Cloudflare Docs
Cloudflare Fundamentals
Visit Cloudflare Fundamentals on GitHub
Set theme to dark (⇧+D)

Available Notifications

Available Notifications depend on your Cloudflare plan. Cloudflare offers a variety of Notifications for our products and services, such as Billing, Denial-of-Service protection, Magic Transit, and SSL/TLS.

Depending on your plan, you will also be able to configure webhooks (which allow you to connect your account with external services such as Slack and Google Chat) and PagerDuty to receive Cloudflare Notifications.

​​ Actions available on receiving a Notification

Each Notification carries different types of information about the status of your Cloudflare account, or the type of action you can take.

Refer to information below to understand what each Notification does and what to do when receiving one.

​​ Access

Expiring Access Service Token Alert

Who is it for?

Access customers who want to receive a notification when their service token is about to expire.

Other options / filters

None.

Included with

Purchase of Access.

What should you do if you receive one?

Refresh your service token in the Teams dashboard under Configuration > Service Auth.

​​ Billing

Usage Based Billing

Who is it for?

Customers who want to receive a notification when usage of a product goes above a set level.

Other options / filters

Customers can choose the Product they want to be notified about and the threshold that fires the notification. Thresholds depend on the product chosen. For example:

  • Argo Smart Routing: has Notify when total bytes of traffic exceeds as threshold.
  • Load Balancing: has Notify when total number of DNS Queries exceeds as threshold.

Included with

Professional plans or higher.

What should you do if you receive one?

Review your usage of the product and adjust the configuration and/or increase the alerting threshold.

​​ DNS

Secondary DNS all Primaries Failing

Who is it for?

Enterprise customers who have at least one secondary zone in their account and want to receive a notification if all of their primary nameservers are failing.

Other options / filters

None.

Included with

Purchase of Secondary DNS.

What should you do if you receive one?

  1. Confirm that your primary nameservers are up and running.
  2. Confirm that the Access Control Lists (ACLs) on your primary nameservers are configured correctly.
  3. Confirm that your primary nameservers are configured correctly in your Cloudflare account (correct IP, port, TSIG).
Secondary DNS Primaries Failing

Who is it for?

Enterprise customers who have at least one secondary zone and want to receive a notification if at least one of their primary nameservers is failing.

Other options / filters

None.

Included with

Purchase of Secondary DNS.

What should you do if you receive one?

  1. Confirm that the primary nameserver that is failing is up and running.
  2. Confirm that the Access Control Lists (ACLs) on your primary nameservers are configured correctly.
  3. Confirm that the primary nameserver that is failing is configured correctly in your Cloudflare account (correct IP, port, TSIG).
Secondary DNS Successfully Updated

Who is it for?

Enterprise customers who have at least one secondary zone in their account and want to receive a notification on successful zone transfers.

Other options / filters

None.

Included with

Purchase of Secondary DNS.

What should you do if you receive one?

No action needed. Everything is working correctly.

Secondary DNSSEC Validation Warning

Who is it for?

Customers who are using Cloudflare for Secondary DNS and want to receive notifications about failure or success of zone transfers from their primary nameservers.

Other options / filters

None.

Included with

Enterprise plans.

What should you do if you receive one?

Success alerts require no further action. Actions for failure notifications will depend on the type of failure. Possible actions include:

​​ DDoS Protection

HTTP DDoS Attack Alert

Who is it for?

WAF/CDN customers who want to receive a notification when Cloudflare has mitigated an attack.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.
Layer 3/4 DDoS Attack Alert

Who is it for?

BYOIP customers and Spectrum customers with Network Analytics who want to receive a notification when Cloudflare has mitigated an attack.

Other options / filters

None.

Included with

Purchase of Magic Transit and/or BYOIP.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.
Advanced HTTP DDoS Attack Alert

Who is it for?

WAF/CDN customers with the Advanced DDoS add-on who want to receive a notification when Cloudflare has mitigated an attack with certain characteristics.

