I’m concerned about the security of websites using free Cloudflare SSL certificates.
While I think it’s amazing that Cloudflare offers the ability to secure any websites using SSL even when the host is incapable of offering SSL, as a visitor I feel deceived when a website doesn’t let me know that the website is being transported insecurely. Now I understand that Cloudflare needs to have the content decrypted regardless but when I connect to my website (that has HSTS and Full (Strict) setup) I’d like to be able to verify that that connection was indeed securely encrypted from my client all the way to the server and that no malicious actor intercepted it at any point (other than by hacking Cloudflare itself).
Is there, for example, an HTTP header or field in the certificate that can tell me: Hey, this SSL connection uses the Flexible / Full method or some other way I can verify that my connection is fully encrypted?
Thanks in advance for your reply,