---
title: Changelogs
image: https://developers.cloudflare.com/cf-twitter-card.png
---

> Documentation Index  
> Fetch the complete documentation index at: https://developers.cloudflare.com/changelog/llms.txt  
> Use this file to discover all available pages before exploring further. 

[Skip to content](#%5Ftop) 

# Changelog

New updates and improvements at Cloudflare.

[ Subscribe to RSS ](https://developers.cloudflare.com/changelog/rss/index.xml) [ View RSS feeds ](https://developers.cloudflare.com/fundamentals/new-features/available-rss-feeds/) 

All products

![hero image](https://developers.cloudflare.com/_astro/hero.CVYJHPAd_26AMqX.svg) 

Feb 16, 2026
1. ### [Content encoding support for Markdown for Agents and other improvements](https://developers.cloudflare.com/changelog/post/2026-02-16-markdown-for-agents-improvements/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)  
When AI systems request pages from any website that uses Cloudflare and has [Markdown for Agents](https://developers.cloudflare.com/fundamentals/reference/markdown-for-agents/) enabled, they can express the preference for `text/markdown` in the request: our network will automatically and efficiently convert the HTML to markdown, when possible, on the fly.  
This release adds the following improvements:

  * The origin response limit was raised from 1 MB to 2 MB (2,097,152 bytes).
  * We no longer require the origin to send the `content-length` header.
  * We now support content encoded responses from the origin.  
If you haven’t enabled automatic Markdown conversion yet, visit the [AI Crawl Control ↗](https://dash.cloudflare.com/?to=/:account/:zone/ai) section of the Cloudflare dashboard and enable **Markdown for Agents**.  
Refer to our [developer documentation](https://developers.cloudflare.com/fundamentals/reference/markdown-for-agents/) for more details.

Feb 16, 2026
1. ### [WAF Release - 2026-02-16](https://developers.cloudflare.com/changelog/post/2026-02-16-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
This week’s release introduces new detections for CVE-2025-68645 and CVE-2025-31125.

**Key Findings**

  * CVE-2025-68645: A Local File Inclusion (LFI) vulnerability in the Webmail Classic UI of Zimbra Collaboration Suite (ZCS) 10.0 and 10.1 allows unauthenticated remote attackers to craft requests to the `/h/rest` endpoint, improperly influence internal dispatching, and include arbitrary files from the WebRoot directory.
  * CVE-2025-31125: Vite, the JavaScript frontend tooling framework, exposes content of non-allowed files via `?inline&import` when its development server is network-exposed, enabling unauthorized attackers to read arbitrary files and potentially leak sensitive information.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                            | Previous Action | New Action | Comments                 |
| -------------------------- | ----------- | -------------- | ------------------------------------------------------ | --------------- | ---------- | ------------------------ |
| Cloudflare Managed Ruleset | ...833761f7 | N/A            | Zimbra - Local File Inclusion - CVE:CVE-2025-68645     | Log             | Block      | This is a new detection. |
| Cloudflare Managed Ruleset | ...950ed8c8 | N/A            | Vite - WASM Import Path Traversal - CVE:CVE-2025-31125 | Log             | Block      | This is a new detection. |

Feb 16, 2026
1. ### [Quick Editor devtools replaced with log viewer](https://developers.cloudflare.com/changelog/post/2026-02-12-quick-editor-dev-tools-deprecation/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
Cloudflare has deprecated the Workers Quick Editor dev tools inspector and replaced it with a lightweight log viewer.  
This aligns our logging with `wrangler tail` and gives us the opportunity to focus our efforts on bringing benefits from the work we have invested in observability, which would not be possible otherwise.  
We have made improvements to this logging viewer based on your feedback such that you can log object and array types, and easily clear the list of logs. This does not include class instances. Limitations are documented in the [Workers Playground docs](https://developers.cloudflare.com/workers/playground/).  
If you do need to develop your Worker with a remote inspector, you can still do this using Wrangler locally. Cloning a project from your quick editor to your computer for local development can be done with the `wrangler init --from-dash` command. For more information, refer to [Wrangler commands](https://developers.cloudflare.com/workers/wrangler/commands/general/#init).

Feb 15, 2026
1. ### [New Best Practices guide for Workers](https://developers.cloudflare.com/changelog/post/2026-02-15-workers-best-practices/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
A new [Workers Best Practices](https://developers.cloudflare.com/workers/best-practices/workers-best-practices/) guide provides opinionated recommendations for building fast, reliable, observable, and secure Workers. The guide draws on production patterns, Cloudflare internal usage, and best practices observed from developers building on Workers.  
Key guidance includes:

  * **Keep your compatibility date current and enable `nodejs_compat`** — Ensure you have access to the latest runtime features and Node.js built-in modules.

  * [  wrangler.jsonc ](#tab-panel-4817)
  * [  wrangler.toml ](#tab-panel-4818)

**JSONC**  
```jsonc  
{  
  "name": "my-worker",  
  "main": "src/index.ts",  
  // Set this to today's date  
  "compatibility_date": "2026-07-01",  
  "compatibility_flags": ["nodejs_compat"],  
}  
```

**TOML**  
```toml  
name = "my-worker"  
main = "src/index.ts"  
# Set this to today's date  
compatibility_date = "2026-07-01"  
compatibility_flags = [ "nodejs_compat" ]  
```

  * **Generate binding types with `wrangler types`** — Never hand-write your `Env` interface. Let Wrangler generate it from your actual configuration to catch mismatches at compile time.
  * **Stream request and response bodies** — Avoid buffering large payloads in memory. Use `TransformStream` and `pipeTo` to stay within the 128 MB memory limit and improve time-to-first-byte.
  * **Use bindings, not REST APIs** — Bindings to KV, R2, D1, Queues, and other Cloudflare services are direct, in-process references with no network hop and no authentication overhead.
  * **Use Queues and Workflows for background work** — Move long-running or retriable tasks out of the critical request path. Use Queues for simple fan-out and buffering, and Workflows for multi-step durable processes.
  * **Enable Workers Logs and Traces** — Configure observability before deploying to production so you have data when you need to debug.
  * **Avoid global mutable state** — Workers reuse isolates across requests. Storing request-scoped data in module-level variables causes cross-request data leaks.
  * **Always `await` or `waitUntil` your Promises** — Floating promises cause silent bugs and dropped work.
  * **Use Web Crypto for secure token generation** — Never use `Math.random()` for security-sensitive operations.  
To learn more, refer to [Workers Best Practices](https://developers.cloudflare.com/workers/best-practices/workers-best-practices/).

Feb 13, 2026
1. ### [Fine-grained permissions for Access policies and service tokens](https://developers.cloudflare.com/changelog/post/2026-02-13-access-policy-service-token-permissions/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Access ](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/)  
Fine-grained permissions for **Access policies** and **Access service tokens** are available. These new resource-scoped roles expand the existing RBAC model, enabling administrators to grant permissions scoped to individual resources.  
#### New roles

  * **Cloudflare Access policy admin**: Can edit a specific [Access policy](https://developers.cloudflare.com/cloudflare-one/access-controls/policies/) in an account.
  * **Cloudflare Access service token admin**: Can edit a specific [Access service token](https://developers.cloudflare.com/cloudflare-one/access-controls/service-credentials/service-tokens/) in an account.  
These roles complement the existing resource-scoped roles for Access applications, identity providers, and infrastructure targets.  
For more information:

  * [Resource-scoped roles](https://developers.cloudflare.com/fundamentals/manage-members/roles/#resource-scoped-roles)
  * [Role scopes](https://developers.cloudflare.com/fundamentals/manage-members/scope/)  
Note  
Resource-scoped roles is currently in beta.