Other options / filters

  • Customers can choose when to trigger a notification. Available filters are:

    • The zones in the account for which they wish to receive notifications.
    • The specific hostnames for which they wish to receive notifications.
    • The minimum requests-per-second rate that will trigger the alert.

Included with

Enterprise plans.

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.
Advanced Layer 3/4 DDoS Attack Alert

Who is it for?

BYOIP and Magic Transit customers with Network Analytics who want to receive a notification when Cloudflare has mitigated an attack with certain characteristics.

Other options / filters

  • Customers can choose when to trigger a notification. Available filters are:

    • The IP prefixes for which they wish to receive notifications.
    • The specific IP addresses for which they wish to receive notifications.
    • The minimum packets-per-second rate that will trigger the alert.
    • The minimum megabits-per-second rate that will trigger the alert.
    • The protocols for which they wish to receive notifications.

Included with

Purchase of Magic Transit and/or BYOIP (Enterprise plans).

What should you do if you receive one?

No action needed. Refer to DDoS alerts for more information.

​​ Health checks

Health Checks status notification

Who is it for?

Customers who want to be warned about changes to server health as determined by health checks.

Other options / filters

Multiple filters available:

  • Customers can search for and add health checks from their list of health checks.
  • Customers can choose a trigger to fire the notification. Available triggers are:
    • Becomes unhealthy
    • Becomes healthy
    • Becomes either healthy or unhealthy

Included with

Pro plans or higher.

What should you do if you receive one?

Review your health check analytics.

​​ Load Balancing

Pool Enablement

Who is it for?

Customers who want to be warned about status changes (enabled/disabled) in their pools.

Other options / filters

Multiple filters available:

  • Customers can search for and add pools from their list of pools.
  • Customers can also choose the trigger that fires the notification. Available triggers are:
    • Load Balancing pool enabled
    • Load Balancing pool disabled
    • Load Balancing pool enabled / disabled

Included with

All Cloudflare plans with Load Balancing purchase.

What should you do if you receive one?

No direct call to action.

Load Balancing Health Alert

Who is it for?

Customers who want to be warned about changes in health status in their pools or origins.

Other options / filters

Multiple filters available:

  • Customers can search for and add pools from their list of pools, as well as Include future pools (if all pools are selected).
  • Customers can also choose the trigger that fires the notification. Available options are:
    • Health status trigger:
      • Becomes unhealthy or healthy
      • Becomes unhealthy
      • Becomes healthy
    • Event source trigger:
      • Health status changes in either pool or origin
      • Health status changes in pool
      • Health status changes in origin

Included with

All Cloudflare plans with Load Balancing purchase.

What should you do if you receive one?

Evaluate load balancing analytics to review changes in health status over time.

​​ Logpush

Failing Logpush Job Disabled

Who is it for?

This is for any customer who uses Logpush and wants to monitor their job health.

Other options / filters

  • Notification Name
    • Custom name for this notification
  • Description (optional)
    • Custom description for this notification
  • Notification Email (can be multiple emails)
    • Email address of recipient for this notification

Included with

Enterprise plans.

What should you do if you receive one?

In the email for the notification, you can find the destination name for the failing Logpush job. With this destination name, you should be able to figure out which zone this relates to. There can be multiple reasons why a job fails, but it is best to test that the destination endpoint is healthy, and that necessary credentials are still working. You can also check that the destination has allowlisted Cloudflare IPs.

​​ Magic Transit

Flow-based Monitoring: Auto Advertisement

Who is it for?

Magic Transit on-demand customers who use Flow Based Monitoring and want alerts when Magic Transit is automatically enabled.

Other options / filters

None.

Included with

Purchase of Magic Transit.

What should you do if you receive one?

No action is needed. You can go to the dashboard to review the health and status of your tunnels.

Flow-based Monitoring: Volumetric Attack

Who is it for?

Magic Transit On Demand customers who are using Flow Based Monitoring to detect attacks when Magic Transit is disabled.

Other options / filters

None.

Included with

Purchase of Magic Transit.

What should you do if you receive one?

