The Cloudflare Year in Review delivers one of the clearest snapshots of how the internet behaved in 2025. Using data from Cloudflare’s global network, the report shows how automation, aggressive AI crawlers, stronger encryption, and shifting traffic patterns actively reshape the web. While human activity continues to grow, machines now generate a striking share of online requests.
Cloudflare Year in Review shows traffic growth driven by automation
According to the Cloudflare Year in Review, global internet traffic grew by 19% year over year. However, humans did not drive that growth evenly. Instead, automated systems generated a growing share of requests, especially across APIs and large-scale crawling infrastructure.
Google and Facebook remained the most accessed platforms worldwide. At the same time, Starlink emerged as one of the fastest-growing services, with traffic increasing more than 2.3× compared to the previous year. This shift shows how connectivity itself continues to evolve alongside traditional web services.
Cloudflare Year in Review shows AI bots dominating web crawling
One of the most striking findings in the Cloudflare Year in Review is crawler dominance. Googlebot generated more traffic than any other verified bot and accounted for over 28% of verified bot requests observed by Cloudflare.
Other Google-operated crawlers, including AdsBot, Image Proxy, and GoogleOther, reinforced that lead. Meanwhile, AI-focused crawlers followed behind. OpenAI’s GPTBot and Microsoft’s Bingbot still produced a significant share of traffic, even though they lagged far behind Google’s ecosystem.
This pattern shows how content crawling now serves not only search indexing, but also large-scale AI training and inference.
AI crawl-to-refer imbalance widens further
Beyond raw traffic, the Cloudflare Year in Review reveals a growing imbalance between how much AI systems crawl and how much traffic they send back to publishers. Crawl-to-refer ratios rose sharply throughout 2025.
In extreme cases, some platforms crawled hundreds of thousands of pages for every single referral sent back to source websites. While a few services showed more restraint, the overall trend points toward extraction-heavy behavior that offers limited visibility or value to content creators.
As a result, concerns around sustainability, attribution, and fair use continue to intensify.
Post-quantum encryption reaches a major milestone
Security stands out as a core theme in the Cloudflare Year in Review, especially encryption adoption. By the end of 2025, post-quantum encryption protected roughly half of all human-generated web traffic.
This marks a dramatic shift from the beginning of the year, when adoption remained below 30%. The rapid increase reflects growing awareness of “harvest now, decrypt later” threats, where attackers store encrypted data today in hopes of breaking it with future quantum computers.
Meanwhile, usage of HTTP/2 and HTTP/3 continued to climb, reinforcing the move toward faster and more secure web protocols.
Web technologies remain surprisingly stable
Despite major changes in automation and security, the Cloudflare Year in Review shows stability across core web technologies. JavaScript libraries continued to underpin most websites, with jQuery still appearing far more often than many modern alternatives.
React retained its lead among front-end frameworks, appearing roughly twice as often as Vue.js across scanned domains. On the backend, PHP, Node.js, and Java continued to dominate, maintaining a clear advantage over alternatives such as Ruby or Python.
However, community discussions suggest that some platforms, particularly ASP.NET-based stacks, may appear underrepresented due to how large-scale detection works.
Go usage surges in API automation
One of the fastest-moving trends in the Cloudflare Year in Review appears in API traffic. Go-based clients generated more than 20% of automated API requests in 2025, nearly doubling their share from the previous year.
Python, Java, and Node.js followed behind, but none matched Go’s growth rate. This surge reflects Go’s strong reputation for performance, concurrency, and suitability for cloud-native automation and infrastructure tooling.
Outages and attacks expose internet fragility
While major outages often dominate headlines, the Cloudflare Year in Review shows that planned shutdowns accounted for nearly half of all observed disruptions in 2025. Many of these shutdowns aimed to prevent cheating during exams or to respond to protests and public safety concerns.
At the same time, unplanned incidents still caused widespread disruption. Cable cuts, regional unrest, and routing errors continued to affect connectivity. Meanwhile, hyper-volumetric DDoS attacks reached new extremes, frequently exceeding one terabit per second or one billion packets per second.
Together, these incidents highlight how complex and interconnected the modern internet has become.
Why the Cloudflare Year in Review matters
The Cloudflare Year in Review goes beyond surface-level metrics. It functions as a real-world stress test for the modern internet, revealing how AI, automation, encryption, and infrastructure pressures intersect at global scale.
The report reminds readers that bots no longer represent the exception. Encryption is quickly becoming the default. And long-term resilience now depends on understanding — and planning for — both human and machine-driven behavior online.
Read also
Join the discussion in our Facebook community.