Full SSL x Flexible with HSTS enabled

Hello. My website always used Flexible SSL by Cloudflare, I didn’t created a certificate to put inside my server to enable the Full SSL (Strict).

Is it fine to use the Flexible SSL with HSTS enabled or will it give me some trouble and requires Full SSL (Strict) enabled?


Hi @bruno21,

It’s perfectly acceptable. Go without worry.

All the sites I manage have HSTS enabled and 100% of them are running with Flexible SSL for years.


If you enable HSTS, and don’t have SSL on your server, then visitors won’t be able to return to your site if you go off of Cloudflare and lose SSL. HSTS tells browsers to always use SSL when visiting your site, and if you don’t have SSL at some point, browsers won’t let users return to the site without SSL. And if you use HSTS preload, then you’re really stuck, as all browsers will refuse to connect to your site without SSL.

If your server can include SSL for your domain, you really need to do this for a fully secure connection that will remain if you disconnect from Cloudflare.


Thanks for your fast response =)

1 Like

Thanks friend =)


It is not I am afraid.

Basically, your site is still insecure.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.