Feb 13, 2026
1. ### [Cloudflare Python SDK v5.0.0-beta.1 now available](https://developers.cloudflare.com/changelog/post/2026-02-13-cloudflare-python-v500-beta1/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ SDK ](https://developers.cloudflare.com/fundamentals/api/reference/sdks/)  
> **Disclaimer:** Please note that v5.0.0-beta.1 is in Beta and we are still testing it for stability.  
Full Changelog: [v4.3.1...v5.0.0-beta.1 ↗](https://github.com/cloudflare/cloudflare-python/compare/v4.3.1...v5.0.0-beta.1)  
In this release, you'll see a large number of breaking changes. This is primarily due to a change in OpenAPI definitions, which our libraries are based off of, and codegen updates that we rely on to read those OpenAPI definitions and produce our SDK libraries. As the codegen is always evolving and improving, so are our code bases.  
There may be changes that are not captured in this changelog. Feel free to open an issue to report any inaccuracies, and we will make sure it gets into the changelog before the v5.0.0 release.  
Most of the breaking changes below are caused by improvements to the accuracy of the base OpenAPI schemas, which sometimes translates to breaking changes in downstream clients that depend on those schemas.  
Please ensure you read through the list of changes below and the migration guide before moving to this version - this will help you understand any down or upstream issues it may cause to your environments.  
#### Breaking Changes

**The following resources have breaking changes. See the [v5 Migration Guide ↗](https://github.com/cloudflare/cloudflare-python/blob/main/docs/v5-migration-guide.md) for detailed migration instructions.**

  * `abusereports`
  * `acm.totaltls`
  * `apigateway.configurations`
  * `cloudforceone.threatevents`
  * `d1.database`
  * `intel.indicatorfeeds`
  * `logpush.edge`
  * `origintlsclientauth.hostnames`
  * `queues.consumers`
  * `radar.bgp`
  * `rulesets.rules`
  * `schemavalidation.schemas`
  * `snippets`
  * `zerotrust.dlp`
  * `zerotrust.networks`  
#### Features  
#### New API Resources

  * `abusereports` \- Abuse report management
  * `abusereports.mitigations` \- Abuse report mitigation actions
  * `ai.tomarkdown` \- AI-powered markdown conversion
  * `aigateway.dynamicrouting` \- AI Gateway dynamic routing configuration
  * `aigateway.providerconfigs` \- AI Gateway provider configurations
  * `aisearch` \- AI-powered search functionality
  * `aisearch.instances` \- AI Search instance management
  * `aisearch.tokens` \- AI Search authentication tokens
  * `alerting.silences` \- Alert silence management
  * `brandprotection.logomatches` \- Brand protection logo match detection
  * `brandprotection.logos` \- Brand protection logo management
  * `brandprotection.matches` \- Brand protection match results
  * `brandprotection.queries` \- Brand protection query management
  * `cloudforceone.binarystorage` \- CloudForce One binary storage
  * `connectivity.directory` \- Connectivity directory services
  * `d1.database` \- D1 database management
  * `diagnostics.endpointhealthchecks` \- Endpoint health check diagnostics
  * `fraud` \- Fraud detection and prevention
  * `iam.sso` \- IAM Single Sign-On configuration
  * `loadbalancers.monitorgroups` \- Load balancer monitor groups
  * `organizations` \- Organization management
  * `organizations.organizationprofile` \- Organization profile settings
  * `origintlsclientauth.hostnamecertificates` \- Origin TLS client auth hostname certificates
  * `origintlsclientauth.hostnames` \- Origin TLS client auth hostnames
  * `origintlsclientauth.zonecertificates` \- Origin TLS client auth zone certificates
  * `pipelines` \- Data pipeline management
  * `pipelines.sinks` \- Pipeline sink configurations
  * `pipelines.streams` \- Pipeline stream configurations
  * `queues.subscriptions` \- Queue subscription management
  * `r2datacatalog` \- R2 Data Catalog integration
  * `r2datacatalog.credentials` \- R2 Data Catalog credentials
  * `r2datacatalog.maintenanceconfigs` \- R2 Data Catalog maintenance configurations
  * `r2datacatalog.namespaces` \- R2 Data Catalog namespaces
  * `radar.bots` \- Radar bot analytics
  * `radar.ct` \- Radar certificate transparency data
  * `radar.geolocations` \- Radar geolocation data
  * `realtimekit.activesession` \- Real-time Kit active session management
  * `realtimekit.analytics` \- Real-time Kit analytics
  * `realtimekit.apps` \- Real-time Kit application management
  * `realtimekit.livestreams` \- Real-time Kit live streaming
  * `realtimekit.meetings` \- Real-time Kit meeting management
  * `realtimekit.presets` \- Real-time Kit preset configurations
  * `realtimekit.recordings` \- Real-time Kit recording management
  * `realtimekit.sessions` \- Real-time Kit session management
  * `realtimekit.webhooks` \- Real-time Kit webhook configurations
  * `tokenvalidation.configuration` \- Token validation configuration
  * `tokenvalidation.rules` \- Token validation rules
  * `workers.beta` \- Workers beta features  
#### New Endpoints (Existing Resources)  
#### `acm.totaltls`

  * `edit()`
  * `update()`  
#### `cloudforceone.threatevents`

  * `list()`  
#### `contentscanning`

  * `create()`
  * `get()`
  * `update()`  
#### `dns.records`

  * `scan_list()`
  * `scan_review()`
  * `scan_trigger()`  
#### `intel.indicatorfeeds`

  * `create()`
  * `delete()`
  * `list()`  
#### `leakedcredentialchecks.detections`

  * `get()`  
#### `queues.consumers`

  * `list()`  
#### `radar.ai`

  * `summary()`
  * `timeseries()`
  * `timeseries_groups()`  
#### `radar.bgp`

  * `changes()`
  * `snapshot()`  
#### `workers.subdomains`

  * `delete()`  
#### `zerotrust.networks`

  * `create()`
  * `delete()`
  * `edit()`
  * `get()`
  * `list()`  
#### General Fixes and Improvements  
#### Type System & Compatibility

  * **Type inference improvements**: Allow Pyright to properly infer TypedDict types within SequenceNotStr
  * **Type completeness**: Add missing types to method arguments and response models
  * **Pydantic compatibility**: Ensure compatibility with Pydantic versions prior to 2.8.0 when using additional fields  
#### Request/Response Handling

  * **Multipart form data**: Correctly handle sending multipart/form-data requests with JSON data
  * **Header handling**: Do not send headers with default values set to omit
  * **GET request headers**: Don't send Content-Type header on GET requests
  * **Response body model accuracy**: Broad improvements to the correctness of models  
#### Parsing & Data Processing

