The real benefits however become apparent when combined with a Digital Certificate. This is especially beneficial to cart sites that wish to take card details online. When both these addons are purchased, we do the following:
- Turn on Full (Strict) in the SSL Options. Cloudflare will connect over HTTPS and verify the cert on each request
- Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone
- Cryptographically verify that requests to your origin server have come from Cloudflare using a TLS client certificate
- Only allow HTTPS connections from visitors that support at least TLS version 1.2
- Enable Opportunistic Encryption – this allows browsers to benefit from the improved performance of HTTP/2 by letting them know that your site is available over an encrypted connection
- Enable Onion Routing – this allows routing traffic from legitimate users on the Tor network through Cloudflare’s onion services rather than exit nodes, thereby improving privacy of the users and enabling more fine-grained protection
- Automatically fix mixed content by changing “http” to “https” for all resources or links on your web site that can be served with HTTPS
- Enable HTTP Strict Transport Security (HSTS) – this is a header which allows a website to specify and enforce security policy in client web browsers. This policy enforcement protects secure websites from downgrade attacks, SSL stripping, and cookie hijacking.
The result is an A+ rating for your site when it comes to security, so your customers can shop with confidence. Now what’s not to like about that?