Scout notes Tested 2026-05-07 · cloudcannon.com · Cloudflare-fronted SaaS

CloudCannon in 2026: a SaaS git-CMS with unlimited sites, user-based pricing, and a Forestry correction

CloudCannon is the granddaddy of the "CMS for static sites" category — they were running visual editing on Jekyll repos in 2014, years before Netlify CMS (now Decap) or TinaCMS existed. We originally misread the Forestry.io story; correction: TinaCMS is the successor to Forestry.io, while CloudCannon is a separate company in the same category. We wanted to see how CloudCannon's public surface holds up in 2026: pricing, docs, the Git-based editing pitch, and the question every team asks before signing a SaaS contract — what do we get for the money that we couldn't run ourselves on a Decap admin and a GitHub Action? We did the boring version: real curl, real screenshots, no NDAs, no enterprise call.

Updated 2026-06-16

CloudCannon reached out after publication and corrected two material points. We removed the old Forestry-acquisition framing and fixed the pricing section: CloudCannon plans include unlimited sites and are not priced per site.

Context

We're the team behind SimpleReview, a Chrome extension that turns the element you click on a broken admin into a draft code-fix PR. We're not affiliated with CloudCannon, we don't host a paid customer site there, and nothing here is from a sales call or NDA briefing. This is a hands-on write-up from one Linux box with curl and headless Chromium against the public marketing site on the date above. Numbers come from the public pricing page, not a quote. If something below is out of date or wrong, open a GitHub issue and we'll fix the page.

What CloudCannon actually is, in one paragraph

CloudCannon is a fully-managed SaaS that runs your Jekyll, Hugo, Eleventy, Astro, or SvelteKit build for you, hosts the result on their CDN, and bolts a WYSIWYG editor on top of the Markdown / data files in your git repo. You connect a GitHub, GitLab, Bitbucket, or Azure DevOps repo; their build farm clones it, runs hugo or jekyll build or npx astro build on every push; non-technical editors get a visual editor that commits Markdown / data-file changes back to a branch; the same farm rebuilds and serves. It's the same idea Decap and TinaCMS implement open-source — content lives in git, not a database — but instead of you stitching together a build pipeline, an OAuth provider, and a host, CloudCannon owns all three.

Practically: if you've been building Jekyll sites for clients and the friction was always "the editor wants to fix a typo without learning git", CloudCannon is the path of least resistance. If you're a solo developer who's already comfortable with git push → Cloudflare Pages, you're paying for a managed editing workflow you may not need.

The marketing site, taken at face value

cloudcannon.com on 2026-05-07. Tagline is "Git-based CMS built for speed, security, and zero headaches". The hero animation cycles through a Jekyll-style page being edited in their visual editor. The pinned banner up top advertises forty Astro components — Astro is clearly the SSG they're betting on for the next cohort, after Jekyll's slow decline and Hugo's plateau.

Curl is more useful than the visual: the homepage is served behind Cloudflare with a public cf-ray, cf-cache-status: HIT, and a custom cc-cache-status / cc-perf pair. The access-control-allow-origin: https://app.cloudcannon.com header tells you the SaaS app domain is split off the marketing one, which is the right architecture for a CMS but worth knowing if you're SSO-debugging:

$ curl -sI https://cloudcannon.com/
HTTP/2 200
content-type: text/html; charset=utf-8
cf-ray: 9f869fab585f3a9a-FRA
cf-cache-status: HIT
access-control-allow-origin: https://app.cloudcannon.com
cache-control: s-maxage=2419200, max-age=0, must-revalidate, public
cc-build-id: 21598202
cc-cache-status: HIT
cc-perf: fetch-headers=29;t=31

That cc-build-id: 21598202 is interesting — it's the same kind of build identifier their customers' sites would carry, exposed on their own marketing site. CloudCannon eats its own dog food, which is reassuring.

Pricing: what $10, $55, and $350 actually buy

CloudCannon pricing page — heading 'Plans for all your content needs', subhead 'Designed for organizations of all sizes', Monthly/Yearly toggle with Yearly highlighted blue — `cloudcannon.com/pricing` hero, refreshed 2026-05-08 at 1440×950. Toggle defaults to Yearly (cheaper-looking sticker price). Numbers below are extracted from the page HTML, not a quote.