If you do not have auto advertisement enabled, you need to advertise your IP prefixes to enable Magic Transit. For more information, see Dynamic advertisement.

​​ Origin Monitoring

Origin Error Rate Alert

Who is it for?

Enterprise customers who want to receive a notification when Cloudflare is unable to access their origin server.

Other options / filters

Multiple filters available:

  • Customers can search and add domains from their list of domains.
  • Customers can also choose the trigger that fires the notification. Available triggers are:
    • Low sensitivity
    • Medium sensitivity
    • High sensitivity
    • Very High sensitivity

Included with

Enterprise plans.

What should you do if you receive one?

  1. Use the link in the Notification you received to see which error codes Cloudflare is seeing from your origin.
  2. Refer to Troubleshooting Cloudflare 5XX errors to learn how to troubleshoot these errors.

Passive Origin Monitoring

Who is it for?

Any customer who wants to receive a notification when Cloudflare is unable to access their origin.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

Refer to Troubleshooting Cloudflare 5XX errors to learn how to troubleshoot these errors.

​​ Route Leak Detection

Route Leak Detection Alert

Who is it for?

BYOIP customers who want to receive a notification when their prefixes are advertised in places they should not be.

Other options / filters

None.

Included with

Purchase of BYOIP.

What should you do if you receive one?

Confirm your traffic is healthy: reach out to your transit providers to ensure you are behaving as expected and ask them to follow up with any providers accepting the unauthorized routes.

​​ SSL/TLS

Access mTLS Certificate Expiration Alert

Who is it for?

Access customers that use client certificates for mutual TLS authentication.

Other options / filters

None.

Included with

Access and Cloudflare for SaaS.

What should you do if you receive one?

Upload a renewed certificate.

Dedicated SSL Alert

Who is it for?

Customers with dedicated certificates that want to be alerted on validation, issuance, renewal, and expiration of certificates.

Other options / filters

None.

Included with

When a dedicated certificate is validated, issued, renewed, or expired.

What should you do if you receive one?

Action only needed if notification is about a certificate that failed to be issued. Refer to SSL expired or SSL mismatch errors for more information.

Hostname-level Authenticated Origin Pulls Certificate Expiration Alert

Who is it for?

Customers that upload their own certificate to use with hostname-level Authenticated Origin Pull (AOP) to secure connections from Cloudflare to their origin server.

Other options / filters

None.

Included with

Authenticated Origin Pull.

What should you do if you receive one?

Upload a renewed certificate to use for hostname-level AOP.

SSL for SaaS Custom Hostnames Alert

Who is it for?

Customers with custom hostname certificates who want to receive a notification on validation, issuance, renewal, and expiration of certificates.

For more details around data formatting for webhooks, refer to the Cloudflare for SaaS docs.

Other options / filters

None.

Included with

Purchase of Cloudflare for SaaS.

What should you do if you receive one?

You only need to take action if notified that you have a certificate that failed. You can find the reasons why a certificate is not being issued in Troubleshooting SSL errors.

Universal SSL Alert

Who is it for?

Customers with universal certificates who want to receive a notification on validation, issuance, and renewal of certificates.

Other options / filters

None.

Included with

All Cloudflare plans.

What should you do if you receive one?

You only need to take action if notified that you have a certificate that failed. You can find the reasons why a certificate is not being issued in Troubleshooting SSL errors.

Zone-level Authenticated Origin Pulls Certificate Expiration Alert

Who is it for? Customers that upload their own certificate to use with zone-level Authenticated Origin Pull (AOP) to secure connections from Cloudflare to their origin server.

Other options / filters

None.

Included with Authenticated Origin Pull

What should you do if you receive one? Upload a renewed certificate to use for zone-level AOP.

​​ Script Monitor

Script Monitor New Code Change Detection Alert

Who is it for?

Page Shield customers who want to receive a notification when JavaScript dependencies change in the pages of their domain.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Investigate to confirm it is an expected change.

Script Monitor New Domain Alert

Who is it for?

Page Shield customers who want to receive a notification when JavaScript dependencies from new host domains appear in their domain.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Investigate to confirm it is an expected change.

