Squarespace Cloudflare DNS insecure

Hi all, we are using a Squarespace with Cloudflare DNS and GoDaddy domain.

I have set up Cloudflare’s DNS settings as recommended according to this support article:

In the Squarespace DNS settings, there’s a bunch of red, but the Cloudflare support article says this is to be expected:

The problem is that when I navigate to our page, the site sometimes is, and sometimes isn’t, secure.


The weird part is that on the same computer, I can visit it from one incognito chrome window and have it be insecure, and then open another incognito chrome window and it is secure. Also, if it’s insecure, after clicking around the site a couple of times, it eventually does become secure.

So just really confused as to what’s going on, and would really appreciate any help anyone can give.

p.s. Don’t know if this makes a difference, but in our Squarespace settings, the “use www prefix” is toggled on:


Was it Secure before you added it to Cloudflare?

@sdayman that’s a great question - I’ve been brought in to help out, and it was already all set up when I got here. I don’t think the person who originally set it up is with the company any longer. The owner believes that their old Squarespace site didn’t have any issues, but I’m not even sure if that site was on Cloudflare (if it makes any difference, the old site was Squarespace 7.0 and the new site is 7.1).

When a site shows “Not Secure”, this is a problem from the origin. It either wasn’t configured at all for HTTPS, or it has Mixed Content. You can use the SSL/TLD → Edge Certificates section to enable “Always Use HTTPS” and “Automatic HTTPS Rewrites.”

Your browser’s Dev Tools (F12 in Chrome) might also show you a warning in Console or Network. And quite often, just clicking on the Not Secure message brings up the reason.

@sdayman ,

Ok, so yes Always Use HTTPS is off (Automatic HTTPS Rewrites is on), if I try toggling that on, do you know if I have to wait 24-72 hours for it to have an effect? (basically I’d like to give it a go to see if it fixes things but also don’t want to break the site!)

Clicking on the “Not Secure” message just says this:


In the console there are a bunch of yellow warnings in variations of:

  • A parser-blocking, cross site script
  • yui: NOT loaded
  • DevTools failed to load

And a red warning:

  • Failed to load resource: the server responded with a status of 404

Don’t know if that gives any clues

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.