Cloudflare is a content delivery network, one of many on the web, and it has a variety of uses. Cloudflare themselves say their service can “protect and accelerate” any website. Is that true? Or are the darker rumors true, that using a CDN like that can have a negative effect on your site as a whole.
Let’s take a look at the issue from the inside out. First of all, how does Cloudflare work?
Good timing, subtitle! Cloudflare is a sort of content delivery network (which is essentially a server farm somewhere out there on “the cloud” or more generically just on the internet) that works by taking over your website’s DNS servers. The cloud is, after all, just a computer you don’t own.
When a user tries to visit your site, without a CDN, they make a connection with your web host’s servers. Those servers find the data they’re requesting and serve it to the visitor. This is fine and perfectly functional for most people.
Cloudflare steps in between your website and your users. When they try to visit your site, they are sent to a Cloudflare server, which does some digital magic and refers the visitor on to your site.
That “digital magic” is a mixture of caching data and filtering requests. When a request comes in to pull data from your site, Cloudflare takes a look at that request and checks to see if it matches any known exploitative action profiles. By that, I’m just using fancy words to say it’s a spam filter. It filters out bad bots – letting good ones like Google search crawlers through – and other forms of bad traffic.
This filtering is one of the major features of Cloudflare, in fact. One of the primary uses for the system is to protect your site from DDoS attacks. A DDoS attack is when someone – generally a botnet made up of hundreds or thousands of computers – sends a flood of data requests to your site.
If you don’t have a CDN, those requests are going to slow down your server as it makes repeated data queries. If you don’t have smart caching on or your server is relatively low power – particularly shared servers – then your site might end up crashing entirely.
There are two major reasons someone might DDoS a site. The first is to simply bring it down, either in protest or in malicious actions. Business A and Business B compete, and business B, being shady, decides to DDoS business A so that they can’t attract customers. It’s a ruthless, expensive, and illegal technique. It’s also often used by disgruntled third parties to take down sites.
The other major reason DDoS attacks are used is to expose vulnerabilities in site code. The constant hammering of requests can make the server accidentally process code in a way it shouldn’t, which can give an attacker access to data they wouldn’t otherwise be able to access. This is the more dangerous of the two causes, and it’s one major reason sites use CDNs or high powered servers.
So, Cloudflare protects your site by filtering out bad requests and only referring the good requests, which allows your server to respond much more quickly. Ostensibly, this improvement in site speed is enough to cause a boost to your search rankings, though it will certainly depend on how much of a boost there was.
Now, here’s where we get to some interesting discussions. Logically, if you already have a fast server, you’re reaping as much possible benefit as you can from site speed. If you install Cloudflare, you may have a potential issue on your hand. Think about it like this.
You have two requests to access site A. One of them goes from the client computer through a router, a data center, and a server to reach you. The other goes from the client computer through a router, a data center, the Cloudflare servers, and then to you. All else being equal, the request with the extra step should take longer, right? Even if the response time is measured in milliseconds, it’s still more than zero, so it’s slower.
In order to have absolutely no effect on your site speed – and therefore have no detrimental effect on your site – your site would have to be fast and Cloudflare would have to be so fast as to be imperceptible. In order to have a site speed improvement, your site needs to be slow enough that excess bad requests are slowing it down and that the filtering added by Cloudflare allows it to respond more quickly to good requests.
Seems like a net win, right? Either you get a faster site, or your site stays the same speed but you get protection against spam and DDoS attacks.
Well, there are other considerations as well. For example, what happens if Cloudflare is down? Your site may be up, and your web host reports that your site is up, but clients can’t reach it. It’s effectively down, leading to a loss of business, trust, and value.
Cloudflare has obviously improved their system a lot since 2012, but that doesn’t mean they’re perfect. Every second of downtime is a second where a customer might bounce or a bot might record your site as down. These can be very detrimental hits to your site ranking. One instance of downtime isn’t bad, but repeated instances can delist your site indefinitely.
There are some potential issues with CDNs that come up a lot, some of which aren’t necessarily even real issues. Let’s take a look.
First of all is the myth that having a bunch of sites on the same IP address is bad for SEO. Well, this maybe was the case back in the early 2000s, but these days with the prevalence of shared hosting and CDNs, Google can’t possibly make that a detrimental effect. It’s not going to hurt you no matter how bad the other sites are.