Script Monitor New Malicious Domain Alert

Who is it for?

Page Shield customers who want to receive a notification when JavaScript dependencies from a known malicious domain appear in their domain.

For more information, refer to Detecting malicious scripts.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious scripts, and eventually update the pages where the scripts were detected.

For more information, refer to Review scripts considered malicious.

Script Monitor New Malicious Script Alert

Who is it for?

Page Shield customers who want to receive a notification when Cloudflare classifies JavaScript dependencies in their domain as malicious.

For more information, refer to Detecting malicious scripts.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious scripts, and eventually update the pages where the scripts were detected.

For more information, refer to Review scripts considered malicious.

Script Monitor New Malicious URL Alert

Who is it for?

Page Shield customers who want to receive a notification when JavaScript dependencies from a known malicious URL appear in their domain.

For more information, refer to Detecting malicious scripts.

Other options / filters

None.

Included with

Enterprise plans with paid add-on.

What should you do if you receive one?

Review the information in the Page Shield dashboard about the detected malicious scripts, and eventually update the pages where the scripts were detected.

For more information, refer to Review scripts considered malicious.

Script Monitor New Scripts Alert

Who is it for?

Page Shield customers who want to receive a notification when new JavaScript dependencies appear in their domain.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Investigate to confirm it is an expected change.

Script Monitor New Script Exceeds Max URL Length Alert

Who is it for?

Page Shield customers who want to receive a notification when a script’s URL exceeds the maximum allowed length.

Other options / filters

None.

Included with

Business plans or higher.

What should you do if you receive one?

Manually check the script.

​​ Stream

Stream Live Notifications

Who is it for?

Customers who are using Stream and want to receive webhooks with the status of their videos.

Other options / filters

Customers can input Stream Live IDs to receive notifications only about those inputs. If left blank, customers will receive a list for all inputs.

The following input states will fire notifications. Customers can toggle them on or off:

  • live_input.connected
  • Live_input.disconnected

Included with

Stream subscription.

What should you do if you receive one?

Stream notifications are entirely customizable by the customer. Action will depend on the customizations enabled.

​​ WAF

Advanced Security Events Alert

Who is it for?

Enterprise customers who want to receive alerts about spikes in specific services that generate log entries in firewall events.

For more information, refer to WAF alerts.

Other options / filters

Customers can search for and add domains from their list of enterprise zones. Customers also have to choose which services the alert should monitor (Managed Firewall, Rate Limiting, etc.).

Included with

Enterprise plans.

What should you do if you receive one?

Review the information in Firewall Analytics to identify any possible attack or misconfiguration.

Security Events Alert

Who is it for?

Business and Enterprise customers who want to receive alerts about spikes across all services that generate log entries in firewall events.

For more information, refer to WAF alerts.

Other options / filters

Customers can search for and add domains from their list of business or enterprise zones. The notification will be sent for the domains chosen.

Included with

Business and Enterprise plans.

What should you do if you receive one?

Review the information in Firewall Analytics to identify any possible attack or misconfiguration.

​​ Web Analytics

Weekly summary

Who is it for?

Customers using Web Analytics to monitor their website’s performance.

Other options / filters

None.

Included with

All plans.

What should you do if you receive one?

No action required. This notification is a weekly summary with reports from your Web Analytics account. Refer to Notifications in the Cloudflare dashboard to refine your notifications settings.

​​ Workers

Workers Usage Report

Who is it for?

Developers using Workers, especially those on the Unbound usage model.

Other options / filters

None.

Included with

Workers subscription (free or paid).

What should you do if you receive one?

Check any recent changes to your script or its external dependencies. Usage reports inform users of a sharp increase (25% or more) in key metrics like CPU time.

Workers Weekly Summary

Who is it for?

Developers using Workers.

Other options / filters

None.

Included with

Workers subscription (free or paid).

What should you do if you receive one?

No action is usually required. This notification gives users a high-level overview of their key Workers’ metrics without having to check the dashboard. Possible metrics include account usage and per-worker usage.