HSTS and SSL Mode

Is SSL:Strict page rule would be after all two redirects in chain when HSTS enabled (http://example.com -> https://example.com -> https://www.example.com) OR before redirection chain Page Rules list ?

Thank You!

Your question is not very clear.

SSL mode, HSTS, and any redirects are separate things.

HSTS just adds a header to any relevant HTTPS responses. It does not perform any redirects in Cloudflare.

SSL mode determines whether Cloudflare talks to your origin server over HTTP or HTTPS, and if the cert needs to be valid or not.

And redirects are just redirects done at by Cloudflares edge, so don’t involve your origin at all.

SSL (Strict) only comes into play if a request is being made to your origin.

My preferred configuration is to enable HSTS, Always use HTTPS and Full (Strict) at the domain level (i.e. not using Page Rules), and to specify https explicitly in page rules.

1 Like

Thank You, Michael for answer!

I know the difference between SSL and HSTS/redirects, but because a little bit newbie in “how core of CloudFlare working”, just asking to ensure that I all understanding right.

Thank You again one time!
Have a nice day!

This topic was automatically closed after 30 days. New replies are no longer allowed.