On my Cloudflare dashboard I have enabled “Always Use HTTPS” and I’m using “Full” “SSL/TLS encryption mode”. Despite this users in chrome can access the website via http. Also Cloudflare is reporting “not secure” content being shared since this was enabled. I have reviewed the page source and there are no http:// links. Why is Cloudflare still serving unencrypted content? Thank you!
It appears that this is happening because of other websites cookies. Despite setting the following in apache config:
Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure
Unsecure cookies are still on the page. Can Cloudflare do anything to help prevent this?
It’s most likely not the cookies. It’s probably Mixed Content. What’s the domain?
This topic was automatically closed after 30 days. New replies are no longer allowed.