By · Founder, Stacktree · Last updated
blog · living status post · tested at launch

Cloudflare Drop is live. We tested it at launch.

Spotted in the wild on July 7, launched July 8. We deployed a site through cloudflare.com/drop within hours of launch: no account, a terms dialog, a live workers.dev URL, and a 60-minute countdown to claim it. Here is exactly how it behaves, what is still undocumented, and why the most interesting thing about it is called Markdown for Agents.

Get started free

What is Cloudflare Drop?

Cloudflare Drop (cloudflare.com/drop, launched 8 July 2026) deploys a static site (HTML, CSS, JS) from a dragged folder or zip with no account. We tested it at launch: after accepting a terms dialog, the site is live in seconds at a public workers.dev URL, and a 60-minute countdown starts to claim the deployment before it expires. It was spotted in development a day earlier by James Ross; official docs do not exist yet.

What we saw deploying through it

We dropped a zip through cloudflare.com/drop within hours of launch. The flow, exactly as observed: the dropzone ("Drop a folder. Or a zip. Summon your site - HTML, CSS, JS.") takes a folder or zip with no login; a terms dialog appears ("By deploying, you agree to Cloudflare's Terms of Service"); accept, and seconds later the screen reads "Your site is live" with the site on a public URL shaped like drop-{id}.{words}.workers.dev, which places Drop on Workers static assets rather than Pages. A countdown starts immediately: "Claim (59:38)", alongside "Copy claim link" and "Deploy another." So the leak's one-hour figure is confirmed: sixty minutes to claim an anonymous deployment before it expires, and the claim link is portable, so the person who drops does not have to be the account that keeps it.

The served page itself is public, edge-cached, and carries no access gating of any kind. Two playful details: the dropzone is multiplayer, showing other visitors' live cursors ("Matt", "Priya", "Riley" were dropping files alongside us), and the success screen boasts your site "is reachable within ~32ms of 95% of the world's Internet-connected population." Credit where due: it is the lowest-friction deploy Cloudflare has ever shipped, and a claimed site graduates into the full Workers platform, DNS, HTTPS and DDoS protection included.

The pre-release screenshots showed four post-claim setup cards in the dashboard: add a domain, control access (Worker policies), observability, and "Markdown for Agents." Those live behind the claim step, not in the anonymous flow we tested.

Anonymous-first is the notable part

Netlify Drop and Vercel Drop both require an account before anything goes live. Drop inverts that: the site is live before Cloudflare knows who you are, and the account only enters when you want to keep it. Publish first, identify later. That ordering is the whole trick, because the person (or agent) holding a folder of HTML wants to see it on a URL now, not after a signup form.

We know that pattern well, because it is exactly how Stacktree works: anonymous publish first, a claim step to keep it. Cloudflare arriving at the same funnel independently is the strongest validation the no-ceremony model has had yet. It also makes Drop the sixth major entrant in twelve months to converge on "AI makes HTML, it needs a URL, ceremony is the enemy": Shopify's internal Quick, OpenAI's Codex Sites, here.now, Vercel Drop, Notion's HTML block, and now the company that runs a fifth of the web.

Markdown for Agents: AEO goes native

The most interesting card in the flow is not the dropzone. "Markdown for Agents: make your site easy to explore for agents, showing up more in AI conversations," with an enable button. Cloudflare is shipping agent legibility as a one-click hosting feature: a Markdown rendition of your site for AI crawlers and assistants, in the same checklist as DNS and HTTPS.

That confirms something we have bet on for a while: how a page reads to an agent is becoming a property of hosting, not an SEO afterthought. Note the mechanism Cloudflare chose, though: content negotiation (serve the agent a Markdown rendition of the real page), not another static manifest file. That matches what our own crawler logs show, where AI bots overwhelmingly fetch regular pages rather than the llms.txt-style files the industry spent a year adding. Stacktree ships Markdown content negotiation and WebMCP for the same reason. When Cloudflare puts "showing up more in AI conversations" on a setup card, answer-engine visibility has officially gone mainstream, and it is converging on the page itself being legible, not sidecar files.

