NONE - Not Secure

Is it a bad thing?

I’m on strict ssl

also, I received this email:

Cloudflare has observed issuance of the following certificate for springfield-ohio-post.com or one of its subdomains:

Log date: 2019-11-30 15:54:03 UTC
Issuer: CN=CloudFlare Inc ECC CA-2,O=CloudFlare, Inc.,L=San Francisco,ST=CA,C=US
Validity: 2019-10-29 00:00:00 UTC - 2020-10-09 12:00:00 UTC
DNS Names: sni.cloudflaressl.com, springfield-ohio-post.com, *.springfield-ohio-post.com

is there a way to test or know if this is good?

This is generally coming from visitors that have never visited your site before. The “none” are being redirected to https, after which the browser knows to only connect via https.

If you want browsers to go to HTTPS before attempting HTTP, you can set up HSTS and HSTS preload. This means the browser has your domain in the list of domains it absolutely needs to never try to use http for. The only downside to this is that you will always need a valid SSL/TLS certificate if you want browsers to be able to reach your site.

1 Like

Thanks judge, but i’m already set up to hsts and preload of hsts

HTTP Strict Transport Security (HSTS)

Enforce web security policy for your website.

Status: On
Max-Age: 6 months (Recommended)
Include subdomains: On
Preload: On

You also have to submit your website to that preload site (hstspreload.org) for preload to work, and it will then take a few months before every browser has the updated preload list.

Even then, any clients that don’t use the preload list (like API clients, some scrapers, etc) might still show up as non-TLS in that screen.

2 Likes

Wow…I did not know this. Thanks!