Is it a bad thing?
I’m on strict ssl
also, I received this email:
Cloudflare has observed issuance of the following certificate for springfield-ohio-post.com or one of its subdomains:
Log date: 2019-11-30 15:54:03 UTC
Issuer: CN=Cloudflare Inc ECC CA-2,O=Cloudflare, Inc.,L=San Francisco,ST=CA,C=US
Validity: 2019-10-29 00:00:00 UTC - 2020-10-09 12:00:00 UTC
DNS Names: sni.cloudflaressl.com, springfield-ohio-post.com, *.springfield-ohio-post.com
is there a way to test or know if this is good?
This is generally coming from visitors that have never visited your site before. The “none” are being redirected to https, after which the browser knows to only connect via https.
If you want browsers to go to HTTPS before attempting HTTP, you can set up HSTS and HSTS preload. This means the browser has your domain in the list of domains it absolutely needs to never try to use http for. The only downside to this is that you will always need a valid SSL/TLS certificate if you want browsers to be able to reach your site.
Thanks judge, but i’m already set up to hsts and preload of hsts
Enforce web security policy for your website.
Status: On
Max-Age: 6 months (Recommended)
Include subdomains: On
Preload: On
You also have to submit your website to that preload site (hstspreload.org) for preload to work, and it will then take a few months before every browser has the updated preload list.
Even then, any clients that don’t use the preload list (like API clients, some scrapers, etc) might still show up as non-TLS in that screen.
Wow…I did not know this. Thanks!
This topic was automatically closed after 31 days. New replies are no longer allowed.
