SSL / TLS Insecure Connections

Hi Guys,

I have been monitoring my website statistics for some time and have noticed that some people have visited my site unencrypted.

I have all redirects from http to https active, as from Cloudflare’s side as well as even from my web server.

My website is : prodigy-official.de

What can I do?

Hi @Prodigy,

Every time someone tries to reach your website over HTTP, they will be redirected to HTTPS. This is done by sending the visitor a small file containing the new HTTPS address for the requested URL. But that does generate a hit on the edge (Cloudflare server) for the HTTP connection. That’s what this stat is showing.

Websites normally get HTTP requests from bots (which may or not follow up the redirection directive) and by the few users who type in your URL in the address bar. Despite the current ubiquity of HTTPS, some browsers still have as default scheme HTTP, so if you only type example.com without any scheme, the browser will first request HTTP, then, if redirected, request the HTTPS version of that URL.

2 Likes

To add, you can generally remove that statistic completely by setting up HSTS and then preloading your website. All this requires is that, for the rest of time, your website always has HTTPS set up (if you decide to move away from CF, you can still get free certificates from LetsEncrypt).

1 Like

Thanks! I don’t knew this.

!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.