How to Transfer Your Domain to Cloudflare (2026): Step-by-Step Guide with Cost Savings and Tradeoffs
Cloudflare registers domains at cost, but you give up email hosting and support. Here’s exactly how to do the transfer, what to watch out for, and whether it’s worth it.
Maxime Yao, research editor · Published 2026-05-23
The Tradeoff: At-Cost Domains vs. What You Give Up
Last updated: March 2026
Cloudflare sells domains at cost with zero markup. (Gregory Varghese blog) The catch: no email hosting, no phone or chat support, and mandatory Cloudflare nameservers. 4chan uses Cloudflare as their registrar. A trust signal, but not a promise of service for everyone. (Hacker News)
TL;DR
Cloudflare registers domains at cost, but you must use their nameservers and forgo email hosting and support. Use the three-filter decision below to see if the tradeoff fits your setup.
Prerequisites: What You Need Before Starting the Transfer
Check the 60-day lock before you do anything else.
Most transfer failures are avoidable. They happen because someone skipped one prerequisite. Spend 10 minutes on prep instead of 2 hours on troubleshooting.
Here is what you need before you touch the Cloudflare dashboard:
-
Domain unlocked at your current registrar. Log into Namecheap (or wherever the domain lives). Find the domain settings. Toggle the registrar lock to off. This is a security feature that prevents unauthorized transfers. You must disable it temporarily. (, Cloudflare blog)
-
EPP code (authorization code) from your old registrar. This is the password that proves you own the domain. Namecheap generates it in the domain settings panel. Copy it exactly. Case-sensitive. You will paste it into Cloudflare during transfer. (, Cloudflare blog)
-
No 60-day ICANN transfer lock. ICANN prohibits transfer within 60 days of registration or a previous transfer. This applies to gTLDs (.com,.org,.net) but not to most ccTLDs (.uk,.de,.io). If your.com domain was registered or last transferred less than 60 days ago, you cannot move it yet. (,, Cloudflare blog, Name.com)
-
DNSSEC disabled at the old registrar. Domain Name System Security Extensions adds cryptographic signatures to DNS records. If DNSSEC is enabled at Namecheap, the transfer will fail. Disable it in the domain settings before you start. Re-enable it after the transfer completes. Cloudflare handles DNSSEC automatically.
-
Registration renewed (if within 15 days of expiry). ICANN requires a one-year extension upon transfer. If your domain expires within the next 15 days, renew it at the current registrar first. The transfer will fail otherwise. (, Cloudflare blog)
For our worked example. A cost-sensitive individual blogger with a.com domain at Namecheap. The blocker is almost always step 3. If you registered the domain three months ago, you are past the lock. If you bought it last month, wait.
Action this week:
-
Log into Namecheap and check the domain unlock status.
-
Request the EPP code from the domain settings page.
-
Verify the registration date. If newer than 60 days, set a calendar reminder for day 61.
-
Disable DNSSEC in the Namecheap dashboard.
-
Confirm the domain is not within 15 days of expiry.
Step-by-Step Transfer: From Prerequisites to Propagation
6 steps. Under 5 minutes each. The order matters.
The official Cloudflare guide assumes you already know their dashboard’s sub-menus. Most guides skip the critical sequencing. Here is the exact path, with a worked example that follows our cost-conscious Namecheap blogger.
Step 1: Unlock the domain at your current registrar
Log into Namecheap (or GoDaddy, WP Engine, etc.). Find the domain management panel. Look for a lock toggle. Usually labelled “Domain Lock” or “Transfer Lock.” Turn it off. This allows the outgoing transfer.
Our blogger: “I clicked the lock icon in Namecheap’s Domain List. It turned green unlocked. 30 seconds.”
Step 2: Get the EPP authorization code
This is a unique string from your current registrar. Namecheap calls it the “Authorization Code.” Copy it exactly. Case-sensitive.
Step 3: Disable DNSSEC
If DNSSEC is enabled at your current registrar, turn it off. Cloudflare will re-enable it automatically after the transfer, but leaving it on during the move causes the transfer to fail.
Step 4: Add the domain to Cloudflare with full DNS setup
In the Cloudflare dashboard, click “Add Site” and enter your domain. Choose the Full Setup option (Cloudflare docs confirm this: ). Cloudflare scans your current DNS records. Verify they match your records at the old registrar.
Step 5: Change nameservers to Cloudflare
Cloudflare requires its nameservers before the transfer can complete (Cloudflare blog: ). After Step 4, Cloudflare displays its two nameserver addresses. Go back to your current registrar (Namecheap), enter those nameservers in the domain’s DNS settings. This propagates in minutes.
