Why you should choose Full Strict, and only Full Strict

Unencrypted & unverified connections

Imagine you open Paypal and suddenly get that warning

image

Would you continue? Probably not. For decades leaders in IT security have advocated that people upgrade their sites from unencrypted HTTP to secure HTTPS. And for a reason, everything you send via an HTTP connection is sent in plain text and can be intercepted at any point between you and the server.

Equally, you’d probably not proceed if you got such a warning, right?

That’s when there is a certificate but it has not been signed by a certificate authority which is trusted by your browser. It essentially means the connection is technically encrypted but without verification anyone could have provided that certificate and will be able to intercept your data.


Unfortunately, many site owners are not aware of that and these two setups are common on Cloudflare. Millions of sites on Cloudflare have one of those two insecure configurations and are essentially left with no security.

Why don’t you get more warnings, you ask? Because the Cloudflare proxies front these sites and feign a valid HTTPS connection to the visitors when, in the background, things are still being transmitted in mentioned insecure fashion.

In either case, third parties will be able to intercept, record, and manipulate these connections without you, Cloudflare, or your visitors having the slightest idea that an unauthorised third party is accessing your very private communication.

Full Strict

This is where the encryption modes from https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls come in

Make sure you have “Full Strict” selected here. Only when you have that mode selected you’ll have a guarantee that Cloudflare will verify the connection and will not allow third parties to take over your data. Anything else and it will be as if you had no certificate or one that can’t be verified (-> certificate warning) and will put your data and the data of your visitors at risk.

Origin certificate

This also brings us to the next step of securing your server, making sure you have a proper certificate on your server in the first place.

There are plenty of providers who will sell certificates and while these certificates are perfectly fine, you should know that there are quite a few free options these days as well. Check out letsencrypt.org for that, respectively Cloudflare also offers their own free certificates for installation on your server. More information is here and you can get one issued straight from your TLS screen.

Once you have the certificate and the private key you just need to install them on your server (please talk to your host or refer to the documentation of your web server for details on that) and you’ll be good to go and have a properly secured connection on Full Strict.

