On my Cloudflare dashboard I have enabled “Always Use HTTPS” and I’m using “Full” “SSL/TLS encryption mode”. Despite this users in chrome can access the website via http. Also Cloudflare is reporting “not secure” content being shared since this was enabled. I have reviewed the page source and there are no http:// links. Why is Cloudflare still serving unencrypted content? Thank you!
It appears that this is happening because of other websites cookies. Despite setting the following in apache config:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Unsecure cookies are still on the page. Can Cloudflare do anything to help prevent this?
It’s most likely not the cookies. It’s probably Mixed Content. What’s the domain?