  * **Discriminated unions**: Correctly handle nested discriminated unions in response parsing
  * **Extra field types**: Parse extra field types correctly
  * **Empty metadata**: Ignore empty metadata fields during parsing
  * **Singularization rules**: Update resource name singularization rules for better consistency

Feb 13, 2026
1. ### [Introducing GLM-4.7-Flash on Workers AI, @cloudflare/tanstack-ai, and workers-ai-provider v3.1.1](https://developers.cloudflare.com/changelog/post/2026-02-13-glm-47-flash-workers-ai/)  
[ Workers ](https://developers.cloudflare.com/workers/)[ Agents ](https://developers.cloudflare.com/agents/)[ Workers AI ](https://developers.cloudflare.com/workers-ai/)  
We're excited to announce **GLM-4.7-Flash** on Workers AI, a fast and efficient text generation model optimized for multilingual dialogue and instruction-following tasks, along with the brand-new [**@cloudflare/tanstack-ai** ↗](https://www.npmjs.com/package/@cloudflare/tanstack-ai) package and [**workers-ai-provider v3.1.1** ↗](https://www.npmjs.com/package/workers-ai-provider).  
You can now run AI agents entirely on Cloudflare. With GLM-4.7-Flash's multi-turn tool calling support, plus full compatibility with TanStack AI and the Vercel AI SDK, you have everything you need to build agentic applications that run completely at the edge.  
#### GLM-4.7-Flash — Multilingual Text Generation Model  
[@cf/zai-org/glm-4.7-flash](https://developers.cloudflare.com/workers-ai/models/glm-4.7-flash/) is a multilingual model with a 131,072 token context window, making it ideal for long-form content generation, complex reasoning tasks, and multilingual applications.

**Key Features and Use Cases:**

  * **Multi-turn Tool Calling for Agents**: Build AI agents that can call functions and tools across multiple conversation turns
  * **Multilingual Support**: Built to handle content generation in multiple languages effectively
  * **Large Context Window**: 131,072 tokens for long-form writing, complex reasoning, and processing long documents
  * **Fast Inference**: Optimized for low-latency responses in chatbots and virtual assistants
  * **Instruction Following**: Excellent at following complex instructions for code generation and structured tasks  
Use GLM-4.7-Flash through the [Workers AI binding](https://developers.cloudflare.com/workers-ai/configuration/bindings/) (`env.AI.run()`), the REST API at `/run` or `/v1/chat/completions`, [AI Gateway](https://developers.cloudflare.com/ai-gateway/), or via [workers-ai-provider](https://developers.cloudflare.com/workers-ai/configuration/ai-sdk/) for the Vercel AI SDK.  
Pricing is available on the [model page](https://developers.cloudflare.com/workers-ai/models/glm-4.7-flash/) or [pricing page](https://developers.cloudflare.com/workers-ai/platform/pricing/).  
#### @cloudflare/tanstack-ai v0.1.1 — TanStack AI adapters for Workers AI and AI Gateway  
We've released `@cloudflare/tanstack-ai`, a new package that brings Workers AI and AI Gateway support to [TanStack AI ↗](https://tanstack.com/ai). This provides a framework-agnostic alternative for developers who prefer TanStack's approach to building AI applications.

**Workers AI adapters** support four configuration modes — plain binding (`env.AI`), plain REST, AI Gateway binding (`env.AI.gateway(id)`), and AI Gateway REST — across all capabilities:

  * **Chat** (`createWorkersAiChat`) — Streaming chat completions with tool calling, structured output, and reasoning text streaming.
  * **Image generation** (`createWorkersAiImage`) — Text-to-image models.
  * **Transcription** (`createWorkersAiTranscription`) — Speech-to-text.
  * **Text-to-speech** (`createWorkersAiTts`) — Audio generation.
  * **Summarization** (`createWorkersAiSummarize`) — Text summarization.

**AI Gateway adapters** route requests from third-party providers — OpenAI, Anthropic, Gemini, Grok, and OpenRouter — through Cloudflare AI Gateway for caching, rate limiting, and unified billing.  
To get started:  
```sh  
npm install @cloudflare/tanstack-ai @tanstack/ai  
```  
#### workers-ai-provider v3.1.1 — transcription, speech, reranking, and reliability  
The Workers AI provider for the [Vercel AI SDK ↗](https://ai-sdk.dev) now supports three new capabilities beyond chat and image generation:

  * **Transcription** (`provider.transcription(model)`) — Speech-to-text with automatic handling of model-specific input formats across binding and REST paths.
  * **Text-to-speech** (`provider.speech(model)`) — Audio generation with support for voice and speed options.
  * **Reranking** (`provider.reranking(model)`) — Document reranking for RAG pipelines and search result ordering.

**TypeScript**  
```typescript  
import { createWorkersAI } from "workers-ai-provider";  
import {  
  experimental_transcribe,  
  experimental_generateSpeech,  
  rerank,  
} from "ai";  
const workersai = createWorkersAI({ binding: env.AI });  
const transcript = await experimental_transcribe({  
  model: workersai.transcription("@cf/openai/whisper-large-v3-turbo"),  
  audio: audioData,  
  mediaType: "audio/wav",  
});  
const speech = await experimental_generateSpeech({  
  model: workersai.speech("@cf/deepgram/aura-1"),  
  text: "Hello world",  
  voice: "asteria",  
});  
const ranked = await rerank({  
  model: workersai.reranking("@cf/baai/bge-reranker-base"),  
  query: "What is machine learning?",  
  documents: ["ML is a branch of AI.", "The weather is sunny."],  
});  
```  
This release also includes a comprehensive reliability overhaul (v3.0.5):

  * **Fixed streaming** — Responses now stream token-by-token instead of buffering all chunks, using a proper `TransformStream` pipeline with backpressure.
  * **Fixed tool calling** — Resolved issues with tool call ID sanitization, conversation history preservation, and a heuristic that silently fell back to non-streaming mode when tools were defined.
  * **Premature stream termination detection** — Streams that end unexpectedly now report `finishReason: "error"` instead of silently reporting `"stop"`.
  * **AI Search support** — Added `createAISearch` as the canonical export (renamed from AutoRAG). `createAutoRAG` still works with a deprecation warning.  
To upgrade:  
```sh  
npm install workers-ai-provider@latest ai  
```  
#### Resources

  * [@cloudflare/tanstack-ai on npm ↗](https://www.npmjs.com/package/@cloudflare/tanstack-ai)
  * [workers-ai-provider on npm ↗](https://www.npmjs.com/package/workers-ai-provider)
  * [GitHub repository ↗](https://github.com/cloudflare/ai)

Feb 13, 2026
1. ### [Origin CA certificate support for Workers VPC](https://developers.cloudflare.com/changelog/post/2026-02-13-origin-ca-certificate-support/)  
[ Workers VPC ](https://developers.cloudflare.com/workers-vpc/)  
Workers VPC now supports [Cloudflare Origin CA certificates](https://developers.cloudflare.com/ssl/origin-configuration/origin-ca/) when connecting to your private services over HTTPS. Previously, Workers VPC only trusted certificates issued by publicly trusted certificate authorities (for example, Let's Encrypt, DigiCert).  
With this change, you can use free Cloudflare Origin CA certificates on your origin servers within private networks and connect to them from Workers VPC using the `https` scheme. This is useful for encrypting traffic between the tunnel and your service without needing to provision certificates from a public CA.  
For more information, refer to [Supported TLS certificates](https://developers.cloudflare.com/workers-vpc/configuration/vpc-services/#supported-tls-certificates).

