Remove Shopify Headers

Hi, I need to have “headers removed” from my client’s domain so that they can connect to Shopify correctly to generate a new SSL. I see that others have been having this issue but I haven’t found any thread that resolves it.

My client has no knowledge of ever having a Cloudfare account so they have no paid plan or login to allow me to contact support. I’ve created this account hoping I can get some type of support or understanding of how we can separate their domain from Cloudfare. GoDaddy and Shopify both say they don’t have authority to remove what’s blocking the SSL generation and causing DNS issues.

I tried to submit a ticket (# 2338421) but it was closed because I don’t have a paid account.

Any help would be greatly appreciated. Thank you!

Please ask Shopify to tell you exactly which headers need to be removed. I always seen between 5 and 8 headers Cloudflare uses. It’s important that Cloudflare not remove the wrong headers. As soon as you hear back from Shopify with the necessary header information, Cloudflare can fix the issue.

Thank you for the response. I am trying to get this information from them still FYI so please keep this open. Thanks!

1 Like

@sdayman I currently can’t get Shopify to tell me what the headers are. They repeat the same thing like robots or tell me someone is looking into it and then send me an email with the same vague response. Unbelievable. I’m following up for the 5th time today.

Sorry for my ignorance here, Cloudfare was set up by a previous web agency and we have no insight into what it’s doing on our site. But could a potential solution be to remove Cloudfare completely and return the GoDaddy domain to its original state so that it can directly connect to Shopify?

The website was previously setup on LightSpeed e-commerce. If Cloudfare was being used to create an SSL then maybe it can be scrubbed and let Shopify take over that function?

I’m attaching a screenshot of some SSL information I found in case it’s helpful at all.

I apologize if this is a dumb question, I am just desperate at this point.

Hi @AnnaJ,

I’m afraid to say Shopify are talking nonsense. There are no Cloudflare headers to be removed, what is actually most likely is that you used a previous provider who used Cloudflare and they have not properly released your domain.

Please contact your old provider and ask them to remove any Cloudflare configurations for your domain, specifically SSL for SaaS / Custom Hostnames.

If you contact Shopify and they mention Cloudflare headers, ask them if they are referring to a Custom Hostname that was part of an old SSL for SaaS implementation on the domain. Ask them to follow the process to create an HTTP ownership_verification record.

If you try both of the above and they say they are unable to help you, please let us know and we’ll have to escalate it. Cloudflare Support will then ask you to verify domain ownership of the domain by adding a txt record to the domain in order to verify domain ownership. This will likely take significantly longer than the other two options so it should only be a last resort.

I totally agree Shopify is talking nonsense. I appreciate both you and @sdayman responding to me, Cloudfare has been the only helpful side in this nightmare.

Another very novice question, but, does the “previous provider” mean the system our website is built on – Lightspeed E-Commerce?

I will definitely ask Shopify about the custom hostname and send them that process. Thank you. I will loop back around once I try these.

No problem!

It may well be, if they also use Cloudflare SaaS like Shopify then they would be the best people fo fix this. I have seen other topics mentioning them so most likely it will be.

Great, I really hope at some point that Shopify can send people to the right place instead of in circles :sweat_smile:



On my latest chat they admitted it’s not “headers” and said the past advisors must have been confusing SSL and headers. Their direction:

The previous SSL certificate you had is not expired so it does need to be removed before one can be created from us. If Cloudflare can remove these, you can email me directly after this is done so I can provision new ones for you.


:partying_face: Hopfully they passed that on to the rest of their support team so they can stop saying that to everyone :sweat_smile:

This still isn’t quite right, but we’re getting closer!

1 Like

Could I essentially ask GoDaddy to disable Cloudfare? It seems they should have ultimate control over the domain since it’s hosted there and all these other services are only trying to connect to it.

I don’t think GoDaddy use Cloudflare or have any control over this. It’s most likely Lightspeed who will need to remove the domain from Cloudflare.

GoDaddy agreed they don’t use or have control and said the existing SSL needs to be removed by Cloudfare. :disappointed:

Here’s Lightspeeds response:

It is not possible to do that on our end, since the SSL configurations are automatically generated. Support agents are not trained in networking and unfortunately unable to offer advice on that matter, sorry about that.

You would need to contact Cloudflare support for further information and assistance with that.

We may have to go with the last resort option, everyone is saying a Cloudfare SSL can only be removed by Cloudfare.

We’ve also been unable to get clarification on who or why Cloudfare was installed on the domain in the past so that has been a dead end. I don’t think it is needed though anymore since it’s moving to Shopify.

Let me know what you guys think on how we can get our domain released from the current SSL that exists so a new one can be provisioned.

This is not true. The old provider is supposed to release your domain when you are no longer using them, Cloudflare sometimes has to get involved when they don’t clean up properly and leave a mess.

It will be another service provider who, like Shopify, uses Cloudflare.

I’ll escalate your ticket #233842 to kick this off, but it may take a while.

1 Like

That’s not correct. It’s supposed to be removed by whoever put it there in the first place. As you’ve discovered, getting someone else to remove it is difficult.

Keep this in mind if you ever leave Shopify.


I totally understand that an old provider should be responsible but the only provider we know of associated with the old site is Lightspeed who says they can’t. The only thing I know is that the previous web agency no longer in use who built the site installed Cloudfare so I am also trying to clean up someone else’s mess.

Thanks for escalating the ticket. I understand it may take longer but I’m not sure what else to do at this point.

1 Like

Btw, I pushed back on them and asked them to escalate my ticket to another rep. I am not sure what some of this means but copying below in case it provides either of you with any clarifications that might help.

I checked with my senior and she confirmed that, because the SSL added to eCom domains comes from Cloudflare, we really can’t deactivate that on our end. We’d recommend reaching out to Cloudflare once again and asking for clarification, such as if it is related to proxy or if it is indeed only about SSL. If it is proxy-related, that can be managed on our end. If it is really only about SSL, then the deactivation needs to be done on Cloudflare’s end.

I will keep your ticket open so you can reply to it once you have further information in case it happens to be proxy-related after all :slight_smile:

To be fair, you appear to have received support mostly from non-affiliated community members so far, right?

This is an odd reply and I’m not entirely sure what they mean. Reading the documentation at Launching your eCom store - DNS record setup – Lightspeed eCommerce, their setup looks like Cloudflare for SaaS.

It’s the Cloudflare Custom Hostname / SSL for SaaS setup that they would need to remove your domain from. Perhaps they are able to do that with more instruction?


Yes, absolutely what I mean. I should say the Cloudfare community is the saving grace here.


I will send this to them!

1 Like