The Cloudflare Developer Platform, Explained Like You're Going to Ship on It

A few years ago Cloudflare was "the thing in front of your website." In 2026 it is a place you build the whole application: the compute, the database, the file storage, the queue, the cron job, the AI inference, and the security layer, all running on the same global network. I deploy real apps on it because the free tier is genuinely free, there are no cold starts to design around, and the pieces fit together. Here is the honest tour, what each service is for, what it costs, and the places it will bite you.

Compute: it starts with Workers

Workers is the core. Your code runs in a V8 isolate, a lightweight sandbox inside an already-running runtime, instead of a container or VM spun up per request. That design is why people say Workers has "no cold starts." The precise version, from Cloudflare's own blog: a Worker loads in about 5 milliseconds, and Cloudflare pre-warms it during the TLS handshake, so by the time your request arrives the startup cost is effectively hidden. It is not a literal zero, but in practice you stop thinking about cold starts.

A note that matters in 2026: Cloudflare now officially tells you to start with Workers, not Pages. In their words, "now that Workers supports both serving static assets and server-side rendering, you should start with Workers," and "all of our investment, optimizations, and feature work will be dedicated to improving Workers." Pages is not deprecated and will keep being supported, so existing Pages apps are fine, but for a new full-stack build, Workers is the recommended door. (If you have a Pages app, there is a migration guide.)

Around that core sit the rest of the compute primitives:

• Durable Objects combine compute with strongly-consistent, transactional storage in a single globally-unique object, ideal for coordination, WebSockets, and live collaboration. The SQLite-backed storage went GA in April 2025, is the default for new namespaces, holds up to 10 GB per object, and is even available on the free plan.
• Queues (GA) give you guaranteed-delivery message queues to decouple slow work from the request path, at up to 5,000 messages/sec per queue.
• Workflows (GA, Feb 2026) is durable execution: each step is persisted and retried, so a multi-step job survives failures and can span minutes to days, with a waitForEvent API for human-in-the-loop.
• Cron Triggers run a Worker on a schedule via a scheduled() handler.
• Containers (GA, April 2026) run full Linux environments for the heavy or non-JavaScript workloads that do not fit an isolate, orchestrated from a Worker.
• Browser Run (the service formerly called Browser Rendering) drives headless browsers via Puppeteer or Playwright for screenshots, scraping, and PDF generation.

Data: pick the right box

The most common Cloudflare mistake is reaching for the wrong storage primitive. Cloudflare's own storage-options comparison is worth reading, but here is the short version:

• D1 is serverless SQLite (GA April 2024) for relational data: user profiles, orders, anything you would put in a small SQL database. It scales to zero and bills on rows read and written. The ceiling that matters: 10 GB per database. It is for small-to-medium relational workloads, not large OLTP.
• Workers KV is a globally distributed key-value store optimized for high-volume reads of data that rarely changes (config, routing, feature flags). The catch you must design around: it is eventually consistent. A write can take up to 60 seconds or more to show up everywhere, and you get roughly one write per second per key. Never use KV where you need immediate global consistency.
• R2 is S3-compatible object storage for blobs and assets, and its headline feature is real: zero egress fees. If you serve a lot of files, this is where Cloudflare saves you the most money versus the big clouds. Storage runs about $0.015/GB-month with a 10 GB free tier.
• Durable Objects storage is the strongly-consistent, single-writer option for per-entity state, the opposite end of the spectrum from KV.
• Hyperdrive is the escape hatch: connection pooling, query caching, and acceleration in front of your existing external Postgres or MySQL, using your normal drivers. When you outgrow D1's 10 GB, this is the bridge to a full database without leaving the platform.

AI: inference on the same network

Cloudflare put GPU inference next to your code. Workers AI runs a catalog of around 80 models (text generation, embeddings, image, speech, and more) callable from a Worker, billed in "Neurons" (a unit of GPU compute) with 10,000 Neurons/day free and paid usage at about $11 per million.

Around it: AI Gateway is a proxy in front of any AI provider (Workers AI, OpenAI, Anthropic, Gemini, and more) that adds caching, logging, rate limiting, retries, and model fallback, the kind of plumbing you would otherwise build yourself. Vectorize is the vector database for embeddings and RAG. And AI Search (the service renamed from AutoRAG in late 2025) is managed retrieval-augmented generation: point it at your data, and it chunks, embeds, retrieves, and answers. If you are building anything that needs grounded answers over your own content, that pipeline is mostly assembled for you.

