WE scaling MCP adoption at Cloudflare with a reference architecture aimed at simpler, safer and cheaper enterprise deployments, as of 14 April 2026. According to Cloudflare, the approach combines remote MCP servers, Cloudflare Access for authentication, MCP server portals for centralised discovery and governance, and AI Gateway to manage costs and switch between LLM providers.
A centralised governance model avoids the security liabilities of locally hosted MCP servers, with a templated framework that speeds up deployment and provides audit logging, CI/CD pipelines and secrets management for new remote MCP servers.
The piece highlights how Code Mode with MCP server portals drastically reduces token use—from 9,400 tokens for 52 tools to roughly 600 tokens across two portal tools, a 94% reduction—and explains how Code Mode is activated via a portal URL parameter, codemode=search_and_execute. It also describes Shadow MCP detection using Cloudflare Gateway to identify unauthorized remote MCP servers and notes that public-facing MCP servers can be protected by AI Security for Apps behind the Cloudflare WAF.