Skip to main content Accessibility

Cloudflare Optimizing Content Delivery For At Least 48 Hate Sites Across Europe

Cloudflare, the Internet security giant that specializes in content delivery and optimization has an ambitious goal: to help “power and protect the entire Internet.” 

That goal includes optimizing the content of at least 48 hate websites dedicated to recruiting, organizing and spreading extremist ideologies.

Hate group websites happily utilize Cloudflare’s services. The company is best known for offering protection from DDoS (Distributed Denial of Service) attacks, a frequent — and illegal — tactic used against racist websites by vigilantes seeking to staunch their noxious messaging.

Cloudflare subscriptions, however, come with added benefits, including some of the most effective content optimization available.


As the company describes in “Cloudflare 101,” a post to its support blog, the basic idea behind the service is that Cloudflare acts as an intermediary layer between a website and all of its traffic, including normal visitors, crawlers and bots, and attackers. Normally, when accessing a website, a user types a domain name into his or her browser, the computer queries the DNS (Domain Name Servers) and returns the corresponding IP address for the desired website. Cloudflare accelerates this process by routing initial DNS lookups to its data centers where subscribers’ static web content — including images, CSS, and Javascript — is cached.

Of the 28 European data centers listed on Cloudflare’s website, 24 are located in countries with laws prohibiting either the incitement or promotion of racial hatred or Holocaust denial.

Cloudflare has data centers, physically hosting cached hate content in Berlin, Düsseldorf, Frankfurt, and Hamburg, Germany, for instance, where Section 130, “Incitement to hatred,” of the German Criminal Code bans materials that incite hatred, call for violence against, or assaults the human dignity of several protected classes. The law does not exempt digital hate content stored on Cloudflare’s servers physically located in Germany.

In addition to its German data centers, Cloudflare serves cached hate content in 12 countries (14 additional data centers) with laws banning hate speech or incitement to hatred. Those countries include Netherlands, Belgium, Denmark, Ireland, Finland, Great Britain, France, Norway, Russia, Sweden, and Poland.

In France, the Gayssot Act also criminalizes questioning the existence or size of the Holocaust as it was defined at the Nuremberg Trials. Cloudflare, which protects some of the most trafficked holocaust revisionism sites available, also houses data centers in Marseille and Paris, France.

In addition to France, there are eight countries (13 additional Cloudflare data centers) that may contain and serve cached holocaust denial or revisionist materials despite laws prohibiting such content. Those countries include Netherlands, Greece, Germany, Belgium, Romania, Czech Republic, Austria, and Poland.

Portugal also hosts a Cloudflare data center in Lisbon, which does not explicitly prohibit holocaust denial materials, but does prohibit denying war crimes to incite hatred.

Cloudflare’s leadership is outspoken in its commitment to free speech. In response to accusations of supporting terrorism for providing its services to Kavkaz Center, a Chechen news service that, according to the Russian Federation, publishes materials that incite ethnic hatred, Matthew Prince, CEO of Cloudflare, wrote, “One of the greatest strengths of the United States is a belief that speech, particularly political speech, is sacred. A website, of course, is nothing but speech. … It is not a bomb.”

Hate speech, some of it hosted and protected by Cloudflare, has in fact inspired bombers and mass murders. At least one of those bombers, Anders Breivik, spent time on, until recently the most trafficked neo-Nazi site online, which now proudly uses Cloudflare data centers in Europe to serve its content.

Late last year in an interview with Fortune, Prince responded to a question about responsibility for the sites that it serves by saying that they would only take action against users in violation of United States law.

“I think we have a responsibility to comply with U.S. law and the law of any of the countries in which we operate,” he told Fortune. “When we have a customer who we think might be engaged in an illegal act, we consult with law enforcement organizations.  … We comply with legal orders."

Given that the company is hosting content explicitly banned by the countries that hold its data centers, it appears that Cloudflare may be the party engaged in an illegal act, not its customers.

Cloudflare, which has gone through five funding rounds to the tune of $182.05M from notable venture capital funds like Fidelity Investments and Union Square Ventures, is expected to go public this year. It is valued at over $1 billion.

Additional reporting by Rose Falvey.

DISCLAIMER: The Southern Poverty Law Center previously subscribed to Cloudflare’s services. After learning that Cloudflare protected hate sites, some of which have published personal information and photographs of SPLC employees, the SPLC sought a release from its contract or a policy change from the company. Cloudflare refused both.

Comments or suggestions? Send them to Have tips about the far right? Please email: Have documents you want to share? Please visit: Follow us on Twitter @Hatewatch.