Feb 12, 2026
1. ### [Anycast IPs displayed on the dashboard](https://developers.cloudflare.com/changelog/post/2026-02-12-anycast-ips-on-dashboard/)  
[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Cloudflare WAN now displays your Anycast IP addresses directly in the dashboard when you configure IPsec or GRE tunnels.  
Previously, customers received their Anycast IPs during onboarding or had to retrieve them with an API call. The dashboard now pre-loads these addresses, reducing setup friction and preventing configuration errors.  
No action is required. All Cloudflare WAN customers can see their Anycast IPs in the tunnel configuration form automatically.  
For more information, refer to [Configure tunnel endpoints](https://developers.cloudflare.com/cloudflare-wan/configuration/how-to/configure-tunnel-endpoints/).

Feb 12, 2026
1. ### [Introducing Markdown for Agents](https://developers.cloudflare.com/changelog/post/2026-02-12-markdown-for-agents/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)  
Cloudflare's network now supports real-time content conversion at the source, for enabled zones using [content negotiation ↗](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Content%5Fnegotiation) headers. When AI systems request pages from any website that uses Cloudflare and has Markdown for Agents enabled, they can express the preference for `text/markdown` in the request: our network will automatically and efficiently convert the HTML to markdown, when possible, on the fly.  
Here is a curl example with the `Accept` negotiation header requesting this page from our developer documentation:  
```bash  
curl https://developers.cloudflare.com/fundamentals/reference/markdown-for-agents/ \
  -H "Accept: text/markdown"  
```  
The response to this request is now formatted in markdown:  
```http  
HTTP/2 200  
date: Wed, 11 Feb 2026 11:44:48 GMT  
content-type: text/markdown; charset=utf-8  
content-length: 2899  
vary: accept  
x-markdown-tokens: 725  
content-signal: ai-train=yes, search=yes, ai-input=yes


---  
title: Markdown for Agents · Cloudflare Agents docs
---  
## What is Markdown for Agents  
Markdown has quickly become the lingua franca for agents and AI systems  
as a whole. The format’s explicit structure makes it ideal for AI processing,  
ultimately resulting in better results while minimizing token waste.  
...  
```  
Refer to our [developer documentation](https://developers.cloudflare.com/fundamentals/reference/markdown-for-agents/) and our [blog announcement ↗](https://blog.cloudflare.com/markdown-for-agents/) for more details.

Feb 12, 2026
1. ### [Content Type Dimension for AI Bots in Cloudflare Radar](https://developers.cloudflare.com/changelog/post/2026-02-12-radar-ai-bots-content-type/)  
[ Radar ](https://developers.cloudflare.com/radar/)  
[**Radar**](https://developers.cloudflare.com/radar/) now includes content type insights for AI bot and crawler traffic. The new `content_type` dimension and filter shows the distribution of content types returned to AI crawlers, grouped by MIME type category.  
The content type dimension and filter are available via the following API endpoints:

  * [/ai/bots/summary/content\_type](https://developers.cloudflare.com/api/resources/radar/subresources/ai/subresources/bots/methods/summary%5Fv2/)
  * [/ai/bots/timeseries\_groups/content\_type](https://developers.cloudflare.com/api/resources/radar/subresources/ai/subresources/bots/methods/timeseries%5Fgroups/)  
Content type categories:

  * **HTML** \- Web pages (`text/html`)
  * **Images** \- All image formats (`image/*`)
  * **JSON** \- JSON data and API responses (`application/json`, `*+json`)
  * **JavaScript** \- Scripts (`application/javascript`, `text/javascript`)
  * **CSS** \- Stylesheets (`text/css`)
  * **Plain Text** \- Unformatted text (`text/plain`)
  * **Fonts** \- Web fonts (`font/*`, `application/font-*`)
  * **XML** \- XML documents and feeds (`text/xml`, `application/xml`, `application/rss+xml`, `application/atom+xml`)
  * **YAML** \- Configuration files (`text/yaml`, `application/yaml`)
  * **Video** \- Video content and streaming (`video/*`, `application/ogg`, `*mpegurl`)
  * **Audio** \- Audio content (`audio/*`)
  * **Markdown** \- Markdown documents (`text/markdown`)
  * **Documents** \- PDFs, Office documents, ePub, CSV (`application/pdf`, `application/msword`, `text/csv`)
  * **Binary** \- Executables, archives, WebAssembly (`application/octet-stream`, `application/zip`, `application/wasm`)
  * **Serialization** \- Binary API formats (`application/protobuf`, `application/grpc`, `application/msgpack`)
  * **Other** \- All other content types  
Additionally, individual [bot information pages ↗](https://radar.cloudflare.com/bots/directory/gptbot) now display content type distribution for AI crawlers that exist in both the Verified Bots and AI Bots datasets.  
![Screenshot of the Content Type Distribution chart on the AI Insights page](https://developers.cloudflare.com/_astro/ai-bots-content-type.B7xP9p4S_Z2oYyEM.webp)  
Check out the [AI Insights page ↗](https://radar.cloudflare.com/ai-insights#content-type) to explore the data.

Feb 12, 2026
1. ### [Enhanced Logo Matching for Brand Protection](https://developers.cloudflare.com/changelog/post/2026-02-12-brand-protection-logo-matching-percentage-selector/)  
[ Security Center ](https://developers.cloudflare.com/security-center/)  
We have significantly upgraded our Logo Matching capabilities within Brand Protection. While previously limited to approximately 100% matches, users can now detect a wider range of brand assets through a redesigned matching model and UI.  
#### What's new

  * **Configurable match thresholds**: Users can set a minimum match score (starting at 75%) when creating a logo query to capture subtle variations or high-quality impersonations.
  * **Visual match scores**: Allow users to see the exact percentage of the match directly in the results table, highlighted with color-coded lozenges to indicate severity.
  * **Direct logo previews**: Available in the Cloudflare dashboard — similar to string matches — to verify infringements at a glance.  
#### Key benefits

  * **Expose sophisticated impersonators** who use slightly altered logos to bypass basic detection filters.
  * **Faster triage** of the most relevant threats immediately using visual indicators, reducing the time spent manually reviewing matches.  
Ready to protect your visual identity? Learn more in our [Brand Protection documentation](https://developers.cloudflare.com/security-center/brand-protection/).