Additionally, Cloudflare monitors the sites in its network and isolates any that are acting up. This prevents Google from delisting everyone for the problems of a few. This quarantine happens by changing the IP of the affected site.
Some people think there’s an issue with caching on a CDN and duplicate content, but that’s not a real thing. Cached content on a distributed set of servers is still all one site and one piece of content. Google doesn’t record content as tied to IP address, geographic location, or anything else. The only tie is to URL. If you have the same content on more than one URL, it’s duplicate. The same content on 100 different IP addresses, but the same URL, is just fine.
Cloudflare and most other CDNs are also intelligent enough to have the “good” bots whitelisted. Google bots won’t be blocked, nor will bots from any other good search engine, including a bunch of minimal specialty search engines that may not even have anything to do with your site. It’s only the malicious and spammy requests that get blocked.
As already mentioned, site speed isn’t necessarily going to be changed by using a CDN. Sometimes using one will speed up your site, and rarely it will slow it down, but only if you’re starting from a highly optimized and incredibly powerful server.
Meanwhile, by blocking bad bots, you’re setting yourself up with more protection beyond just spam comments and DDoS attacks. Scraping, for example, is when a user sends a bot against a site to harvest its juicy data to use on its own spam sites. Scrapers can potentially hurt your site by causing minor duplicate content flags, or by causing you to have a bunch of links from spammy domains. Cloudflare and many other CDNs block these bad bots and prevent your content from being scraped automatically. A legitimate user could scrape each page just fine, but that’s not the kind of effort a spammer usually wants to go through.
Another big possible issue would be the loss of referral data for your visitors in Google Analytics. After all, technically your server sees all of your traffic coming from Cloudflare. Thankfully, though, they have a partnership with Google to allow Analytics to pull data directly, so you don’t lose anything in the filter.
Clourdflare is actually one of the least varied and customizable CDNs out there. They have one service that they do very well, but it’s very much an all-or-nothing thing. You turn it on and get total site protection, or turn it off and get nothing. This is due in part to the way Cloudflare is set up. What you do is create an account with them and tell them what your site is and what your domain is. Then you go to your domain and change name servers so that it points at Cloudflare. Cloudflare then knows that traffic coming into their servers looking for your site will belong to your site, and will filter and redirect it properly.
They do have some advanced features, such as the ability to set up asynchronous loading of scripts. This is a great way to load plugins more quickly, to speed up your site. It’s also not necessarily a CDN feature; you can implement it on your site alone, if you choose.
Minification is another one. The auto minify system in Cloudflare strips excess characters from your scripts, HTML, and CSS files. This maintains all data but removes unnecessary bulk, so the file sizes are smaller and they load faster. On a small site with well-formed code this won’t have much effect at all, but on a poorly coded site or on a massive site it can have large overall benefits.
Cloudflare does support SSL security, which is virtually required to be a secure website today. Site security is a search ranking factor now that, I dare say, will be as important in a few years as site speed is now.
Again, CDNs are generally only useful if your site isn’t hosted on a robust and connected server on its own. If you already have security, high speed, and fast load times, you’re not necessarily going to get much benefit out of a CDN.
Interestingly, this means a larger site has more to gain from Cloudflare, as the larger amount of traffic would benefit from greater filtering. Smaller sites don’t stand to gain quite as much, unless the site speed increase is tangible or they’ve been the target of DDoS attacks in the past.
At the end of the day, we came here to answer a simple question; can Cloudflare hurt your SEO? The answer is a qualified yes. If you have a high end server and established site speed processes like asynchronous loading, you might actually be a little slower with Cloudflare, and thus prone to losing some ranking. On the other hand, most sites will benefit from the security and the speed increase it brings, so your results may vary.
The only time Cloudflare will decidedly hurt your site is if they have spotty uptime for you. You’ll want to make sure to monitor your site availability once you implement Cloudflare, to make sure it isn’t going down on you. If it is, you’ll want to cancel immediately, so you don’t do permanent damage to your site ranking.
In general, though, Cloudflare is much improved over their spotty early days and their uptime tends to be very good outside of the rare occasions of a DDoS. If you’re being DDoSed, though, you have more to deal with than just site speed, so it won’t be a concern.