Says active, but not secure

I searched, but couldn’t find a clear solution.

I’m using the free service on full. Am I supposed to choose strict full?

Hi @bobby5,

The SSL mode you choose depends on what certificate you have on the origin server. Full if it is self-signed or invalid and Strict if it is valid.

Can you share the domain name in question?

The domain name is,

I also have related issue my blog ( is active but not secure on chrome browser, please what is the solution to this ?

I don’t quite understand the question. In your topic you have " [Says active, but not secure]". Did you try to load your website on HTTPS? It works fine, and it’s definitely secure.

If you want the HTTP version to automatically REDIRECT to the HTTPS version, you need to go to Cloudflare dashboard > SSL/TLS > Always use HTTPS.

This is not related to if the website shows as HTTPS or not. If your website supported HTTPS before you migrated to Cloudflare, then you should select full (strict). If not, then leave it on full. Flexible is available if your own server doesn’t support HTTPS at all.

Your issue is slightly different, because you have MIXED CONTENT. Your website is serving at least one resource on HTTP, in which case the browser is forced to downgrade the website to insecure.

I see the following mixed-content warning on your website:

Mixed Content: The page at ‘’ was loaded over a secure connection, but contains a form that targets an insecure endpoint ‘’. This endpoint should be made available over a secure connection.

Everything that loads on your website must be on HTTPS if you want the website to remain secure, and prevent browsers from downgrading your website to insecure.

This topic was automatically closed after 30 days. New replies are no longer allowed.