Feb 12, 2026
1. ### [Terraform v5.17.0 now available](https://developers.cloudflare.com/changelog/post/2026-02-12-terraform-v5170-provider/)  
[ Cloudflare Fundamentals ](https://developers.cloudflare.com/fundamentals/)[ Terraform ](https://developers.cloudflare.com/terraform/)  
In January 2025, we announced the launch of the new Terraform v5 Provider. We greatly appreciate the proactive engagement and valuable feedback from the Cloudflare community following the v5 release. In response, we have established a consistent and rapid [2-3 week cadence ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/5774) for releasing targeted improvements, demonstrating our commitment to stability and reliability.  
With the help of the community, we have a growing number of resources that we have marked as [stable ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237), with that list continuing to grow with every release. The most used [resources ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237) are on track to be stable by the end of March 2026, when we will also be releasing a new migration tool to help you migrate from v4 to v5 with ease.  
This release brings new capabilities for AI Search, enhanced Workers Script placement controls, and numerous bug fixes based on community feedback. We also begun laying foundational work for improving the v4 to v5 migration process. Stay tuned for more details as we approach the March 2026 release timeline.  
Thank you for continuing to raise issues. They make our provider stronger and help us build products that reflect your needs.  
#### Features

  * **ai\_search\_instance:** add data source for querying AI Search instances
  * **ai\_search\_token:** add data source for querying AI Search tokens
  * **account:** add support for tenant unit management with new `unit` field
  * **account:** add automatic mapping from `managed_by.parent_org_id` to `unit.id`
  * **authenticated\_origin\_pulls\_certificate:** add data source for querying authenticated origin pull certificates
  * **authenticated\_origin\_pulls\_hostname\_certificate:** add data source for querying hostname-specific authenticated origin pull certificates
  * **authenticated\_origin\_pulls\_settings:** add data source for querying authenticated origin pull settings
  * **workers\_kv:** add `value` field to data source to retrieve KV values directly
  * **workers\_script:** add `script` field to data source to retrieve script content
  * **workers\_script:** add support for `simple` rate limit binding
  * **workers\_script:** add support for targeted placement mode with `placement.target` array for specifying placement targets (region, hostname, host)
  * **workers\_script:** add `placement_mode` and `placement_status` computed fields
  * **zero\_trust\_dex\_test:** add data source with filter support for finding specific tests
  * **zero\_trust\_dlp\_predefined\_profile:** add `enabled_entries` field for flexible entry management  
#### Bug Fixes

  * **account:** map `managed_by.parent_org_id` to `unit.id` in unmarshall and add acceptance tests
  * **authenticated\_origin\_pulls\_certificate:** add certificate normalization to prevent drift
  * **authenticated\_origin\_pulls:** handle array response and implement full lifecycle
  * **authenticated\_origin\_pulls\_hostname\_certificate:** fix resource and tests
  * **cloudforce\_one\_request\_message:** use correct `request_id` field instead of `id` in API calls
  * **dns\_zone\_transfers\_incoming:** use correct `zone_id` field instead of `id` in API calls
  * **dns\_zone\_transfers\_outgoing:** use correct `zone_id` field instead of `id` in API calls
  * **email\_routing\_settings:** use correct `zone_id` field instead of `id` in API calls
  * **hyperdrive\_config:** add proper handling for write-only fields to prevent state drift
  * **hyperdrive\_config:** add normalization for empty `mtls` objects to prevent unnecessary diffs
  * **magic\_network\_monitoring\_rule:** use correct `account_id` field instead of `id` in API calls
  * **mtls\_certificates:** fix resource and test
  * **pages\_project:** revert build\_config to computed optional
  * **stream\_key:** use correct `account_id` field instead of `id` in API calls
  * **total\_tls:** use upsert pattern for singleton zone setting
  * **waiting\_room\_rules:** use correct `waiting_room_id` field instead of `id` in API calls
  * **workers\_script:** add support for placement mode/status
  * **zero\_trust\_access\_application:** update v4 version on migration tests
  * **zero\_trust\_device\_posture\_rule:** update tests to match API
  * **zero\_trust\_dlp\_integration\_entry:** use correct `entry_id` field instead of `id` in API calls
  * **zero\_trust\_dlp\_predefined\_entry:** use correct `entry_id` field instead of `id` in API calls
  * **zero\_trust\_organization:** fix plan issues  
#### Chores

  * add state upgraders to 95+ resources to lay the foundation for replacing Grit (still under active development)
  * **certificate\_pack:** add state migration handler for SDKv2 to Framework conversion
  * **custom\_hostname\_fallback\_origin:** add comprehensive lifecycle test and migration support
  * **dns\_record:** add state migration handler for SDKv2 to Framework conversion
  * **leaked\_credential\_check:** add import functionality and tests
  * **load\_balancer\_pool:** add state migration handler with detection for v4 vs v5 format
  * **pages\_project:** add state migration handlers
  * **tiered\_cache:** add state migration handlers
  * **zero\_trust\_dlp\_predefined\_profile:** deprecate `entries` field in favor of `enabled_entries`  
#### For more information

  * [Terraform Provider ↗](https://registry.terraform.io/providers/cloudflare/cloudflare/latest/docs)
  * [Documentation on using Terraform with Cloudflare](https://developers.cloudflare.com/terraform/)
  * [List of stabilized resources ↗](https://github.com/cloudflare/terraform-provider-cloudflare/issues/6237)

Feb 11, 2026
1. ### [Post-quantum encryption support for Cloudflare One Appliance](https://developers.cloudflare.com/changelog/post/2026-02-11-appliance-post-quantum-encryption/)  
[ Cloudflare One Appliance ](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/)[ Cloudflare One ](https://developers.cloudflare.com/cloudflare-one/)[ Cloudflare WAN ](https://developers.cloudflare.com/cloudflare-wan/)  
Cloudflare One Appliance version 2026.2.0 adds [post-quantum encryption](https://developers.cloudflare.com/ssl/post-quantum-cryptography/) support using hybrid ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism).  
The appliance now uses TLS 1.3 with hybrid ML-KEM for its connection to the Cloudflare edge. During the TLS handshake, the appliance and the edge share a symmetric secret over the TLS connection and inject it into the ESP layer of IPsec. This protects IPsec data plane traffic against harvest-now, decrypt-later attacks.  
This upgrade deploys automatically to all appliances during their configured interrupt windows with no manual action required.  
For more information, refer to [Cloudflare One Appliance](https://developers.cloudflare.com/cloudflare-wan/configuration/appliance/).

Feb 11, 2026
1. ### [Workers are no longer limited to 1000 subrequests](https://developers.cloudflare.com/changelog/post/2026-02-11-subrequests-limit/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
Workers no longer have a limit of 1000 subrequests per invocation, allowing you to make more `fetch()` calls or requests to Cloudflare services on every incoming request. This is especially important for long-running Workers requests, such as open websockets on [Durable Objects](https://developers.cloudflare.com/durable-objects) or long-running [Workflows](https://developers.cloudflare.com/workflows), as these could often exceed this limit and error.  
By default, Workers on paid plans are now limited to 10,000 subrequests per invocation, but this limit can be increased up to 10 million by setting the new `subrequests` limit in your Wrangler configuration file.

