Cloudflare complied with multiple court orders last year, geoblocking over 400 sports streaming piracy domains on its pass-through service in France.

The global CDN service provider emphasised that it has not blocked any websites through its 1.1.1.1 Public DNS Resolver, despite receiving requests to do so. The distinction is particularly relevant as the U.S. ramps up efforts to enforce site-blocking measures.

In Spain, courts imposed sweeping blockades on Cloudflare’s infrastructure without the company being directly involved in the legal proceedings. The broad measures affected legitimate customers as well, prompting Cloudflare to legally challenge what it sees as overreach.

However, when directly named in legal actions, Cloudflare has complied with court rulings. The company has previously blocked piracy-related domains in Japan and Italy, and its enforcement efforts continue to expand.

According to Cloudflare’s latest Transparency Report, the company geo-blocked 402 domain names in France in 2024 following nine separate court orders. The blocks apply to customers using Cloudflare’s pass-through CDN service, all of which were linked to sports streaming piracy.

Notably, the sites remain accessible outside of France, similar to Cloudflare’s approach in Italy last year, where it blocked 30 piracy-related domains under a court mandate.

While Cloudflare cooperates in these cases, it doesn’t see itself as the most logical candidate to enforce anti-piracy measures and continues to defend itself against these blocking requests.

“Because Cloudflare cannot remove content it does not host, other service providers are better positioned to address these issues,” the company notes.

“Among other things, any blocking by Cloudflare is of limited effectiveness, as a website will be accessible if it stops using Cloudflare’s network. Cloudflare therefore regularly pushes back against attempts to seek blocking orders.”

What makes 1.1.1.1 more secure than other public DNS services?

Many DNS services support DNSSEC, which enhances security but does not shield users’ queries from the DNS providers themselves. Many of these companies collect and monetise user data, often selling it to advertisers.

In contrast, Cloudflare’s 1.1.1.1 service does not mine user data. Logs are retained for only 24 hours for debugging purposes before being permanently deleted.

Additionally, 1.1.1.1 offers advanced privacy features not commonly found in other public DNS services, including query name minimization. This feature enhances privacy by limiting each query to only the essential information needed for that stage of the resolution process.

When it comes to blocking, Cloudflare makes a clear distinction between pass-through services and its publicly available DNS resolver 1.1.1.1. The latter can be used by people from anywhere in the world and due to the technical setup, geo-blocking isn’t straightforward.

Cloudflare therefore treats these DNS blocking efforts as requests to block content globally, even outside the jurisdiction of the originating courts and governments.

This means that recent French and Italian court orders to block pirate sites through Cloudflare’s DNS could be noticed worldwide.

Despite these orders, Cloudflare says that, to date, it hasn’t blocked any content through the 1.1.1.1 DNS resolver. The company’s explanation is short on detail, but says that it found “alternate mechanisms” to comply with these court orders.

“Given the extraterritorial effect as well as the different global approaches to DNS-based blocking, Cloudflare has pursued legal remedies before complying with requests to block access to domains or content through the 1.1.1.1 Public DNS Resolver or identified alternate mechanisms to comply with relevant court orders.

“To date, Cloudflare has not blocked content through the 1.1.1.1 Public DNS Resolver,” Cloudflare adds.

Cloudflare’s Site-Blocking Stance Under Scrutiny Amid U.S. Legislative Push

Cloudflare has yet to provide additional details on its “alternate” site-blocking mechanisms, but its latest Transparency Report acknowledges that the company occasionally geoblocks domains on its pass-through service in response to DNS blocking orders.

“Cloudflare has sometimes taken action to geoblock access to websites through Cloudflare’s pass-through CDN and security services, in response to orders directing Cloudflare to block through its public DNS resolver,” the report states.

However, this enforcement method only applies to websites using Cloudflare’s services. For sites that operate independently, it remains unclear what—if any—action Cloudflare takes.

This issue is particularly relevant as the U.S. considers new site-blocking legislation introduced in late January. The bill specifically names DNS resolvers as potential enforcement tools, a role Cloudflare appears to oppose based on its Transparency Report.

As lawmakers examine the proposal in greater detail, Cloudflare is likely to push back against any obligation to implement such blocking measures.