← Back
Cloudflare
Cloudflare Radar adds post-quantum monitoring for origin connections, key transparency dashboards
Cloudflare · featuresecurityapiplatform · blog.cloudflare.com ↗

Post-Quantum Encryption Monitoring Extends to Origin Servers

Cloudflare Radar previously tracked post-quantum (PQ) adoption only for client-to-Cloudflare connections, which has grown from under 3% in early 2024 to over 60% in February 2026. Today's update extends this monitoring to origin-facing connections—the critical link between Cloudflare's edge servers and customer origin servers.

The new origin post-quantum support graph visualizes the percentage of customer origins supporting the X25519MLKEM768 hybrid key exchange algorithm, which combines classical X25519 encryption with ML-KEM, a NIST-standardized lattice-based post-quantum scheme. Data is sourced from Cloudflare's automated TLS scanner, which probes TLS 1.3-compatible origins daily. Currently, approximately 10% of origins support post-quantum encryption—a dramatic 10x increase from less than 1% at the start of 2025. The full Data Explorer view on Radar shows support across all classical and quantum-resistant key exchange methods.

Key Transparency Dashboard for Encrypted Messaging

A new Key Transparency section on Radar provides a public, real-time dashboard tracking the verification status of Key Transparency Logs for end-to-end encrypted messaging services like WhatsApp. The dashboard displays:

  • When each log was last signed and verified by Cloudflare's Auditor
  • Real-time monitoring of the integrity of public key distribution
  • Public API access for independent validation of Auditor proofs

This transparency tool enables anyone to audit the security of messaging service key distribution infrastructure.

Expanded Routing Security Metrics

Radar's Routing Security insights now include global, country, and network-level deployment data for ASPA (Autonomous System Provider Authorization), an emerging BGP standard that helps detect and prevent route leaks. This addition strengthens visibility into Internet routing security posture across regions and autonomous systems.

What Developers Need to Know

Organizations should monitor their origin post-quantum readiness on Radar and work with infrastructure teams to enable support where applicable, especially as the ecosystem continues its migration toward quantum-resistant cryptography. The scanner tests for support rather than preference, so origins may support PQ algorithms without preferring them by default.