Data Localization Suite

Where does your data live?

Regional Services restricts where Cloudflare decrypts and processes HTTPS traffic. This page proves it — live, in real time. Every request you make to this site is processed exclusively in the region configured below.

Probing...

--- Loading...

Detecting...

Data Center —

Location —

TLS Version —

HTTP Protocol —

Key Exchange —

WARP —

View raw trace

Loading...

How Regional Services Works

🌍

Global DDoS Protection

L3/L4 DDoS mitigation still happens at the nearest data center worldwide. Volumetric attacks are absorbed globally — no performance tradeoff.

🔒

Regional L7 Processing

TLS decryption, WAF inspection, Workers execution, and caching only happen inside your configured region. Traffic is never decrypted outside it.

📍

Verifiable via API

The /cdn-cgi/trace endpoint proves exactly which data center processed the request. No trust required — verify it yourself.

The Data Localization Suite

Three layers of control. Three questions answered.

Regional Services

"Where is my traffic decrypted?"

Controls where HTTPS traffic is terminated and processed. All L7 inspection — WAF rules, bot detection, Workers code — only runs in-region.

Active on this site

Customer Metadata Boundary

"Where are my logs stored?"

Restricts where Cloudflare stores logs, analytics, and metadata about your traffic. Account-level setting — US or EU.

Account Setting

Geo Key Manager

"Where are my encryption keys?"

Controls where TLS private keys are stored and used. Keys never leave the configured region, even during TLS handshake.

Per Certificate

Who Needs This?

Healthcare — HIPAA

PHI in HTTP requests — patient names, DOBs, medical record numbers. HIPAA BAAs require US-only processing. Regional Services guarantees it.

Financial Services — PCI / SOC 2

Banks with contractual obligations that customer financial data won't be processed outside the US. WAF inspection counts as "processing."

EU Companies — GDPR

Post-Schrems II, EU companies must guarantee PII isn't decrypted outside the EU. Regional Services set to EU gives them proof.

US Government — FedRAMP

Federal agencies require FedRAMP Moderate compliance. The fedramp_moderate_domestic region restricts to FedRAMP-certified US data centers only.

Available Regions

From single countries to compliance-specific zones — granular control.

United States European Union Canada Germany Japan Australia United Kingdom India Brazil France Singapore South Korea FedRAMP Domestic ISO 27001 EU US State of California US State of Florida US State of Texas NATO Schengen Area