  * [  wrangler.jsonc ](#tab-panel-4819)
  * [  wrangler.toml ](#tab-panel-4820)

**JSONC**  
```jsonc  
{  
  "limits": {  
    "subrequests": 50000,  
  },  
}  
```

**TOML**  
```toml  
[limits]  
subrequests = 50_000  
```  
Workers on the free plan remain limited to 50 external subrequests and 1000 subrequests to Cloudflare services per invocation.  
To protect against runaway code or unexpected costs, you can also set a lower limit for both subrequests and CPU usage.

  * [  wrangler.jsonc ](#tab-panel-4821)
  * [  wrangler.toml ](#tab-panel-4822)

**JSONC**  
```jsonc  
{  
  "limits": {  
    "subrequests": 10,  
    "cpu_ms": 1000,  
  },  
}  
```

**TOML**  
```toml  
[limits]  
subrequests = 10  
cpu_ms = 1_000  
```  
For more information, refer to the [Wrangler configuration documentation for limits](https://developers.cloudflare.com/workers/wrangler/configuration/#limits) and [subrequest limits](https://developers.cloudflare.com/workers/platform/limits/#subrequests).

Feb 11, 2026
1. ### [Improved React Server Components support in the Cloudflare Vite plugin](https://developers.cloudflare.com/changelog/post/2026-02-11-vite-plugin-child-environments/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
The Cloudflare Vite plugin now integrates seamlessly [@vitejs/plugin-rsc ↗](https://github.com/vitejs/vite-plugin-react/tree/main/packages/plugin-rsc), the official Vite plugin for [React Server Components ↗](https://react.dev/reference/rsc/server-components).  
A `childEnvironments` option has been added to the plugin config to enable using multiple environments within a single Worker. The parent environment can then import modules from a child environment in order to access a separate module graph. For a typical RSC use case, the plugin might be configured as in the following example:

**vite.config.ts**  
```ts  
export default defineConfig({  
  plugins: [  
    cloudflare({  
      viteEnvironment: {  
        name: "rsc",  
        childEnvironments: ["ssr"],  
      },  
    }),  
  ],  
});  
```  
`@vitejs/plugin-rsc` provides the lower level functionality that frameworks, such as [React Router ↗](https://reactrouter.com/how-to/react-server-components), build upon. The GitHub repository includes a [basic Cloudflare example ↗](https://github.com/vitejs/vite-plugin-react/tree/f066114c3e6bf18f5209ff3d3ef6bf1ab46d3866/packages/plugin-rsc/examples/starter-cf-single).

Feb 10, 2026
1. ### [WAF Release - 2026-02-10](https://developers.cloudflare.com/changelog/post/2026-02-10-waf-release/)  
[ WAF ](https://developers.cloudflare.com/waf/)  
This week’s release changes the rule action from BLOCK to Disabled for Anomaly:Header:User-Agent - Fake Google Bot.

| Ruleset                    | Rule ID     | Legacy Rule ID | Description                                 | Previous Action | New Action | Comments                                                        |
| -------------------------- | ----------- | -------------- | ------------------------------------------- | --------------- | ---------- | --------------------------------------------------------------- |
| Cloudflare Managed Ruleset | ...6aa0bef8 | N/A            | Anomaly:Header:User-Agent - Fake Google Bot | Enabled         | Disabled   | We are changing the action for this rule from BLOCK to Disabled |

Feb 09, 2026
1. ### [Agents SDK v0.4.0: Readonly connections, MCP security improvements, x402 v2 migration, and custom MCP OAuth providers](https://developers.cloudflare.com/changelog/post/2026-02-09-agents-sdk-v040/)  
[ Agents ](https://developers.cloudflare.com/agents/)[ Workers ](https://developers.cloudflare.com/workers/)  
The latest release of the [Agents SDK ↗](https://github.com/cloudflare/agents) brings readonly connections, MCP protocol and security improvements, x402 payment protocol v2 migration, and the ability to customize OAuth for MCP server connections.  
#### Readonly connections  
Agents can now restrict WebSocket clients to read-only access, preventing them from modifying agent state. This is useful for dashboards, spectator views, or any scenario where clients should observe but not mutate.  
New hooks: `shouldConnectionBeReadonly`, `setConnectionReadonly`, `isConnectionReadonly`. Readonly connections block both client-side `setState()` and mutating `@callable()` methods, and the readonly flag survives hibernation.

  * [  JavaScript ](#tab-panel-4823)
  * [  TypeScript ](#tab-panel-4824)

**JavaScript**  
```js  
class MyAgent extends Agent {  
  shouldConnectionBeReadonly(connection) {  
    // Make spectators readonly  
    return connection.url.includes("spectator");  
  }  
}  
```

**TypeScript**  
```ts  
class MyAgent extends Agent {  
  shouldConnectionBeReadonly(connection) {  
    // Make spectators readonly  
    return connection.url.includes("spectator");  
  }  
}  
```  
#### Custom MCP OAuth providers  
The new `createMcpOAuthProvider` method on the `Agent` class allows subclasses to override the default OAuth provider used when connecting to MCP servers. This enables custom authentication strategies such as pre-registered client credentials or mTLS, beyond the built-in dynamic client registration.

  * [  JavaScript ](#tab-panel-4827)
  * [  TypeScript ](#tab-panel-4828)

**JavaScript**  
```js  
class MyAgent extends Agent {  
  createMcpOAuthProvider(callbackUrl) {  
    return new MyCustomOAuthProvider(this.ctx.storage, this.name, callbackUrl);  
  }  
}  
```

**TypeScript**  
```ts  
class MyAgent extends Agent {  
  createMcpOAuthProvider(callbackUrl: string): AgentMcpOAuthProvider {  
    return new MyCustomOAuthProvider(this.ctx.storage, this.name, callbackUrl);  
  }  
}  
```  
#### MCP SDK upgrade to 1.26.0  
Upgraded the MCP SDK to 1.26.0 to prevent cross-client response leakage. Stateless MCP Servers should now create a new `McpServer` instance per request instead of sharing a single instance. A guard is added in this version of the MCP SDK which will prevent connection to a Server instance that has already been connected to a transport. Developers will need to modify their code if they declare their `McpServer` instance as a global variable.  
#### MCP OAuth callback URL security fix  
Added `callbackPath` option to `addMcpServer` to prevent instance name leakage in MCP OAuth callback URLs. When `sendIdentityOnConnect` is `false`, `callbackPath` is now required — the default callback URL would expose the instance name, undermining the security intent. Also fixes callback request detection to match via the `state` parameter instead of a loose `/callback` URL substring check, enabling custom callback paths.  
#### Deprecate `onStateUpdate` in favor of `onStateChanged`  
`onStateChanged` is a drop-in rename of `onStateUpdate` (same signature, same behavior). `onStateUpdate` still works but emits a one-time console warning per class. `validateStateChange` rejections now propagate a `CF_AGENT_STATE_ERROR` message back to the client.  
#### x402 v2 migration  
Migrated the x402 MCP payment integration from the legacy `x402` package to `@x402/core` and `@x402/evm` v2.