Network and security: the part it was always good at

The original business is still the moat. Cloudflare runs on a network it currently describes as 337 cities across 100+ countries, and the platform layers the security stack on top of your app for free or close to it:

• DDoS protection is unmetered on every plan, including free.
• Turnstile is the CAPTCHA alternative, with Managed (auto-selects the challenge by risk), Non-interactive, and Invisible modes. It is the friendly way to keep bots off your forms without punishing real users.
• WAF, Bot Fight Mode, and Rules (Transform, Redirect, Cache) handle filtering and routing at the edge.
• Zero Trust / Access puts identity-aware, deny-by-default control in front of internal apps, free for up to 50 users.
• Universal SSL issues free auto-renewing certificates; set your mode to Full (Strict) and move on.

What it costs to start

The reason I default to Cloudflare for side projects and client MVPs: the free tier is real. Workers Free gives you 100,000 requests/day and 10 ms of CPU time per invocation. The Workers Paid plan is a flat $5/month minimum that includes 10 million requests and 30 million CPU-milliseconds, and raises your CPU ceiling to as much as 5 minutes per invocation. D1, KV, R2, Durable Objects, and Hyperdrive all have free tiers too. You can ship a real, secured, database-backed app for zero dollars and only start paying when it has traction.

The honest caveats

No platform is free of sharp edges, and pretending otherwise is how you get burned at 2 a.m.:

• CPU-time limits are real. Workers cap CPU time (not wall-clock): 10 ms per invocation on Free, up to 5 minutes on Paid. Long responses are fine; heavy computation is bounded. Reach for Containers when you need more.
• KV eventual consistency is the most common foot-gun. Up to ~60 seconds to propagate and ~1 write/sec per key. If you need strong consistency, use D1 or Durable Objects.
• D1's 10 GB ceiling means it is not your forever-database for a data-heavy product. Plan the Hyperdrive-plus-Postgres path before you hit the wall.
• 128 MB of memory per isolate. Large in-memory work needs Containers.
• Vendor lock-in is genuine. Durable Objects, Workflows, Vectorize, and the binding model are Cloudflare-specific. R2's S3 compatibility and Hyperdrive's standard drivers soften it, but a full migration off the platform is still real work. That is the trade for the integration and the price.

Because pricing and limits drift, treat the numbers here as mid-2026 figures and confirm anything load-bearing against the live pricing and limits pages before you build on them.

How I actually start a Cloudflare build

When I spin up a new Cloudflare app, I do not start from a blank wrangler.toml. I generate a complete build prompt, the right Pages-vs-Worker shape, the storage bindings, a locked-down CSP in _headers, the robots/AEO posture, and a bot-challenge choice, and hand it to an LLM as the spec. That is exactly what the Single Site Gen tool now does: pick Cloudflare hosting and it surfaces a Cloudflare options panel (deployment model, CSP mode, robots/AEO posture, bot-challenge mode, and D1/KV/R2/Durable-Objects/Queues toggles) and bakes the production patterns into the prompt.

Pair the platform with Clerk for auth and you have a secure, multi-tenant app on a global network for almost nothing. If you are building the AI side of it, the AI/ML platform-engineering roadmap covers the serving and orchestration decisions worth getting right early. The whole point is to spend your money and hours on the product, not the plumbing, which is the entire premise of The $97 Launch.

Related reading

• Clerk for easier SSO — the auth layer for your Cloudflare app
• Becoming an AI/ML platform engineer — the deeper infra skills
• Single Site Gen — generate a Cloudflare-ready build prompt with CSP, robots, and bot-challenge baked in

Fact-check notes and sources

All figures verified against Cloudflare's docs/blog/pricing in June 2026; link the live pages before relying on any number, since limits and prices change.

• Workers isolates + cold-start mechanism: how Workers works, eliminating cold starts. "Start with Workers" guidance: full-stack on Workers.
• Durable Objects + SQLite GA (10 GB/object): release notes. Queues GA (5,000 msg/sec) and D1/Hyperdrive GA: D1 GA blog. Workflows GA: Workflows GA blog. Containers GA: changelog. Browser Run: docs.
• D1 limits (10 GB/db): D1 limits. KV eventual consistency: how KV works. R2 zero egress + pricing: R2 pricing. Hyperdrive: docs. Storage comparison: storage options.
• Workers AI (catalog + Neurons pricing): Workers AI, pricing. AI Gateway: docs. Vectorize: docs. AI Search (formerly AutoRAG): docs.
• DDoS (unmetered): docs. Turnstile modes: widget docs. Zero Trust Access: docs. SSL modes: docs.
• Free/Paid limits + $5/mo plan: Workers limits, Workers pricing. Network scale (337 cities / 100+ countries): cloudflare.com/network.

This post is informational, not a paid endorsement, and I have no affiliation with Cloudflare. Product names, limits, and prices are current as of mid-2026 and change; verify on Cloudflare's site before building on them.