diff --git a/docs/reverse-proxy.md b/docs/reverse-proxy.md
index c6fd4b16..23c61c26 100644
--- a/docs/reverse-proxy.md
+++ b/docs/reverse-proxy.md
@@ -15,6 +15,10 @@ The reverse proxy MUST be configured to support WebSockets, as it is needed for
 
 WebSockets support is required when using the headscale embedded DERP server. In this case, you will also need to expose the UDP port used for STUN (by default, udp/3478). Please check our [config-example.yaml](https://github.com/juanfont/headscale/blob/main/config-example.yaml).
 
+### Cloudflare
+
+Running headscale behind a cloudflare proxy or cloudflare tunnel is not supported and will not work as Cloudflare does not support WebSocket POSTs as required by the Tailscale protocol. See [this issue](https://github.com/juanfont/headscale/issues/1468)
+
 ### TLS
 
 Headscale can be configured not to use TLS, leaving it to the reverse proxy to handle. Add the following configuration values to your headscale config file.