I have “Always Use HTTPS” turned on in Cloudflare but there appears to still be insecure traffic.
It’s most likely not getting to your server. Full/Strict uses HTTPS to connect to your server. But there are always going to be crawlers and visitors who try reaching your site with HTTP before they get redirected to HTTPS.
So the people/bots/crawlers are getting redirected to HTTPS but the initial connection is HTTP?
Cloudflare’s stats should still reflect the HTTP hits, even if they are redirected to HTTPS. But your server should not see these requests, so you might want to check your own logs just to compare.
I have figured it out now, a moderator can close this topic.