35% of Cloudflare Traffic Is Now Quantum-Safe; Should Hosting Be Next?

Posted:
Cloudflare Secures 35 With Pqc Are Hosts Next
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 200 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, Contributing Expert

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.

Key Takeaways

Cloudflare has deployed post-quantum cryptography (PQC) protections across its entire platform, with more than 35% of its non-bot HTTPS traffic already protected, according to Infosecurity Magazine.

Cloudflare’s rollout is a milestone in securing the internet’s future and sends a clear message: Quantum-safe encryption is not far off in the distance; it’s going to quickly become a present-day expectation.

The company announced the upgrade in March and showcased it at Infosec Europe in June. In the official announcement, Matthew Prince, co-founder and CEO at Cloudflare, said:

A photo of a Cloudflare booth at Infosec Europe 2025
Cloudflare at Infosec Europe 2025. Credit: Future / TechRadar

“We want every Cloudflare customer to have a clear path to quantum safety, and we are already working with some of the most innovative banks, ISPs, and governments around the world as they begin their journeys to quantum security. We will continue to make advanced cryptography accessible to everyone, at no cost, in all of our products.”

The update addresses a threat model known as “store-now, decrypt-later,” where attackers collect encrypted data today in the hope that future quantum computers will be able to decrypt it.

Trey Guinn, Field CTO at Cloudflare, said that quantum attacks will sneak up on us faster than most will expect:

“The danger isn’t hypothetical — and it’s not many years in the future. In fact, criminals are already harvesting encrypted data today, betting that future quantum computers will be able to decrypt it.”

Quantum computers, which are still in their early stages, are expected to eventually break widely used encryption methods like RSA and ECC.

As to when, it’s a bit fuzzy: A Global Risk Institute Report found that there’s a 1 in 3 chance that Q-Day happens before 2035.

Meanwhile, Tom Patterson, a security lead at Accenture, said, “The world has five years to replace vulnerable cryptography with post-quantum solutions.”

How Cloudflare’s PQC Upgrade Works

Cloudflare uses a hybrid cryptographic model, which combines classical algorithms with post-quantum algorithms during the TLS handshake.

It’s simple: If a quantum attack occurs, the PCQ algorithms go to work. If there is another type of attack, the traditional algorithms function as usual.

Cloudflare infographic on how PCQ works between user devices, global networks, and data centers or public cloud environments
Cloudflare doesn’t replace existing encryption; instead, it augments it using a hybrid cryptographic handshake during TLS. Credit: Cloudflare

Cloudflare has currently enabled PQC protections between its edge network and origin servers, where it controls both ends of the connection.

But it plans to expand protections to client-to-edge traffic, which relies on Kyber for key exchange and Dilithium for digital signatures.

These are both lattice-based algorithms hand-picked by the National Institute of Standards and Technology (NIST) for their resistance to quantum attacks.

Industry Adoption Is Growing

Cloudflare isn’t alone in prepping for Q-Day or its accompanying long-term threats:

  • AWS has contributed to post-quantum key exchange and signature schemes, and it provides guidance for organizations developing their own migration plans.
  • Google Cloud has also begun integrating NIST-approved PQC standards into its infrastructure, including its Cloud Key Management Service.

The U.S. National Security Agency (NSA) is also requiring quantum-safe algorithms for national security systems starting this year.

Additionally, NIST finalized the first post-quantum cryptographic standards in August 2024:

StandardWhat It ReplacesBased OnUse Case
ML-KEMRSA/DH key exchangeCRYSTALS-KyberTLS handshakes, VPNs
ML-DSARSA/ECDSA signaturesCRYSTALS-DilithiumCode signing, SSL certs
SLH-DSARSA/ECDSASPHINCS+ (hash-based)Resource-constrained or high-assurance systems
Source: Federal Register

What Hosting Providers Should Do Now

So far, PQC adoption has largely been limited to high-risk, compliance-heavy industries like finance, defense, and healthcare.

But hosting providers will absolutely face pressure to implement stronger protections as quantum threats become more prevalent in other industries.

Thankfully, Cloudflare offers a clear blueprint. Plus, its use of hybrid cryptography allows for slow adoption without disruption.

That’s a major win for shared hosts, where compatibility issues are common and infrastructure overhauls are usually not in budget.

This upgrade lets hosting providers modernize their security posture without breaking sites, forcing upgrades, or losing clients who are still relying on older systems.

As for those not using Cloudflare, hosts can still join in if they:

  • Audit their current SSL/TLS setup
  • Double-check how well it works with NIST-approved PQC algorithms
  • Stay up-to-date on the evolving standards for PQC

By preparing now, providers can avoid rushed migrations later. It’s the classic “work now, play later” mentality. Except when quantum threats hit, those who didn’t will wish they had.

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 200 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »