Cloudflare has released its 2025 Radar Year in Review, reporting 19% global internet traffic growth, surging AI crawler activity, record-setting DDoS attacks, and a jump in post-quantum encryption adoption.
Cloudflare published the 2025 Cloudflare Radar Year in Review on December 15, 2025, summarizing internet trends it observed across traffic, AI, adoption and usage, connectivity, security, and email security. The review covers January 1 to December 2, 2025, and draws on Cloudflare’s global footprint—330 cities in 125+ countries/regions—and data generated by its web and DNS services.
What Cloudflare measured and why it matters?
Cloudflare says its network handles 81+ million HTTP requests per second on average (129+ million at peak) and responds to roughly 67 million DNS queries per second, giving it a wide-angle view of how the internet behaves at scale. The year-in-review format turns those signals into a look-back with charts and country-level comparisons across more than 200 locations where data is sufficient.
That scope matters in 2025 because the report ties several themes together: rising reliance on a small set of platforms, growing automation from bots and AI crawlers, intensifying attack volume, and major changes underway in encryption to prepare for future risks.
Key 2025 findings at a glance
| Metric (2025) | What Cloudflare reported | Why it matters |
| Global internet traffic | +19% for the year, with acceleration starting in mid-August | Growth is increasingly “back-half loaded,” stressing networks and services during seasonal peaks. |
| Major outages tracked | 174 major outages globally; almost half tied to government shutdowns | Availability risk is as much political and operational as it is technical. |
| Post-quantum encrypted human web traffic | Reached 52% share | Signals a rapid cryptographic transition happening in real traffic, not just roadmaps. |
| Mitigated traffic | 6% of global traffic on Cloudflare’s network was mitigated | Reflects the scale of filtering needed to keep sites usable amid abuse and policy rules. |
| AI user-action crawling | Increased by 15x+ | Suggests more bots are visiting pages to answer user questions—changing costs and referral dynamics for publishers. |
Internet traffic grew 19%—and growth sped up late in the year
Cloudflare’s traffic trendline (excluding bot traffic) shows relatively modest change through mid-August before accelerating through September, October, and November to peak at 19% growth for the year. Cloudflare notes that the 2025 pace is higher than 2024’s growth and that the late-year acceleration pattern has appeared before, though the timing shifted later in 2025.
The report also highlights how localized events can appear directly in national traffic curves, including rapid drops aligned with shutdowns and infrastructure disruptions.
The most popular internet services: stability at the top, churn in categories
Cloudflare’s companion “Top Internet Services of 2025” analysis ranks services using anonymized DNS data from its 1.1.1.1 resolver, grouped by service and reported across nine categories.
Top 10 overall services in 2025 (Cloudflare ranking)
Cloudflare’s overall top 10 list for 2025 was:
- Google
- Facebook
- Apple
- Microsoft
- Instagram
- AWS
- YouTube
- TikTok
- Amazon
- WhatsApp
Cloudflare notes that the roster stayed consistent with 2024, but positions shifted in the middle—particularly Microsoft and Instagram moving up and TikTok moving down by year-end.
Generative AI: ChatGPT still leads, but rivals reshaped the top 10
Cloudflare’s 2025 generative AI category places ChatGPT/OpenAI at #1, with a more crowded field behind it. The top 10 list includes Claude, Perplexity, and Google Gemini, along with tools like GitHub Copilot, Grok, and DeepSeek.
Cloudflare also reports that ChatGPT climbed in overall domain rank during 2025 and that multiple AI services rose in visibility—an indication that “AI as a destination” is increasingly mainstream, not niche.
AI crawlers changed publisher traffic—and robots.txt became a frontline
Cloudflare’s year-end review separates AI crawling into three purposes: training, search, and user action (bots visiting pages in response to a user’s chatbot request). In 2025, Cloudflare reports user-action crawling grew sharply—over 15x on the year, and 21x from January through early December in the report’s tracked period.
