Enabled Always Use HTTPS, some traffic still served without TLS

Hi, I set up my site on Cloudflare two days ago. I enabled “Always Use HTTPS” and also created a page rule like this:

If the URL matches: example.com/*
Then the settings are: Forwarding URL (301) - https://www.example.com/$1

Now under the SSL/TLS menu, at the Traffic Served Over TLS chart, it says there are 253 requests served without TLS. That is about 2.5% of all requests through Cloudflare in the last 24 hours.

I’m curious why there are still some traffic served without TLS? Did I do anything wrong?

I then used Cloudflare’s diagnostic center to assess my site and it says everything about encryption works. I haven’t enabled DNSSEC and HSTS though, do they have anything to do with this?

Thanks!

Just came up with one possibility: when a user manually type in my site’s URL, they sure wouldn’t include https. Does this count as a request served without TLS just before he/she is being redirected to https?

Thanks.

That’s exactly it. It’s normal, and nothing to worry about. You will always get some HTTP traffic, even if all of it is getting redirected.

You might consider enabling HSTS on the domain, which tells browsers to remember that you only use HTTPS. Just read the warning messages carefully before enabling.

OK, thanks for clarifying!

This topic was automatically closed after 30 days. New replies are no longer allowed.