Non-SSL Traffic

Website, Application, Performance Security
1

Answer these questions to help the Community help you with Security questions.

image
image1078×358 10.6 KB

I’ve got a website running on Cloudflare for a while, and noticed that a bunch of requests have been non-SSL even with the following enacted on Cloudflare:

  1. HSTS
  2. Total TLS
  3. Enforce HTTPS
  4. HTTPS Rewrite on
  5. SSL through Cloudflare

Have you searched for an answer?
I’ve searched for the answers, and found common setup, which I have on my site but SSL still keeps getting bypassed for a couple requests each day. I want to completely 100% prevent any non-SSL traffic.

What could be the issue, if it’s not the basic Cloudflare settings? Are people forcing non-SSL by way of headers? I’ve got anything except “GET” blocked.

4

If you have all those tools to enforce HTTPS, it means that some traffic must arrive at your domain as HTTP, right? If that wasn’t the case, why would anyone enforce HTTPS? Bots may request HTTP even if you enable HSTS, and though they are either blocked or redirected, this is still considered traffic, as far as analytics go.

5

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.