Why are some requests still called 'not secure', even though I've done everything?

This is more of a thing thats just out of interest - having every single request on HTTPS isn’t a priority for my site, but I’d still like to know why some requests are still not secure.

My origin server runs only on port 443, and only accepts HTTPS requests. Furthermore, I’ve also set my Cloudflare CDN to ‘always use HTTPS’, and if someone makes a HTTP request, it gets redirected to HTTPS.

So how come (according to Cloudflare) are some requests still ‘not secure’?

Personally, when testing out things on my site, I’ve never seen it say not secure.

It still doesn’t stop anybody or bots from initiating an HTTP connection to your hostname.

1 Like

In order to redirect visitors to HTTPS, they must have been initiate the connection in HTTP first. That’s normal.


This topic was automatically closed after 30 days. New replies are no longer allowed.