Considerable attention has been paid by researchers to social media platforms, especially the ‘big companies’, and increasingly also messaging applications, and how effectively they moderate extremist and terrorist content on their services. Much less attention has yet been paid to if and how infrastructure and service providers, further down ‘the tech stack’, deal with extremism and terrorism. Content Delivery Networks (CDN) such as Cloudflare play an underestimated role in moderating the presence of extremist and terrorist content online as it is impossible for these websites to operate without DDoS protection. This is evidenced by the takedown of a wide range websites such as The Daily Stormer, 8chan, a variety of Taliban websites and more recently the organised harassment site Kiwifarms following refusal of service by Cloudflare. However, it is unclear whether there is any formal process of content review conducted by the company when it decides to refuse services. This article aims to first provide an analysis of what extremist and terrorist websites make use of Cloudflare’s services as well as other CDNs, and how many of them have been subject to takedown following refusal of service. Following this the article analyses CDNs’ terms of service and how current and upcoming internet regulation applies to these CDNs.