Step 6: Initiate the transfer
In Cloudflare dashboard, navigate to the Registrar section. Click “Transfer” and enter your domain. Paste the EPP code from Step 2. You’ll see a charge for the one-year extension (ICANN requires this. Typically around the cost of a renewal). Confirm, and you’re done.
Memory line: “Nameservers first, EPP code second, transfer third. Wrong order will fail.”
| Step | Action | Time | Registrar used | Notes |
|---|---|---|---|---|
| 1 | Unlock domain | <1 min | Namecheap | Toggle off Domain Lock |
| 2 | Get EPP code | <1 min | Namecheap | Authorization Code |
| 3 | Disable DNSSEC | <1 min | Namecheap | Must be off before transfer |
| 4 | Add domain to Cloudflare | 2 min | Cloudflare | Use Full Setup, verify records |
| 5 | Change nameservers | 2 min | Namecheap | Enter Cloudflare’s two NS addresses |
| 6 | Initiate transfer | 3 min | Cloudflare | Paste EPP code, confirm payment |
Worked example. Our blogger at Namecheap:
“I unlocked mydomain.com, copied the EPP code, disabled DNSSEC. Then I added the site to Cloudflare, changed the two nameservers at Namecheap, and entered the EPP code in Cloudflare’s transfer form. Five minutes per step. Total: under 20 minutes. The only friction was finding the domain lock toggle. It was buried under a ‘Advanced DNS’ sub-tab.”
After you click “Transfer,” Cloudflare sends a confirmation email to the registrant contact. Approve it. The rest is automatic. DNS propagates over the next few hours, with Cloudflare handling the rest.
Action this week:
-
Open Namecheap (or your current registrar) and unlock the domain.
-
Copy the EPP code to a secure note.
-
Disable DNSSEC if enabled.
-
Add the domain to Cloudflare and change nameservers.
-
Initiate the transfer.
-
Check your email and approve it.
The Math: How Much You Actually Save (and What You Lose)
The savings are real but small. Cloudflare charges at cost with zero markup. A retail registrar like Namecheap adds margin on top. The difference per domain per year is under $5.
The one-year ICANN extension means you pay an additional year at transfer time. That upfront cost pushes renewal out by 12 months, but you do not see savings until year two.
| Cost component | Cloudflare | Retail registrar | Difference |
|---|---|---|---|
| Annual renewal | At cost (no markup) | Marked up | Under $5/year |
| ICANN extension | One year added | Same requirement | None |
| Email hosting | Not included | Often bundled | $5-$15/month extra |
| Support | Community/forum | Phone/chat included | Hard to quantify |
| DNS + CDN integration | Included | Separate service | $20+/month value |
The hidden cost is email. If you need it, pay $5-$15/month separately. That cancels domain savings for most single-domain owners.
For a domain portfolio manager with 10+ domains, under $5 saved per domain adds up to $20-$50/year. But managing separate email across domains eats into that.
Memory line: Saving under $5 per domain per year won’t change your life. Consolidating DNS, CDN, and security under one dashboard might. No renewal surprises either. Cloudflare’s at-cost pricing means the price you see is the price you pay, with no hidden fees at renewal.
Action this week:
-
Count your domains. Multiply by approximately $3 estimated savings. If under $20/year total, savings alone do not justify the switch.
-
Price a separate email provider (Zoho Mail, Fastmail, or Google Workspace) if you currently rely on your registrar for email.
-
For 10+ domains, weigh portfolio savings against the time cost of managing separate email for each domain.
-
Run the same comparison for your specific TLDs. ## Limits & Objections: Three Failure Modes and Two Strong Counterarguments
The lack of support and mandatory nameservers are not just inconveniences. They are dealbreakers for certain use cases. Cloudflare is a registrar for people who don’t need a registrar’s typical services. Know your failure modes before you start.
No support. No email. Locked nameservers. For some, that’s fine.
-
DNSSEC not disabled before transfer. Cloudflare automates DNSSEC, but your old registrar may have it enabled. If you do not disable it at the current registrar and wait for propagation, the transfer will fail. Fix: disable DNSSEC at Namecheap (or your registrar) at least 48 hours before initiating the transfer.
-
Email hosted at your current registrar. If you use Namecheap’s free email forwarding or paid email hosting, it stops working after the transfer. Cloudflare does not offer email hosting. Fix: migrate email to a third-party provider (Google Workspace, Zoho, ProtonMail) before or immediately after the transfer.
