Is it safe to enable Full (Strict) and HSTS on domains that literally just forward to other domains via Page Rules? For Full (Strict) it says “requires a trusted CA or Cloudflare Origin CA certificate on the server”, but there is no origin in this case – at least on my end. I can’t seem to find a definitive answer to this. I have universal SSL enabled, of course. Thanks!
If you’re forwarding everything via Page Rules and have no actual origin, those settings don’t much matter. At least, not for the domain that’s being forwarded from anyhow. If the destination domain is also on Cloudflare though, it should be using Full (Strict). When creating the page rule(s), have it forward to the destination domain using HTTPS.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.