I started using Cloudlfare 4 days ago and I’m having some issues that I would love some help with or clarification on.
Loading speeds haven’t improved much, if at all, since I started using Cloudflare and Rocket Loader. I suspect this may be because Cloudlfare is only serving my blog, or perhaps focusing on it. My main website and my blog are both hosted on the same domain/IP/host. mydomain and www.mydomain point to the main website, and blog.mydomain points to the blog. The speed tab only shows the blog, which has indeed seen improvements (which weren’t necessary to begin with) from 1.5s to under 1s. My main website however still takes up to 7 seconds to load, and that’s the main reason I started using Cloudlfare. Rocket Loader is loaded along with my main website, and when it’s offline I do get the Cloudflare notice (instead of a cached version of the website) but there don’t seem to be any speed advantages to using Cloudflare at this point. All assets are still loaded from my website, and not from Cloudflare.
SSL options. I don’t understand them at all, although everything seems to be working fine despite not having configured anything related via Cloudflare beyond. From the reading I did, Cloudflare should use my SSL certs to communicate with my origin server, but users will use Cloudflare’s certs to communicate with Cloudflare. If that’s the case, then why should I provide Cloudlfare with my certs? Isn’t that potentially dangerous? And the option of having Cloudflare generate certs for me doesn’t seem logical either since I already have my own.
Ever since starting to use Cloudflare, my HSTS header max-age has been changed to 0. My configuration hasn’t changed, but that’s the reported max-age.
Is there a way to set certain security parameters for all cookies via Cloudflare? Since they’re the final endpoint for my website, and they add their own cookies as well.
What exactly do you mean by that? They are not being cached? Whats your domain?
Absolutely correct.
Actually, you cant unless you are on a business plan. You simply use these two certificates in their respective places and thats it, no need to send your private key to Cloudflare.
Have you enabled HSTS on Cloudflare?
Which cookies? Your own cookies are simply tunnelled through.
Your resources do not seem to be cached right, you most likely send an HTTP header which prevents Cloudflare from caching them. Check that you are not sending of that.