The four public tiers, scraped straight out of the rendered page. We originally described these as per-site prices; that was wrong. CloudCannon's plans include unlimited sites and scale mainly by users, bandwidth, domains, and team features.

Plan	Price	Included users	Headline scope
Lite	$10/mo	1	Unlimited sites, 20 GB bandwidth, 1 custom domain
Standard	$55/mo	3	Unlimited sites, 110 GB bandwidth, 5 custom domains, marked "Recommended"
Team	$350/mo	15	Unlimited sites, higher limits, build deploys, team features
Enterprise	— (call us)	custom	SSO, audit log, sales-led support

The pricing model is user-based, not per-site. Additional users are listed at $10/month per user, but the site count itself is unlimited across the plans we saw. For a single corporate site with five locales and a content team of three, Standard covers the whole team at $55/mo; a fourth user would make it $65/mo. For a freelancer or agency running multiple small client sites, the better question is bandwidth, custom domains, and whether clients need their own editor seats, not whether each site adds another base-plan fee.

The Decap / TinaCMS comparison is still unflattering on raw cost: a Decap admin on Cloudflare Pages with a Workers OAuth proxy is $0/mo at this traffic level. The honest answer for the price gap is that CloudCannon is selling the same thing AWS sells against EC2-on-bare-metal — they own the operational burden. If your editor is non-technical and the cost of a one-week debugging session for "the GitHub OAuth flow stopped working" exceeds the plan price, CloudCannon's price is justified. If you have a developer on retainer, it depends how much of that managed workflow you actually use.

Documentation: refreshed in 2026, search-first

CloudCannon documentation home — 'How can we help?' heading, central search box 'Search documentation...', User Documentation card on the left, Developer Documentation card on the right, banner reads 'Loving our new documentation website?' — `cloudcannon.com/documentation/` on 2026-05-07. The blue banner reads "Loving our new documentation website? Provide feedback in the CloudCannon Community" — meaning the docs site itself is fresh enough that they're still soliciting feedback on it. Two tracks (Users vs Developers) is the right split for a tool that has to onboard editors and devs at once.

The split into User / Developer is meaningful: editor-facing docs talk about visual editing, the slug field, and managing assets; developer docs cover the cloudcannon.config.yml manifest, build hooks, and the SDK for embedding their editor mode into a custom UI. Decap and TinaCMS docs are written for one audience (developers), which is fine for their open-source positioning but less workable when the customer is "marketing director who needs a CMS for the dev team they hired".

The Forestry / TinaCMS trail, corrected

Correction after CloudCannon feedback: CloudCannon did not purchase Forestry.io. TinaCMS is Forestry.io's successor; CloudCannon is simply another long-running product in the same git-CMS category. We still tested the public Forestry-related paths because they are relevant comparison traffic for buyers researching static-site CMS options.

$ curl -sI https://cloudcannon.com/forestry-migration/
HTTP/2 404

$ curl -sI https://cloudcannon.com/forestry/
HTTP/2 404

$ curl -sI https://cloudcannon.com/documentation/articles/migrate-from-forestry/
HTTP/2 404

$ curl -sI https://forestry.io/
HTTP/2 301
location: https://tina.io/forestry/

CloudCannon 404 page — heading '404', subhead 'Uh oh, where did the page go?', body 'We're sorry, it looks like we have misplaced it somewhere. In the meantime, just head home', blue Homepage button — `https://cloudcannon.com/forestry-migration/` in a real browser tab. CloudCannon's friendly 404 — except the page being missing is the story.

What we observed

forestry.io 301-redirects to tina.io/forestry/, which makes sense once you understand that TinaCMS is the continuation of Forestry.io. The CloudCannon URLs above 404 because CloudCannon was not part of that Forestry/TinaCMS transition; our earlier framing was incorrect.

