Last verified
Cloudflare MCP Server
VerifiedManage Workers, DNS, observability, and the full Cloudflare platform from inside Claude
Install
Add https://mcp.cloudflare.com/mcp to your MCP client configTools exposed
- workers_get
- workers_deploy
- workers_list
- kv_get
- kv_put
- d1_query
- r2_object_get
- radar_get_traffic_summary
- browser_screenshot
- docs_search
Requires env vars
- CLOUDFLARE_API_TOKEN
"Cloudflare exposes 2,500 API operations via MCP — one of the widest tool surfaces in the ecosystem."
Cloudflare’s MCP Suite
Cloudflare runs its own MCP servers as deployed Workers applications. You get Workers, KV, R2, D1, Radar, Logpush, browser rendering, and documentation search — all without installing a local binary. As of mid-2026, Cloudflare maintains more than a dozen distinct endpoints, each scoped to a product area. The primary endpoint at mcp.cloudflare.com covers 2,500+ API operations, formatted for token efficiency so long operation lists don’t exhaust context windows.
For devops-and-infra teams already routing infrastructure through Cloudflare, this integration removes the context switch between Claude and the Cloudflare dashboard. Pair it with the Sentry MCP server to correlate Workers error rates with actual stack traces.
How does it work?
Add the server URL to your MCP client config (Claude Desktop, Claude Code, or Cursor) alongside a Cloudflare API token. Authentication runs over OAuth or API token headers — no environment variable juggling in most clients.
Server catalog
| Server | URL | What it covers |
|---|---|---|
| General API | mcp.cloudflare.com/mcp | 2,500+ Cloudflare API endpoints |
| Workers Bindings | bindings.mcp.cloudflare.com/mcp | Storage, AI, and compute primitives |
| Workers Builds | builds.mcp.cloudflare.com/mcp | CI/CD insights and build management |
| Observability | observability.mcp.cloudflare.com/mcp | Logs and analytics debugging |
| Radar | radar.mcp.cloudflare.com/mcp | Internet traffic trends and URL scans |
| Browser Rendering | browser.mcp.cloudflare.com/mcp | Fetch pages, convert to Markdown, screenshot |
| Documentation | docs.mcp.cloudflare.com/mcp | Up-to-date Cloudflare reference search |
Transport and legacy SSE
All servers support streamable-http as the primary transport via the /mcp path. A legacy /sse endpoint remains available but is deprecated. Prefer streamable-http for new integrations.
When to use it
This integration makes most sense when your project runs on Cloudflare Workers and you want Claude to inspect live infrastructure, deploy code changes, query D1 databases, or investigate traffic anomalies — all without opening the dashboard. The Observability server is useful for on-call sessions: it surfaces Workers log data directly in Claude’s context, so “what spiked at 14:00 UTC?” gets an answer without a separate tab.
Teams building on Cloudflare’s developer-tools stack — Workers, KV, R2, D1 — get the most from this integration, especially when combined with the GitHub MCP server for repository-to-deployment workflows.
Frequently asked questions
Does the Cloudflare MCP server support both SaaS and self-hosted?
Cloudflare’s platform is SaaS-only, so all MCP servers target the public Cloudflare API at api.cloudflare.com. There is no self-hosted option. For on-premise infrastructure tooling, the Sentry MCP server supports private deployments.
How do I limit the server to read-only operations?
Scope your Cloudflare API token to read-only permissions for the products you need. The MCP server passes your token to the Cloudflare API verbatim — token permissions are the access control layer. Narrow API token scopes before sharing a token with any automated system.
Is the Workers Bindings server the same as the general API server?
No. The Workers Bindings server provides workflow-oriented tools for building Workers apps: attaching KV namespaces, configuring AI gateway bindings, managing D1 connections. The general API server at mcp.cloudflare.com provides broad coverage but with thinner tool descriptions. Use Bindings for active development, the general API for one-off queries across Cloudflare products.
Frequently asked questions
Do I need to install anything to use the Cloudflare MCP server?
No local install is required. The servers run remotely at subdomains like mcp.cloudflare.com, bindings.mcp.cloudflare.com, and radar.mcp.cloudflare.com. Add the relevant URL to your MCP client configuration and authenticate with a Cloudflare API token that has the appropriate permissions.
Can the Cloudflare MCP server deploy changes to my Workers account?
Yes. The Workers Bindings server includes write tools that can deploy code changes, update environment variables, and manage bindings. Scope your API token to only the permissions your workflow needs — read-only tokens disable destructive operations at the API level.
Which Cloudflare MCP server endpoint should I use for general tasks?
The top-level endpoint at mcp.cloudflare.com covers the broadest surface: 2,500+ API operations across all Cloudflare products in a token-efficient format. Use product-specific endpoints (bindings, radar, observability) when you need deeper coverage of one product area with richer tool descriptions.