Privacy Proxy
A MASQUE-based forward proxy that protects user privacy while preserving geolocation accuracy.
Privacy Proxy is a managed proxy service that runs on Cloudflare's global network. It uses the MASQUE ↗ protocol suite to proxy TCP and UDP traffic via HTTP CONNECT and CONNECT-UDP methods over HTTP/2 and HTTP/3.
Privacy Proxy separates user identity from user activity. Users authenticate to the proxy without revealing which destinations they visit, and destination servers see requests from Cloudflare IP addresses without learning who made them.
Privacy Proxy powers services like Microsoft Edge Secure Network ↗ and serves as a second-hop relay for iCloud Private Relay ↗.
Single-hop deployment
Deploy Privacy Proxy as a standalone proxy where Cloudflare handles authentication, proxying, and egress.
Double-hop deployment
Operate your own first-hop proxy to authenticate users, then relay traffic through Cloudflare for additional privacy separation.
Geolocation preservation
Maintain accurate geolocation for users without exposing their real IP addresses, ensuring location-relevant content and services work correctly.
Privacy Pass authentication
Authenticate users with Privacy Pass tokens for production deployments, ensuring privacy-preserving access control.
Implements the Oblivious HTTP (OHTTP) standard for request-level privacy, hiding client IP addresses from application backends.
Cloudflare's consumer VPN application that uses similar privacy-preserving proxy technology.
Privacy Proxy is available as a managed service for Enterprise customers. Contact us ↗ to discuss your use case and get started.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2026 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark
-