8 Likes
Constant 520 Errors on ASPX site
Websocket not proxied, client receives response code 200
Site Blank After Shifting Domain from One Cloudflare Acc to Other
Flexible SSL Not Activate
HTML files not cached, despite rule
Godaddy / Cloudflare 520 error (recent change)
Subdomain not working AWS EC2
URL won't resolve without CNAME record? Why?
SSL not working on my subdomain
Pending Issuance Error
Has NZ fallen off Cloudflare's map?
Redundant vocational 521 error on wordpress website
Help me understand why the domain is not pointing to the A record setup
Yet another pointless discussion about Flexible
Free shared Universal SSL certificate
Error 525: SSL handshake failed is showing
My website is not running properly with JetPack?
Site down with sudden 526 error, certificates appear valid
Site goes down, getting 504 error in Cloudflare
Kemp Load Balancer
2 IP addresses pointing to an A Record
Website is loading super slow today (17.12.2021 Singapore time) from 8pm till now
Is that the correct way to use Cloudflare SSL
Mail.purevelvet.design reports "Certificate expired"
Coronavirus.lifeboat.com SSL said it has expired but my other subdomains are O.K
Fastly error: unknown domain. HTTP works but HTTPS doesn't
Website Error 520 Error Sometimes
Changing DNS status from proxied to not-proxied, and then changing it back
Setting SSL/TLS Mode using Page Rules - not working?
SSL selection issue
Email DNS Issues
Error 403 forbidden
Firewall Rule Based on User Agent is Not Working
URL Error come forbidden 403
Fowarding Error
Site has been broken for over 20 hours, no response from support :(
Mandatory VM changes in Google Cloud. Result? = Web site fallen
Mandatory VM changes in Google Cloud. Result? = Web site fallen
Mandatory VM changes in Google Cloud. Result? = Web site fallen
Getting an SSL Certificate
Some images not load on https
SSL errors
Error 522 Ray ID: 683221baba4e9704
Unexpected issuance of Let's Encrypt certificates by Cloudflare?
Cloudflare not update my domain
Higher latency ping from China Guangzhou City!help
Making sure Gmail works after setting up SSL with Cloudflare
My site i down because too many redirects
DNSSEC validation failure after domain transfer to Cloudflare
Redirect domain to other domain via page rules WITH UTM parameters
TeamSpeak 3 problems
Consistently getting error 520
Err-too-many-redirects
CloudFlare proxied websites don't work on Virgin Media but do on EE and some U.S providers
CF Badges - can they link to something better?
Have to purge cache on Cloudflare to login or signup
SSL certificate not working on subdomain
Cant see my site live
My connection is not Private. How to resolve this on my *.com website
I want to add port to my domain
Error 525 SSL handshake failed blogger
My proxied site too slow
Cloudflare Landing Page
DNS Type A , proxy status
Error 522 - packets
Cloudflare and klavyio 502 bad gateway error
Sqaurespace SSL cert issue
Cloudflare SSL certificate not in use but all features work?
Cloudflare SSL certificate not in use but all features work?
Unable to Stop Ddos attack . Please help
Universal SLL activated but got SSL certificate invalid
About the free SSL
Issues setting up CF Universal SSL
Issue with Fruition – Notion Website
Cloudflare SSL certificate not in use but all features work?
Free cloudflare SSL for my subdomains
My page does not show without www
I have an exclamation mark on my website padlock
ICANN Lookup Error
USA visitors can't access my site
Cloudflare's Origin Certificates are not valid certificates
Verify domain using DNS records
Cloudflare doesn´t redirect to non www
My page does not show without www
WWW: 404 when Proxied and works fine when DNS only
Sometimes a CF 520 error
Server SSL Trust
My page does not show without www
Pending Nameserver Update (4+ days) .ch domain Godaddy
How to add multiple subdomain
520 and broken certificate
403 on gRPC connection?
SSL Verification is Pending
The domain name was redirected to an unknown website
526 errors
NEWBIE help for subdomain not working
With DNSSEC Active, DNSChecker.org is showing a strange DNS record
Issue With Configuration?
Comcast + Cloudflare = ERR_SSL_PROTOCOL_ERROR?
Visual editor in wordpress is not showing when Cloudflare is enabled
CNAME not working?
My SSL still shows Sertico as issuer not Cloudflare
"Your connection is not private!"
Wrong Phishing Message By Cloudflare
Why flexible SSL mode is not the best choice
Some browsers appear to bypass CloudFlare causing SSL issues
Universal SLL activated but got SSL certificate invalid
Community Tutorials
Unable to properly configure my website
Are the settings correct?
Ads.txt not recognized after hosting here
Host error
Cloud flare SSL not connecting on wordpress
Cannot set up a custom CNAME for email
Worker works on workers.dev domain but not on own subdomain
DNS issue with Weebly and Cloudflare
IP exposed while pinging with site name
Error : 522 Connection timed out