Cloudflare also estimates that AI bots made up 4.2% of HTML requests on average, while Googlebot alone accounted for 4.5%, reflecting its dual role in both search indexing and AI training.
Crawl-to-refer ratios: a measurement publishers are watching
In mid-2025, Cloudflare introduced a “crawl-to-refer ratio” metric designed to show how often a platform crawls compared with how often it sends visitors back to sites. In Cloudflare’s 2025 view, Anthropic reached very high ratios (peaking as high as 500,000:1 in certain periods), while other platforms showed lower or more variable values.
Robots Exclusion Protocol: more “keep out” signs for AI bots
Cloudflare reports that AI crawler user agents were the most frequently fully disallowed in robots.txt files it observed—an indicator that many site owners are actively restricting AI training crawls. The report also points to growing use of partial rules (blocking sections like logins) for major crawlers.
Connectivity: outages rose, and shutdowns remained a major driver
Cloudflare tracked 174 major internet outages around the world in 2025 and reports that almost half were caused by government-directed regional or national shutdowns.
Cloudflare also highlights broader usage patterns, including:
- More than half of request traffic coming from mobile devices in 117 countries/regions.
- Global IPv6 adoption remaining uneven: less than a third of dual-stack requests used IPv6 worldwide, while India exceeded two-thirds.
Security: 2025’s DDoS sizes kept climbing into new territory
Cloudflare’s review says hyper-volumetric DDoS attack sizes grew significantly over 2025, with a wave of “record-breaking” incidents—more than 25 in the year-end highlights.
DDoS “size progression” Cloudflare highlighted in 2025
Cloudflare also ties part of the 2025 spike to large botnets and repeated hyper-volumetric campaigns described in its quarterly DDoS reporting.
Post-quantum encryption hit 52%—and mobile OS changes helped
One of the most consequential changes Cloudflare flags is the rise of post-quantum encrypted web traffic—encryption designed to reduce the risk of “harvest now, decrypt later,” where intercepted traffic could be decrypted in the future if quantum computers can break today’s cryptography. Cloudflare reports that the share of human web traffic that is post-quantum encrypted rose from about 29% in early 2025 to 52% by early December in its measured period, with a major increase aligned with broader rollout of iOS 26.
On the standards side, the U.S. government approved three post-quantum cryptography standards—FIPS 203, 204, and 205—in August 2024, covering key establishment and digital signatures designed to resist future quantum attacks. Apple, meanwhile, documented that its 2025–2026 operating systems (including iOS 26) advertise support for a hybrid, quantum-secure key exchange in TLS 1.3, intended to improve resilience while maintaining compatibility with servers that do not yet support it.
What Cloudflare’s November 18 outage shows about modern dependency
Cloudflare’s year-in-review focuses heavily on external internet behavior, but 2025 also highlighted how disruptions inside major infrastructure providers can ripple outward. On November 18, 2025, Cloudflare reported a significant internal outage beginning at 11:20 UTC, describing failures in core traffic delivery that were not caused by a cyberattack.
Cloudflare traced the trigger to a permissions change in a database system that led to an oversized “feature file” used by its bot management system, which exceeded a software size limit and caused failures until the rollout was stopped and rolled back.
What comes next?
Cloudflare’s 2025 Radar Year in Review points to an internet that is growing fast, increasingly automated, and facing heavier security pressure—while simultaneously upgrading foundational cryptography in production traffic. For publishers and site operators, the combination of higher AI crawling (especially user-action bots), shifting referral dynamics, and the rising use of robots.txt controls suggests a continued push toward clearer access rules, enforceable bot policies, and monetization models that account for machine consumption.
For defenders, the DDoS trendline implies that “peak size” is still rising, and resilience planning needs to treat multi-Tbps bursts as an operational reality, not an edge case. And for the broader ecosystem, the quick move to post-quantum encryption indicates that platform and OS changes can shift the security baseline rapidly—often faster than many organizations’ upgrade cycles—making “crypto agility” and compatibility testing increasingly important.