What is still unknown

  • Documentation. There are no official docs yet; everything here is verified by use, not by reference. Docs may change limits and behavior.
  • Limits and pricing. File size caps, site counts, free-tier boundaries: all unknown.
  • What "control access" really offers. Worker access policies read like team access control (authenticate viewers against a policy), not a private-by-default share link. Whether Drop grows a lighter-weight gate for sending a deliverable to a client is unknown.
  • Any agent-facing path. The flow shown is browser drag-and-drop. No API, CLI, or MCP surface is visible for Drop itself.
  • Update semantics. Whether a claimed Drop site can be replaced in place at the same URL, or each drop is a new deployment, is not observable from the screenshots.

Drop or a publish primitive

The boundary that sorted the first five entrants sorts this one too: apps and pages are different shapes. If the folder you are holding is a site that belongs on your Cloudflare account, behind your domain, with observability and access policies, Drop looks like it will be a lovely on-ramp, and the anonymous first hour removes the last excuse not to try it.

If the thing you are holding is an artifact (a report for a client, a dashboard your agent regenerates nightly, a prototype that needs feedback rather than infrastructure), the trade flips. An artifact wants a private, unguessable URL by default because agent output routinely embeds real data. It wants replace-in-place so thirty revisions do not mean thirty URLs. It wants gates a recipient can pass without an account, and it increasingly wants to be published by the agent itself, over MCP or an API, with a read on how it landed afterwards. That half of the category is still the half the platform drops leave on the table, and it is the half Stacktree is built for.

FAQ

Frequent questions

What is Cloudflare Drop? +
Cloudflare Drop (cloudflare.com/drop) deploys a static site (HTML, CSS, JS) from a dragged folder or zip with no account. The site goes live in seconds on a public workers.dev URL, and you have 60 minutes to claim the deployment into a Cloudflare account before it expires. Launched 8 July 2026; we verified the flow by deploying through it at launch.
Is Cloudflare Drop released? +
Yes. It launched at cloudflare.com/drop on 8 July 2026, a day after James Ross spotted it in development. Official documentation does not exist yet; this living post tracks what we verified by using it, and will fold in the docs when they appear.
How long do unclaimed Cloudflare Drop sites last? +
Sixty minutes, verified: the moment our test deploy went live, the screen showed a "Claim (59:38)" countdown. There is also a "Copy claim link", so the claim can be handed to someone else. Claiming requires a Cloudflare account, which is where the anonymous part of the flow ends.
Is Cloudflare Drop the same as Cloudflare Pages direct upload? +
No. Pages direct upload has offered drag-and-drop zip/folder deploys for years, but it requires an account and a project first. Drop inverts the order: deploy anonymously first, see it live, then claim. The pre-release URLs are also workers.dev, suggesting Drop sits on Workers static assets rather than Pages.
Are Cloudflare Drop sites private? +
No. We checked the deployed test site directly: it serves publicly with edge caching and no access gating of any kind. The unguessable subdomain gives you privacy by obscurity, like an unlisted link, but there is no password, viewer gate, or expiry control in the flow. The pre-release dashboard screenshots show a "Control access" card (Worker access policies) behind the claim step, which is team access control, not a recipient-friendly gate.
What is "Markdown for Agents" in Cloudflare Drop? +
One of Drop's post-deploy cards reads "Make your site easy to explore for agents, showing up more in AI conversations." Cloudflare appears to be shipping agent legibility (a Markdown rendition of your site for AI crawlers and assistants) as a one-click hosting feature. It is the clearest signal yet that answer-engine visibility is becoming a standard hosting concern rather than an SEO afterthought.
Can an AI agent use Cloudflare Drop? +
Not really. The launch flow is a browser file-chooser plus a terms-consent dialog: human-shaped at both steps, with no API, CLI, or MCP path visible. Agents deploying to Cloudflare still use Wrangler or the API with account credentials. If your publisher is an agent rather than a human with a mouse, that is the gap to check.
How does Cloudflare Drop compare to Netlify Drop and Vercel Drop? +
Same gesture, third platform. Netlify Drop is the veteran; Vercel Drop shipped June 2026 aimed at AI-tool exports; Cloudflare's version adds the anonymous-first hour and the agent-legibility card. All three end in the same place: a public URL on the vendor's platform, claimed into an account, iterated via the platform's own tooling.
Keep reading

Related guides

References

Sources and further reading

Need the artifact version today?

Anonymous publish, private by default, same URL across revisions, and your agent can do it over MCP. The claim step is optional here too.

Sign up free →