-
Need phone support for an urgent issue. Some users report that Cloudflare’s non-paid support is slow and limited 1. If your domain goes down and you need immediate help, you will not get it from Cloudflare’s free tier. Fix: pay for Cloudflare’s support plan, or keep a registrar with phone support for critical domains.
| Counterargument | Who it fits | Why it works |
|---|---|---|
| ”I don’t care about support. My site is small.” | Individual bloggers, developers | The cost savings outweigh the risk. Your traffic is low, and DNS changes are rare. |
| ”I already use Cloudflare for DNS/security; consolidating simplifies management.” | Power users, high-traffic website owners | One dashboard for DNS, CDN, DDoS, and domain management. No need to juggle multiple logins. |
If you need phone support for a domain down scenario, do not transfer to Cloudflare. Assess your risk tolerance. If any failure mode applies to you, reconsider or proceed with a workaround plan. For the cost-sensitive individual blogger with a.com at Namecheap, failure modes 1 and 2 are manageable. Failure mode 3 is a non-issue. Your site can survive a few hours of downtime.
FAQ: Common Questions About Transferring to Cloudflare in 2026
Is the 60-day ICANN transfer lock still in effect?
Yes. ICANN rules still prohibit transfer within 60 days of registration or a previous transfer (Cloudflare blog). The 60-day lock applies to all gTLDs (.com,.org,.net) but not to most ccTLDs (.uk,.de,.eu).
When will the 30-day lock replace the 60-day lock?
ICANN voted to remove the 60-day lock and replace it with a 30-day lock (domainincite.com). Implementation will take at least 18 months from the vote. That means the 60-day lock stays in place until approximately mid-2027.
Does the 60-day lock apply to my.com domain from Namecheap?
If you registered or last transferred it within 60 days, yes. For our worked example. An individual blogger with a.com domain registered at Namecheap. Check your registration date before starting.
What triggers a new 60-day lock?
Registration, transfer, and certain registrant contact changes. WHOIS privacy updates are exempt (Name.com guide). If you changed your registrant details recently, you may be locked.
Transfer Checklist and Final Verdict by Buyer Archetype
For the cost-sensitive individual blogger with a.com domain at Namecheap: transfer. The math works. Gmail replaces email. No support needed for a personal site. Savings compound over five years.
| Archetype | Verdict | Reason |
|---|---|---|
| Individual blogger | Transfer | At-cost pricing; free Gmail for email; no support dependency |
| SMB owner | Do not transfer | Needs email hosting and phone support. Use Cloudflare DNS-only instead |
| Developer/DevOps | Transfer | Loves APIs, automation, and Cloudflare ecosystem integration |
| High-traffic site owner | Transfer if CDN/security priority | Performance gains justify the tradeoff. Have a backup plan for critical issues |
| Domain portfolio manager | Transfer all domains | $2/domain savings × 50+ domains. Bulk management in Cloudflare dashboard |
Checklist before you start:
-
Unlock domain at current registrar.
-
Get the EPP code.
-
Disable DNSSEC.
-
Check the 60-day ICANN lock status (gTLDs only).
-
Renew if within 15 days of expiry.
Action this week: Match your archetype above. If verdict is “transfer”, run the checklist and initiate. If verdict is “do not transfer”, move DNS to Cloudflare free tier for performance and security, but keep your current registrar for email and support.
Closing: The Chain Reaction. Small Saving, Big Consolidation
You might dismiss $2/year as meaningless. That is the wrong frame.
The real return is not the savings. It is the consolidation. One dashboard for DNS, CDN, DDoS protection, Workers, and Pages. No more logging into Namecheap for billing, then Cloudflare for performance, then a separate CDN dashboard. One pane.
Cloudflare sells domains at cost. The real return is less complexity, not less money.
For the individual blogger with a single.com domain, the time saved by skipping one login per month is worth more than the $2. For a domain portfolio manager, the compound effect of 50+ domains under one management view is hours saved per renewal cycle.
Run the three-filter test. If you pass, follow the step-by-step guide. If not, keep your domain at your current registrar and use Cloudflare’s free DNS-only plan.
About the Author
The decision is yours: transfer to save at cost, or keep your registrar for email and support. Cloudflare’s DNS-only tier is free either way.
Maxime Yao is a research editor focusing on cloud infrastructure and domain registrations. This guide synthesizes documented evidence from official sources and community discussion.
Sources
Footnotes
-
Hacker News. (2021) ↩