The useful buyer-facing takeaway is narrower: anyone comparing git-CMS products through old Forestry queries will naturally land in TinaCMS material first. CloudCannon does not need an acquisition-style migration page, but a CloudCannon-hosted comparison or "Forestry alternatives" guide could still help searchers understand where CloudCannon fits.

For a buyer evaluating CloudCannon today, this matters only as positioning context. TinaCMS owns the Forestry continuity story; CloudCannon's argument is different: hosted builds, visual editing, editor workflow, support, and operational ownership for static-site teams.

The app domain: a mild surprise

Plain 404 page — large faded '404!' background text, heading 'The page you were looking for doesn't exist', body 'You may have mistyped the address or the page may have moved' — `https://app.cloudcannon.com/login` in a real browser. There's no public login form at the obvious URL — login presumably goes through a different path or requires existing session state from the marketing site's "Start with a trial" button.

This is fine — most SaaS apps gate the login URL on a redirect from the marketing site — but it's a small example of "the public surface is not the same as the customer surface". Decap and TinaCMS, by contrast, expose the entire admin to anyone who points a browser at their /admin/ folder. Different model, different threat surface; CloudCannon's is harder to fingerprint, which is the right call for a paid SaaS.

What we measured against the public site

Metric	Value	Notes
Homepage HTML size	217 KB	Single curl, gzipped on the wire
Pricing page HTML size	406 KB	Pricing table renders without JS — good for SEO
Edge cache hit on Cloudflare	HIT	Both `cf-cache-status` and custom `cc-cache-status`
Time to first byte (homepage)	~190 ms	EU server → Cloudflare FRA edge
Tier price floor	$10/mo	"Lite", 1 included user, unlimited sites
Recommended tier	$55/mo	"Standard", marked Recommended on the page
Forestry migration page	404	Across three obvious URL patterns
SSGs surfaced on hero	Hugo, Jekyll, 11ty, Astro, SvelteKit	Astro pinned in announcement banner

Where CloudCannon fits, where it doesn't

CloudCannon is the right answer when: the editor is non-technical and the dev team's time is more expensive than the CloudCannon plan; you want Jekyll or Hugo specifically (Astro support is newer, the polish around Jekyll is fifteen years deep); you're migrating from a WordPress monolith and you want a stepping-stone that keeps editor experience comparable while moving the architecture to static; the dev team has zero appetite for owning a build pipeline.

CloudCannon is the wrong answer when: you're a solo developer with a side-project blog (Decap on Cloudflare Pages is free and works); you have an opinionated build pipeline already (CloudCannon assumes it owns the build, working around that is fighting the product); the editor team is technical and PR-based content review is a feature, not a friction (in which case Decap's editorial workflow gives you the same flow at $0); you need a content database with relations, role-based permissions, and a media library for video — that's not what git-CMSes are for, look at Strapi or Directus.

Three things we'd change about the public site

Own the "Forestry alternative" comparison, not the migration story. Since TinaCMS is the Forestry successor, a CloudCannon page for people searching old Forestry terms should be a clear comparison page, not an acquisition-style migration page.
Make the unlimited-sites pricing clearer above the fold. "Unlimited sites" is a strong point for agencies and multi-site teams. It deserves to be visible earlier than the fine-grained plan details because it changes the scale math substantially.
Lean into Astro on the hero, not just the announcement banner. The announcement bar reads "40+ ready-made Astro components, built for visual editing — clone them, brand them, ship them!" — which is the strongest commercial line on the whole site, but it's stuck in a dismissable strip. Astro is where the new mid-2020s static-site builds are landing; CloudCannon's bet is right, the placement on the page is wrong.

Where this fits

One short, honest write-up per CMS we run, deploy, or scout. Adjacent in the same series: Decap CMS 3.12 in 30 lines, TinaCMS self-host on Docker, Ghost 5 on Docker SQLite, Open WebUI on Linux Docker, Dify 1.14.0 docker-compose. SimpleReview is the Chrome extension that turns whatever element you click on a broken admin — including a CloudCannon visual-editor field that's autosaving the wrong slug — into a draft code-fix PR you can ship without leaving the page.