So, I went to my website at 3:28 PM and I was somehow able to access http:// when I set a Cloudflare page rule to force https:// on every part of the domain (even sub-domains)…
I verified that this happened by going to cPanel -> Visitors and sure enough there was a log saying my ip accessed the site using http:// and not https:// (screenshot below)
(the second listing that says “faded.pw” is only shown when http:// is accessed by an ip, it usually only shows “faded.pw (SSL)” because my Cloudflare page rule redirects all traffic to https://)
Here’s the page rule I set:
I’m wondering how this happened as I set a page rule to force https:// and do I have to worry about security now?