**Breaking changes for x402 users:**

  * Peer dependencies changed: replace `x402` with `@x402/core` and `@x402/evm`
  * `PaymentRequirements` type now uses v2 fields (e.g. `amount` instead of `maxAmountRequired`)
  * `X402ClientConfig.account` type changed from `viem.Account` to `ClientEvmSigner` (structurally compatible with `privateKeyToAccount()`)  
```bash  
npm uninstall x402  
npm install @x402/core @x402/evm  
```  
Network identifiers now accept both legacy names and CAIP-2 format:

**TypeScript**  
```ts  
// Legacy name (auto-converted)  
{  
  network: "base-sepolia",  
}  
// CAIP-2 format (preferred)  
{  
  network: "eip155:84532",  
}  
```

**Other x402 changes:**

  * `X402ClientConfig.network` is now optional — the client auto-selects from available payment requirements
  * Server-side lazy initialization: facilitator connection is deferred until the first paid tool invocation
  * Payment tokens support both v2 (`PAYMENT-SIGNATURE`) and v1 (`X-PAYMENT`) HTTP headers
  * Added `normalizeNetwork` export for converting legacy network names to CAIP-2 format
  * Re-exports `PaymentRequirements`, `PaymentRequired`, `Network`, `FacilitatorConfig`, and `ClientEvmSigner` from `agents/x402`  
#### Other improvements

  * Fix `useAgent` and `AgentClient` crashing when using `basePath` routing
  * CORS handling delegated to partyserver's native support (simpler, more reliable)
  * Client-side `onStateUpdateError` callback for handling rejected state updates  
#### Upgrade  
To update to the latest version:  
```sh  
npm i agents@latest  
```

Feb 09, 2026
1. ### [Interactive browser terminals in Sandboxes](https://developers.cloudflare.com/changelog/post/2026-02-09-pty-terminal-support/)  
[ Agents ](https://developers.cloudflare.com/agents/)  
The [Sandbox SDK ↗](https://github.com/cloudflare/sandbox-sdk) now supports PTY (pseudo-terminal) passthrough, enabling browser-based terminal UIs to connect to sandbox shells via WebSocket.  
#### `sandbox.terminal(request)`  
The new `terminal()` method proxies a WebSocket upgrade to the container's PTY endpoint, with output buffering for replay on reconnect.

  * [  JavaScript ](#tab-panel-4825)
  * [  TypeScript ](#tab-panel-4826)

**JavaScript**  
```js  
// Worker: proxy WebSocket to container terminal  
return sandbox.terminal(request, { cols: 80, rows: 24 });  
```

**TypeScript**  
```ts  
// Worker: proxy WebSocket to container terminal  
return sandbox.terminal(request, { cols: 80, rows: 24 });  
```  
#### Multiple terminals per sandbox  
Each session can have its own terminal with an isolated working directory and environment, so users can run separate shells side-by-side in the same container.

  * [  JavaScript ](#tab-panel-4829)
  * [  TypeScript ](#tab-panel-4830)

**JavaScript**  
```js  
// Multiple isolated terminals in the same sandbox  
const dev = await sandbox.getSession("dev");  
return dev.terminal(request);  
```

**TypeScript**  
```ts  
// Multiple isolated terminals in the same sandbox  
const dev = await sandbox.getSession("dev");  
return dev.terminal(request);  
```  
#### xterm.js addon  
The new `@cloudflare/sandbox/xterm` export provides a `SandboxAddon` for [xterm.js ↗](https://xtermjs.org/) with automatic reconnection (exponential backoff + jitter), buffered output replay, and resize forwarding.

  * [  JavaScript ](#tab-panel-4831)
  * [  TypeScript ](#tab-panel-4832)

**JavaScript**  
```js  
import { SandboxAddon } from "@cloudflare/sandbox/xterm";  
const addon = new SandboxAddon({  
  getWebSocketUrl: ({ sandboxId, origin }) =>  
    `${origin}/ws/terminal?id=${sandboxId}`,  
  onStateChange: (state, error) => updateUI(state),  
});  
terminal.loadAddon(addon);  
addon.connect({ sandboxId: "my-sandbox" });  
```

**TypeScript**  
```ts  
import { SandboxAddon } from "@cloudflare/sandbox/xterm";  
const addon = new SandboxAddon({  
  getWebSocketUrl: ({ sandboxId, origin }) =>  
    `${origin}/ws/terminal?id=${sandboxId}`,  
  onStateChange: (state, error) => updateUI(state),  
});  
terminal.loadAddon(addon);  
addon.connect({ sandboxId: "my-sandbox" });  
```  
#### Upgrade  
To update to the latest version:  
```sh  
npm i @cloudflare/sandbox@latest  
```

Feb 09, 2026
1. ### [Analytics enhancements](https://developers.cloudflare.com/changelog/post/2026-02-09-analytics-enhancements/)  
[ AI Crawl Control ](https://developers.cloudflare.com/ai-crawl-control/)  
AI Crawl Control metrics have been enhanced with new views, improved filtering, and better data visualization.  
![AI Crawl Control path patterns](https://developers.cloudflare.com/_astro/ai-crawl-control-path-patterns.0xT_lucE_1Png6i.webp)  

**Path pattern grouping**

  * In the **Metrics** tab > **Most popular paths** table, use the new **Patterns** tab that groups requests by URI pattern (`/blog/*`, `/api/v1/*`, `/docs/*`) to identify which site areas crawlers target most. Refer to the screenshot above.

**Enhanced referral analytics**

  * Destination patterns show which site areas receive AI-driven referral traffic.
  * In the **Metrics** tab, a new **Referrals over time** chart shows trends by operator or source.

**Data transfer metrics**

  * In the **Metrics** tab > **Allowed requests over time** chart, toggle **Bytes** to show bandwidth consumption.
  * In the **Crawlers** tab, a new **Bytes Transferred** column shows bandwidth per crawler.

**Image exports**

  * Export charts and tables as images for reports and presentations.  
Learn more about [analyzing AI traffic](https://developers.cloudflare.com/ai-crawl-control/features/analyze-ai-traffic/).

Feb 09, 2026
1. ### [AI Search now with more granular controls over indexing](https://developers.cloudflare.com/changelog/post/2026-02-09-indexing-improvements/)  
[ AI Search ](https://developers.cloudflare.com/ai-search/)  
Get your content updates into [AI Search](https://developers.cloudflare.com/ai-search/) faster and avoid a full rescan when you do not need it.  
#### Reindex individual files without a full sync  
Updated a file or need to retry one that errored? When you know exactly which file changed, you can now [reindex it directly](https://developers.cloudflare.com/ai-search/configuration/indexing/syncing/#controls) instead of rescanning your entire data source.  
Go to **Overview** \> **Indexed Items** and select the sync icon next to any file to reindex it immediately.  
![Sync individual files from Indexed Items](https://developers.cloudflare.com/_astro/individual-file-indexing.CQgoIj85_ZIBUBg.webp)  
#### Crawl only the sitemap you need  
By default, AI Search crawls all sitemaps listed in your `robots.txt`, up to the [maximum files per index limit](https://developers.cloudflare.com/ai-search/platform/limits-pricing/#limits). If your site has multiple sitemaps but you only want to index a specific set, you can now [specify a single sitemap URL](https://developers.cloudflare.com/ai-search/configuration/data-source/website/#sitemap) to limit what the crawler visits.  
For example, if your `robots.txt` lists both `blog-sitemap.xml` and `docs-sitemap.xml`, you can specify just `https://example.com/docs-sitemap.xml` to index only your documentation.  
Configure your selection anytime in **Settings** \> **Parsing options** \> **Specific sitemaps**, then trigger a sync to apply the changes.  
![Specify a sitemap in Parsinh options](https://developers.cloudflare.com/_astro/specify-sitemap.pLCkwmJ-_2vbphB.webp)  
Learn more about [indexing controls](https://developers.cloudflare.com/ai-search/configuration/indexing/syncing/#controls) and [website crawling configuration](https://developers.cloudflare.com/ai-search/configuration/data-source/website/#sitemap).

