs, deployment history, site metadata, environment variable names, domains, and team details may be exposed.
Prerequisites
  • Cloudflare account with active zones
  • Cloudflare API Token from https://dash.cloudflare.com/profile/api-tokens
  • Cloudflare Account ID (found in Cloudflare dashboard)
  • Node.js and npm/npx available for running the @cloudflare/mcp-server-cloudflare package
  • A DigitalOcean account.
  • A DigitalOcean API token (DIGITALOCEAN_API_TOKEN) with the scopes for the services you enable.
  • Node.js (npx) to run @digitalocean/mcp, or use the hosted remote endpoint.
  • An MCP client such as Claude Code or Claude Desktop.
  • Netlify account (free, Personal, or Pro plan)
  • Personal Access Token (PAT) or OAuth2 credentials (generate from Applications > Personal access tokens)
  • HTTP transport support (remote MCP server at https://netlify-mcp.netlify.app/mcp)
  • Internet connection (remote Netlify API access required)
Install
claude mcp add cloudflare --env CLOUDFLARE_API_TOKEN=YOUR_TOKEN --env CLOUDFLARE_ACCOUNT_ID=YOUR_ACCOUNT_ID && claude mcp list
claude mcp add digitalocean -e DIGITALOCEAN_API_TOKEN=<your-token> -- npx -y @digitalocean/mcp --services apps,droplets,databases
claude mcp list && claude mcp status netlify
Config
{
  "mcpServers": {
    "cloudflare": {
      "env": {
        "CLOUDFLARE_API_TOKEN": "${CLOUDFLARE_API_TOKEN}",
        "CLOUDFLARE_ACCOUNT_ID": "${CLOUDFLARE_ACCOUNT_ID}"
      },
      "args": [
        "-y",
        "@cloudflare/mcp-server-cloudflare"
      ],
      "command": "npx",
      "type": "stdio"
    }
  }
}
{
  "mcpServers": {
    "digitalocean": {
      "command": "npx",
      "args": ["-y", "@digitalocean/mcp", "--services", "apps,droplets,databases"],
      "env": {
        "DIGITALOCEAN_API_TOKEN": "<your-token>"
      }
    }
  }
}
{
  "mcpServers": {
    "netlify": {
      "url": "https://netlify-mcp.netlify.app/mcp",
      "type": "http"
    }
  }
}
Citations
ClaimUnclaimedUnclaimedUnclaimed
Open 3 picks in the interactive comparison tool

Related guides

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.