I was wondering if someone knows a way to determine if a website, protected by Cloudlfare, is secured between the Host and the Cloudfare’s datacenter.
I mean, is it possible to determine if a website use Flexible, Full or Full Strict models from an external view (audit) ?
The situation is : one of my vendor use Cloudfare and claims that he is ISO27001 and PCI-DSS compliant. Just want to make sure that this is not bullshit.
Thanks a lot.