In order for cloudflare to work for me I have to use full mode vs strict mode. Is it safe to take my customer’s sensitive information (such as credit card information) using full mode? Thank you!
Full mode does provide encryption but does not verify the certificate, so anyone on the line could technically hijack the connection and present their own certificate.
The only secure mode is “Full strict”, as that will verify the certificate just like any browser will do.
You should always use only “Full strict”, even more so when you have such sensitive information.
Still, keep in mind the information will still be decrypted on Cloudflare’s side and then re-encrypted, so you won’t have real end-to-end encryption, but that’s a different story of course. When it comes to transport security → Full strict.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.