QuinStreet already runs its CDN, WAF, DDoS, Bot Management, Images and DNS on Cloudflare. These eight net-new capabilities — AI, API Shield, R2, Magic Transit, Email Security and Zero Trust — fold onto the same network and the same commercial agreement. Fewer vendors, one control plane, audit-ready logging for a data- and AI-driven performance-marketing business.
QuinStreet (NASDAQ: QNST) runs one of the web's largest "Research and Compare" performance-marketing marketplaces — matching online consumers to financial-services and home-services providers. Clients featured on its own site include Wells Fargo, Barclays, Esurance and LoanDepot. That business is API-heavy, PII-collecting and increasingly AI-driven — exactly where the eight net-new Cloudflare products below apply. Every one of them runs on the same network already serving images.quinstreet.com and can land under the existing agreement rather than a new vendor.
QuinStreet's edge is matching the right consumer to the right offer. AI Gateway puts a governed front door on every LLM call — caching, rate-limiting, spend caps and full request logging. Workers AI runs inference at the edge; Vectorize + AutoRAG do retrieval over QuinStreet's own data.
A lead marketplace is a mesh of APIs — real-time lead delivery, partner integrations, ping/post. API Shield discovers every endpoint and enforces schema, auth and volumetric limits inline at the edge, on top of the WAF QuinStreet already licenses.
High-value comparison forms invite scraping, fake-lead injection and credential abuse. Advanced Rate Limiting counts on any request attribute — session, JSON body field, API token — to throttle abuse without touching real consumers. Activatable on QuinStreet's existing App Security Advanced entitlement.
QuinStreet's comparison pages collect financial PII inside the browser — the exact target for Magecart and rogue third-party scripts. Page Shield monitors every client-side script and connection, alerting on unexpected data exfiltration — a control examiners in financial verticals expect.
QuinStreet already delivers images from Cloudflare while its web tier runs on Google Cloud — every asset pulled across a cloud boundary is a recurring egress charge. R2 charges $0 egress, making it the natural origin for the Images already on Cloudflare, plus data exports feeding the AI stack.
The corporate origin resolves onto Lumen (Level 3) IP space, protected at L7 by Cloudflare but not at the network layer. Magic Transit extends Cloudflare's DDoS mitigation to whole IP ranges via BGP — covering data-center and origin infrastructure, not just HTTP.
QuinStreet's mail routes through Mimecast for gateway security today. Cloudflare Email Security delivers pre-delivery phishing, BEC and malware defense on the same platform as the rest of the stack — one vendor, one set of logs, no separate mail-security appliance.
QuinStreet runs Netskope for SSE today.* Cloudflare One collapses SWG, DNS filtering, CASB, DLP and ZTNA onto the same network already in front of QuinStreet — one agent, one policy engine, keyed off the existing Okta SSO, with unified logs for FTC/FCC/CFPB audit. Includes Shadow-AI controls — discover and DLP GenAI use — on the platform you already own.
QuinStreet acquired HomeBuddy to scale Home Services (a record segment approaching a ~$0.5B annual run-rate). HomeBuddy already runs on Cloudflare — but on its own zone. Consolidate homebuddy.com (and future acquisitions) under QuinStreet's Enterprise agreement (Q-500031): one contract, one control plane, unified billing, and QuinStreet's enterprise WAF, Bot Management, Advanced DDoS and App Security Advanced policy applied to the acquired brand — faster synergy capture with no new vendor.
| Function | Today | How it was identified | On Cloudflare |
|---|---|---|---|
| Image / asset delivery | Cloudflare on CF | images.quinstreet.com → cdn.cloudflare.net | Already on Cloudflare |
| Corporate web | WP Engine (WordPress) | x-powered-by: WP Engine; apex on Lumen | Extend existing CDN / WAF |
| AI traffic control | Ungoverned LLM calls | "Performance Drives Digital" match model | AI Gateway + Workers AI net-new |
| API protection | WAF rules (App Sec Advanced) | Lead marketplace is API-driven | API Shield net-new |
| Client-side / forms | Unmonitored JS on PII forms | Financial comparison forms observed | Page Shield net-new |
| Origin storage / egress | Cross-cloud (GCP web tier) | www → 35.225.243.26 (Google Cloud); NS awsdns-* | R2 (egress-free) net-new |
| Email security | Mimecast | MX us-smtp-inbound-*.mimecast.com | Email Security net-new |
| Network DDoS | Lumen origin, no L3 mitigation | apex A 173.226.108.136 (Lumen) | Magic Transit net-new |
| SSE / secure access | Netskope* | *per account-team (not public recon) | Cloudflare One net-new |
| Acquired brands (M&A) | HomeBuddy — own Cloudflare zone | homebuddy.com → Cloudflare (cf-ray; ns.cloudflare.com) | Fold into Enterprise contract |