Subdomains not working! (Godaddy site, cpanel hosting)
Closed the connection
Proxy is not working
Cloudflare proxy
Firewall Rule not working for me
Could someone tell me why my site is not showing as secure please?
Issues with Error 521 on my site
DNS proxy proxied error
Cannot login to Wordpress dashboard after installing Cloudflare SSL
Problems with changing IP
Help with 520 Error
Error 520 problem for two minutes?
Intermittent Error 520, host says nothing in logs, Always Online off
520 errors related to Caching...?
Unknown connection issue between Cloudflare & origin
526 error for my worker
Error 5xx log page admin
Aether Addic
Change the dns Server website not working
Domain Work with flexible but not Subdomain - ERR_TOO_MANY_REDIRECTS
Blocked just adding code to site
Generate my SPF record
Is gRPC without TLS proxied or blocked?
Cloudflares Certificate Keys
SSL error with wordpress
Render unauthorizedly overwrote the DNS zones on Cloudflare
Always Use HTTPS by default?
Cloudflare ssl and subdomans
HTTPS resolving wrong website, HTTP is fine
SSL Certificate Requirements
502 Bad Gateway, only when going through Cloudflare
Ssl cert ( Edge Certificates : initializing )
My site is DOWN basically. REFRESH error message
Error: DNS_PROBE_FINISHED_NXDOMAIN
Http2 and flexible SSL configuration
SSL changes not working for Websites
Error 525 SSL Handshake Error..However, cloudflare SSL is configurate in flexible
Error 520, Web server is returning an unknown error
SSL give error and stop working
Trouble with photo
Follow-up question for Sandro and Donmj - Secure Server while on HubSpot Email marketing
Run 2 scheduled workers within 5 seconds of each other
Clear firewall cache
Edge certificate question
(Get a Free Cloudflare T-Shirt) Question of the Week-What product originally brought you to Cloudflare?
Ssl cert ( Edge Certificates : initializing )
How to fix issue "Error 525: SSL handshake failed"
Error 520 Message
SSL giving errors in other countries
Cloudflare settings when you first set it up
WordPress site health scan issues - 3 nos
Site d'accès impossible
Cloudflare is not responding. Connection Timeout
Web sitem açılmıyor
Website down due to bots attack
Redirecting non www to WWW
Istanbul cloudflare errors 525 but frankfurt doesn't
Enable Cloudflare to my website and getting the following error
Error 522 even I configure iptables and firewall
Unity bundles are not cached for me
Website goes down after changing nameserver to Cloudflare nameserver with 404 errors
Mobile versus desktop
Status: Failed - HTTPS SSL Certificate failed to be processed
Error 525 and 1&1 SSL / Not Secure
Since new Cloudflare Webinterface server not accessible anymore
Cloudflare SSL question
How to make a single page as http from https?
SSL handshake failed/Error 525
Initial set up and Error 525 - SSL Handshake failed
SSL/TLS encryption mode for new site
Export SSL Certificate
SSL Sometimes Not Working
Website won't load
SSL/TLS encryption mode Full - Doesn't Open the Actual Site
Why do I keep having 520 error on my website
How to update OpenSSL
Website doesn't load
Cant get access to cpanel
Ssl not working on 1% (website not secure)
My Wordpress Site throws 520 error
SSL Strict Mode Settings issue?
Error 525 when flexible in ssl. Error too many redirect when full with blogger
Page redirect from root to www not working
Using an Origin Certificate on a nonstandard port?
CNAME returns 404, not any request goes to our servers
Ticket# 2261584. Error message:System detection encountered issues
Ssl problem (win10+chrome)
520 Error – no error logs triggered
Root domain resolves, www subdomain causes 520 error
522 Error Without www
Dns TXT record not be approved
Adding CNAME for Google Sites
Ghost integration
Cloudflare All-time-classic: How to fix Error code: SSL_ERROR_NO_CYPHER_OVERLAP
I am receiving a 502 error page when I test my button on my facebook business page
4G website not working
Nodejs app gives 502 error if cloudflare proxy is turned on
Cloudflare SSL not wroking
SSL Issue Since the Let's Encrypt Expiry
Can't get Origin Server certificate to work with webmail or imap/pop3/smtp
VPS + Cloudflare + Cpanel email
My website does not work with HTTPS
IP of A record not updating
Wrong web display
Universal SSL grayed out
520 and origin error, no hosting support
gRPC-go support: `message: : HTTP status code 521; transport: missing content-type field`
Error 520 problems - no solution since months
Domain keeps redirecting to a random site
Proxy is not working
One my subdomain not load properly with cloudflare access, working fine if not proxied ( gray cloud )
Edge Certificates always showing ‘Pending Validation’
Problems changing the server
Issue, Url subdirectory duplicated
Uploads to my website stall if using cloudflare reverse proxy
Issue, Url subdirectory duplicated
Error 520. Web server is returning an unknown error
520 cloudflare error