Feb 09, 2026
1. ### [Tabs and pivots](https://developers.cloudflare.com/changelog/post/2026-02-09-tabs-and-pivots/)  
[ Log Explorer ](https://developers.cloudflare.com/log-explorer/)  
Log Explorer now supports multiple concurrent queries with the new Tabs feature. Work with multiple queries simultaneously and pivot between datasets to investigate malicious activity more effectively.  
#### Key capabilities

  * **Multiple tabs:** Open and switch between multiple query tabs to compare results across different datasets.
  * **Quick filtering:** Select the filter button from query results to add a value as a filter to your current query.
  * **Pivot to new tab:** Use Cmd + click on the filter button to start a new query tab with that filter applied.
  * **Preserved progress:** Your query progress is preserved on each tab if you navigate away and return.  
For more information, refer to the [Log Explorer documentation](https://developers.cloudflare.com/log-explorer/).

Feb 09, 2026
1. ### [R2 SQL now supports approximate aggregation functions](https://developers.cloudflare.com/changelog/post/2026-02-09-approximate-aggregation-functions/)  
[ R2 SQL ](https://developers.cloudflare.com/r2-sql/)  
R2 SQL now supports five approximate aggregation functions for fast analysis of large datasets. These functions trade minor precision for improved performance on high-cardinality data.  
#### New functions

  * `APPROX_PERCENTILE_CONT(column, percentile)` — Returns the approximate value at a given percentile (0.0 to 1.0). Works on integer and decimal columns.
  * `APPROX_PERCENTILE_CONT_WITH_WEIGHT(column, weight, percentile)` — Weighted percentile calculation where each row contributes proportionally to its weight column value.
  * `APPROX_MEDIAN(column)` — Returns the approximate median. Equivalent to `APPROX_PERCENTILE_CONT(column, 0.5)`.
  * `APPROX_DISTINCT(column)` — Returns the approximate number of distinct values. Works on any column type.
  * `APPROX_TOP_K(column, k)` — Returns the `k` most frequent values with their counts as a JSON array.  
All functions support `WHERE` filters. All except `APPROX_TOP_K` support `GROUP BY`.  
#### Examples  
```sql
-- Percentile analysis on revenue data  
SELECT approx_percentile_cont(total_amount, 0.25),  
       approx_percentile_cont(total_amount, 0.5),  
       approx_percentile_cont(total_amount, 0.75)  
FROM my_namespace.sales_data  
```  
```sql
-- Median per department  
SELECT department, approx_median(total_amount)  
FROM my_namespace.sales_data  
GROUP BY department  
```  
```sql
-- Approximate distinct customers by region  
SELECT region, approx_distinct(customer_id)  
FROM my_namespace.sales_data  
GROUP BY region  
```  
```sql
-- Top 5 most frequent departments  
SELECT approx_top_k(department, 5)  
FROM my_namespace.sales_data  
```  
```sql
-- Combine approximate and standard aggregations  
SELECT COUNT(*),  
       AVG(total_amount),  
       approx_percentile_cont(total_amount, 0.5),  
       approx_distinct(customer_id)  
FROM my_namespace.sales_data  
WHERE region = 'North'  
```  
For the full syntax and additional examples, refer to the [SQL reference](https://developers.cloudflare.com/r2-sql/sql-reference/).

Feb 06, 2026
1. ### [Visualize data, share links, and create exports with the new Workers Observability dashboard](https://developers.cloudflare.com/changelog/post/2026-02-06-observability-ui-refresh/)  
[ Workers ](https://developers.cloudflare.com/workers/)  
The [Workers Observability dashboard ↗](https://dash.cloudflare.com/?to=/:account/workers-and-pages/observability/) has some major updates to make it easier to debug your application's issues and share findings with your team.  
![Workers Observability dashboard showing events view with event details and share options](https://developers.cloudflare.com/_astro/2026-01-22-events_share_obs_wobs.BvzY4TNV_eC7Hu.webp)  
You can now:

  * **Create visualizations** — Build charts from your Worker data directly in a Worker's Observability tab
  * **Export data as JSON or CSV** — Download logs and traces for offline analysis or to share with teammates
  * **Share events and traces** — Generate direct URLs to specific events, invocations, and traces that open standalone pages with full context
  * **Customize table columns** — Improved field picker to add, remove, and reorder columns in the events table
  * **Expandable event details** — Expand events inline to view full details without leaving the table
  * **Keyboard shortcuts** — Navigate the dashboard with hotkey support  
![Workers Observability dashboard showing a P99 CPU time visualization grouped by outcome](https://developers.cloudflare.com/_astro/2026-01-22-vis_qb_wobs.Bb5eVQNT_at6AT.webp)  
These updates are now live in the Cloudflare dashboard, both in a Worker's Observability tab and in the account-level Observability dashboard for a unified experience. To get started, go to **Workers & Pages** \> select your Worker > **Observability**.

Feb 04, 2026
1. ### [New reference documentation](https://developers.cloudflare.com/changelog/post/2026-02-09-reference-documentation/)  
[ AI Crawl Control ](https://developers.cloudflare.com/ai-crawl-control/)  
New reference documentation is now available for AI Crawl Control:

  * **[GraphQL API reference](https://developers.cloudflare.com/ai-crawl-control/reference/graphql-api/)** — Query examples for crawler requests, top paths, referral traffic, and data transfer. Includes key filters for detection IDs, user agents, and referrer domains.
  * **[Bot reference](https://developers.cloudflare.com/ai-crawl-control/reference/bots/)** — Detection IDs and user agents for major AI crawlers from OpenAI, Anthropic, Google, Meta, and others.
  * **[Worker templates](https://developers.cloudflare.com/ai-crawl-control/reference/worker-templates/)** — Deploy the x402 Payment-Gated Proxy to monetize crawler access or charge bots while letting humans through free.

```json
{"@context":"https://schema.org","@type":"BlogPosting","@id":"https://developers.cloudflare.com/changelog/16/#page","headline":"Changelogs | Cloudflare Docs","url":"https://developers.cloudflare.com/changelog/16/","inLanguage":"en","image":"https://developers.cloudflare.com/cf-twitter-card.png","publisher":{"@type":"Organization","name":"Cloudflare","url":"https://www.cloudflare.com/"},"isPartOf":{"@type":"WebSite","@id":"https://developers.cloudflare.com/#website","name":"Cloudflare Docs","url":"https://developers.cloudflare.com/"}}
```
