Live endpoints showcasing 5 Cloudflare storage and database products. Click any button below to hit the API and see real output.
Interactive version of the "330+ cities, 500 Tbps" slide. ~100 real PoPs with city names, regional facts, backbone connections. Hover any dot for details, hover the stats to highlight related cities. Use this when you need to set the scale early in a call.
Open Global MapQuery a pre-seeded SQLite database. 5 customer rows ready to go.
List Customers Filter by UKList, upload, and read objects. S3-compatible, zero egress fees.
View Image Gallery Drag-and-Drop Upload Live Egress Meter List Objects (JSON)Embed text with Workers AI, store in Vectorize, run similarity search.
Seed Sample Docs Search: "fast database" Search: "protect against attacks"Producer sends a message; consumer logs it. Watch with wrangler tail.
Same query via Hyperdrive (pooled and cached) vs direct connection. See the latency difference live.
Sample Query Cache Demo Race: Direct vs Hyperdrive Live Race (streaming)If your primary LLM provider goes down, AI Gateway automatically routes to a fallback. Zero downtime for your users.
Fallback DemoVisual world map showing how traffic flows from any region to a US datacenter — with Argo on vs. off. See the hop count, latency, and packet loss difference live.
Open Path ComparisonVisual walkthrough of how to onboard EC2, on-prem, or any internal server into Zero Trust. Three patterns side-by-side: cloudflared, Mesh, Magic WAN — with architecture diagrams and install commands.
Open Onboarding FlowWhat an employee actually sees when accessing a protected app. Animated flow: type URL → IdP → posture check → app loads. Total time under 5 seconds. Answers the "is this annoying for my users?" question.
Run User FlowPlug in your seat count, current VPN cost, and bandwidth. See the annual savings vs. traditional VPN + endpoint stack live. Designed for the "what does this actually cost?" question from finance.
Open CalculatorSplit-screen visual: admin adds contractor (left) → contractor gets email, clicks magic link, enters OTP, app loads (right). Both animate in parallel. End-to-end time under 60 seconds. Auto-expires when project ends.
Run Contractor FlowAnimated comparison answering "what's the difference between Cloudflare's CDN/DNS stuff and Zero Trust?" Two views: public website with DDoS / WAF / Bot / cache pipeline filtering anonymous internet traffic, and internal app with identity / device posture / per-app policy / tunnel pipeline gating authenticated users. Same network underneath, different jobs on top. Toggle, animate, or side-by-side.
Open ComparisonA contractor with no Cloudflare client gets full SSH (Linux) or RDP (Windows) into your internal servers — through a URL only. Two animated modes: simulated terminal with typing commands, and Windows desktop with mouse clicks. Live audit log on the right shows every command and click being recorded. Demonstrates Cloudflare Access's clientless browser rendering for SSH and RDP.
Run SSH/RDP DemoSpin up a Dynamic Worker on demand, run customer-supplied code in it, control exactly what it can talk to on the network. Three scenarios: block all egress, allow-list one domain, or inject credentials so the child code never sees the secret. This is a real working Dynamic Worker — paste code and watch it execute (or get blocked) live.
Run Dynamic Workers DemoTwo diagrams, same shapes, different outcomes. "The Old Way" shows castle-and-moat VPN with concentrator bottleneck, hairpinned cloud egress, and full network access risk. "The Cloudflare Way" shows the Zero Trust + SASE architecture: WARP / clientless access, inline security stack, origin-agnostic connection methods, and unified visibility. Toggle views or see them side-by-side. Includes 90-second talk tracks for each diagram.
Open ComparisonSimulated /graphql endpoint that enforces Cloudflare's documented size + depth limits (size > 30, depth > 7). Run scripts/graphql-attack.sh to hit it with four payloads (benign / oversized / deeply-nested / both). Returns a real-looking 403 with rule name, observed query_size, query_depth, and matched_expression in the JSON body.
Same credential-harvesting attack, three defensive postures: no protection (credentials stolen), Email Security on (quarantined before inbox), and Email Security + Browser Isolation (zero-day slips through but keystrokes blocked in remote browser). Toggle scenarios, hit Run, watch the outcome change.
Run Phishing Demo