Cloudflare Collaborates With Leading Browsers to Develop a Privacy-First Protocol For the Global Internet

San Francisco, CA, June 22, 2026 – Cloudflare, Inc. (NYSE: NET), the leading connectivity cloud company, today announced a new initiative with major Web browsers—Mozilla Firefox, Google Chrome, and Microsoft Edge—committing to developing and submitting for standardization a privacy-preserving protocol to help humans and bots prove that their traffic is not malicious. As the Internet shifts from human-driven clicks to agent activity, website operators must now figure out how to stop aggressive automated traffic, without resorting to invasive tracking. This initiative will lay the foundation for a more frictionless, secure, and private experience for every Internet user and website owner alike.

“The way we interact with the Internet is facing a fundamental shift. Normal everyday tasks like ordering food previously required a user to personally navigate menus and payment gateways. Now, autonomous agents are starting to orchestrate these workflows on behalf of people," said Dane Knecht, CTO of Cloudflare. "As AI-powered traffic becomes widespread, existing tools to support its use are too generic and coarse. Now this collaboration lets us eliminate the friction caused by security protocols for every visitor—whether they are human or agent—without sacrificing privacy."

For decades, website operators have relied on a patchwork of imperfect defense mechanisms to manage automated abuse, but these imperfect techniques are increasingly failing to keep pace with modern threats. Now, with the explosion of Generative AI, the battlefield has shifted yet again. Malicious automation is more widespread, sophisticated, and economically damaging to site owners. As we move toward an era of agentic AI, the line between human behavior and bot activity is blurring, leaving the digital world with an unprecedented privacy problem. When websites attempt to verify that a request originates from a legitimate human or authorized bot, the traditional solutions—forced logins and invasive tracking—compromise user trust.

“In commerce, every extra challenge, delay, or false positive can turn a purchase into an abandoned cart. Merchants need effective protections against automated abuse, but buyers shouldn’t have to pay for them with unnecessary friction or invasive tracking. Shopify is proud to help develop PACT as an open, privacy-preserving standard that can help the millions of businesses on our platform distinguish legitimate shoppers and authorized agents from abusive traffic while preserving buyer privacy." – Ilya Grigorik, Distinguished Engineer at Shopify.

Private Access Control Tokens (PACT) are designed to allow sites with strong knowledge of “personhood” to issue anonymous tokens. A user's browser can then provide these tokens to other sites to prove that a human is in the loop, reducing the need for annoying and clunky captchas or invasive tracking. PACT is designed so that sites cannot leverage it to track or identify users or their browsing history.

"The health of the web depends on effective, interoperable, privacy-preserving tools that enable sites to combat abuse without unnecessary user friction. Microsoft is excited to collaborate on developing new standards and helping ensure their deployment across the open web." – Erik Anderson, Director of Engineering, Web Platform at Microsoft Edge.

"Mozilla is committed to defending openness and user privacy on the web. An avalanche of automated traffic is pushing sites to adopt blunt defenses—paywalls, identity checks, CAPTCHAs, and invasive tracking—simply to tell whether a request comes from a human. We can build a better solution that maintains strong privacy and provides a much less annoying experience for real humans using the web. This project requires collaboration across the ecosystem, and we're thrilled to work with Cloudflare and other like-minded partners to bring it to life." – Bobby Holley, CTO for Firefox at Mozilla.

PACT will further empower businesses to identify genuine visitors, ensuring they can focus their resources on the traffic that matters to them. PACT leverages trusted information from contexts that have authentic relationships with people while keeping that information private. This provides businesses with high-integrity assurances about their audiences with minimal friction. Using PACT on Cloudflare’s network raises the bar for trustworthiness and integrity online without the traditional costs.

About Cloudflare

Cloudflare, Inc. (NYSE: NET) is the leading connectivity cloud company. It empowers organizations to make their employees, applications and networks faster and more secure everywhere, while reducing complexity and cost. Cloudflare’s connectivity cloud delivers the most full-featured, unified platform of cloud-native products and developer tools, so any organization can gain the control they need to work, develop, and accelerate their business.

Powered by one of the world’s largest and most interconnected networks, Cloudflare blocks billions of threats online for its customers every day. It is trusted by millions of organizations – from the largest brands to entrepreneurs and small businesses to nonprofits, humanitarian groups, and governments across the globe.
Learn more about Cloudflare’s connectivity cloud at cloudflare.com/connectivity-cloud. Learn more about the latest Internet trends and insights at radar.cloudflare.com.

Follow us: Blog | X | LinkedIn | Facebook | Instagram

Forward-Looking Statements

This press release contains forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended, which statements involve substantial risks and uncertainties. In some cases, you can identify forward-looking statements because they contain words such as “may,” “will,” “should,” “expects,” “explore,” “plans,” “anticipates,” “could,” “intends,” “target,” “project,” “contemplates,” “believes,” “estimates,” “predicts,” “potential,” or “continue,” or the negative of these words, or other similar terms or expressions that concern Cloudflare’s expectations, strategy, plans, or intentions. However, not all forward-looking statements contain these identifying words. Forward-looking statements expressed or implied in this press release include, but are not limited to, statements regarding the capabilities and effectiveness of Cloudflare’s products and technology, the benefits to Cloudflare’s customers from using Cloudflare’s products and technology, Cloudflare’s partnership with Google Chrome, Microsoft Edge, Mozilla Firefox, Shopify and the potential resulting benefits to Cloudflare customers, the potential benefits to customers of integrating Cloudflare and Google Chrome, Microsoft Edge, Mozilla Firefox, Shopify products, the potential opportunity for Cloudflare to attract additional customers and to expand sales to existing customers through Cloudflare’s partnership with Google Chrome, Microsoft Edge, Mozilla Firefox, Shopify, Cloudflare’s technological development, future operations, growth, initiatives, or strategies, and comments made by Cloudflare’s CEO and others. Actual results could differ materially from those stated or implied in forward-looking statements due to a number of factors, including but not limited to, risks detailed in Cloudflare’s filings with the Securities and Exchange Commission (SEC), including Cloudflare’s Quarterly Report on Form 10-Q filed on May 8, 2026, as well as other filings that Cloudflare may make from time to time with the SEC.

The forward-looking statements made in this press release relate only to events as of the date on which the statements are made. Cloudflare undertakes no obligation to update any forward-looking statements made in this press release to reflect events or circumstances after the date of this press release or to reflect new information or the occurrence of unanticipated events, except as required by law. Cloudflare may not actually achieve the plans, intentions, or expectations disclosed in Cloudflare’s forward-looking statements, and you should not place undue reliance on Cloudflare’s forward-looking statements.

©2026 Cloudflare, Inc. All rights reserved. Cloudflare, the Cloudflare logo, and other Cloudflare marks are trademarks and/or registered trademarks of Cloudflare, Inc. in the U.S. and other jurisdictions. All other marks and names referenced herein may be trademarks of their respective owners.