I'm having 520 error I have contacted my hosting the problem is not from them
Is it safe to use this code with WordPress to get cloudflare SSL working
Problem SSL Certificate (Unknown issuer)
Improvmx.com not working with Cloudflare dns
Additional MX Records
Cloudflare not hiding my host
Force http1.1 from Tunnel agent to origin?
SSL - CloudFlare
I am trying to connect my VPS origin server with Cloudflare but I am continuously getting Error 522. I have my server running on Amazon lightsail and have connected to it accurately by DNS settings
(Get a Free Cloudflare T-Shirt) Question of the Week- Do you have a certificate on your origin server?
Error : 522 Connection timed out
Issues with DNSSEC has shutdown my website - again
Issues with DNSSEC has shutdown my website - again
No CSS styles for wordpress website when using cloudflared tunnel
Ssl not working on my domain "cashsyria.net"
Why does cloudflare keep redirecting
Wordpress Admin login gives Error 526
No puedo abrir una pagina
SSL says it's not secure
Help with pointing to Google Cloud Storage
Google dns does not correctly resolve IP domain
No redirect or SSL on subdomain
DNS record for my website
Https links on website being redirected to http
A Records pointing to new webhost
Facebook Login Issue
Login error after nameserver changed
Slow site response time
Certificate issue everyday
Universal SSL failing to renew
Certificate issue everyday
Domain as an alias
Web server is returning an unknown error. How to fix this
SSL issue with Webmin/Virtualmin
Turning on cloud flare proxy
IPv6 Only site encounter 522 error
A record not working (I get a 404 error)
CF Proxied DNS painfully slow
Websocket reverse proxy on cloudflare
Unable to connect the certificate with my cpanel
WP Multisite subdomain dashboard and site not accessible
Moved NS to CF error NS_BINDING_ABORTED - Headers missing
Edge IP Restricted - Error 1034
Websites goes down after changing NS to cloudflare
My site will only work in developer mode!
SSL Error - Can't provide secure connection?
Tried various methods but Universal SSL still pending
Not being able to log into Plesk (redirect on the login page)
525 "SSL handshake failed" - 524 "a timeout occurred" - Hostgator
The ssl certificate on subdomains stopped working
Slow Website load 1st time
Cloudflare blocking Joomla 4 Administration - 520 Error (Nginx Config Problem?)
404 error on main domain
Cloudflare Free SSL Not Working on WiFi Network
MX not propagating
I am having a 522 error from the
How are web-sockets under CF proxy handled? (per plan level)
Fixing Error 522 / Connection timed out — Closed afaik
Error 522 frequently when browsing wordpress
Www has disappeared from my URL
Issue with email sending in Outlook and not synchronising
Сайт выполнил переадресацию слишком много раз
Сайт выполнил переадресацию слишком много раз
Ticket 2342540, Website Timing out
Significant delay in website loading time with Cloudflare
SSL error on Cloudfare DNS
520 error when navigating to subdomain, but not to IP address
Pending nameserver update : air-jiangsu.com
TLS not working for GRPC
Collabora Not Working With Proxy
Wp-admin page or website page not opening
Entering Cloudflare Nameservers crashes site
Ssl still not working
GRPC closes unexpectedly
SSL not loding with the Apache webiste
Softacolus login not working
Ошибка ERR_TOO_MANY_REDIRECTS. Перенаправление?
After ssl configuration in ubuntu nginx server not connecting from cloudflare
520 error if I log in
Unable to visit domain with prefix
Website Not Secured
Cannot access website via www. Or HTTP
Nameserver change has been implemented but Cloudflare did not detect the change
Last 8 hour my site opening very slow and some time 520 error
Update my SSL certificate
Posted forms continually posted?
Random 520 error... the error go away when bypassing cloudflare
Error deal
How to setup WSS?
400 Bad Request - site works if I bypass cloudflare
Website won't load while orange cloud is active in A record & CNAME
WordPress plugin updates getting 524, origin server response quick 200
How to secure website with cloudflare?
Using the FULL SSL encryption mode with port 443 blocked
New 525 Error
SSL error bad certificate domain : unable to access my website!
How to get VUEJS to work with cloudflare
After cloudflare account info migration to another email - Company Emails not working now - Urgent need support please
Getting an CIPHER_MISMATCH error
520 error appear random
Cloudflare installed but not secure!
Https redirection error
Flexible SSL Option - access proxied as HTTPS?
I tried to configure my site on Cloudflare, but my domain said this: This site can’t be reached pujapandal.online server IP address could not be found. DNS_PROBE_FINISHED_NXDOMAIN
Random 520 errors
(Win a Cloudflare Shirt) Question of the Week- What Cloudflare product do you find most useful?
Error520, problem with wp-admin login Showing host error
Error with redirects on webpage after integrating cloudflare