Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Overview

At Cloudflare, our goal is to build a better Internet (safer, better, more accessible).

As part of that, we are proud to be the first Internet performance and security company to offer free SSL/TLS protection. SSL/TLS encrypts your web traffic to prevent data theft and other tampering.

Get started Learn more

​​ Available features

FeatureAdditional featuresFreeProBusinessEnterprise

Advanced Certificates

Paid add-onPaid add-onPaid add-onPaid add-on

Always Use HTTPS

YesYesYesYes

Authenticated origin pull

YesYesYesYes

Automatic HTTPS Rewrites

YesYesYesYes

Backup Certificates

YesYesYesYes

Can opt out?

NoNoNoYes

Certificate Transparency Monitoring

YesYesYesYes

Certificate Signing Requests

NoNoNoIncluded with Advanced Certificate Manager

Custom Certificates

NoNoYesYes

Certificates included

0011 (can purchase more)

Custom origin trust store

Included with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate Manager

SSL/TLS encryption mode

YesYesYesYes

Strict (SSL-Only Origin Pull)

NoNoNoYes

HTTP Strict Transport Security

YesYesYesYes

Keyless SSL

NoNoNoPaid add-on

Minimum TLS Version

YesYesYesYes

Opportunistic Encryption

YesYesYesYes

Origin certificates

YesYesYesYes

SSL/TLS Recommender

YesYesYesYes

Staging environment

NoNoNoYes

TLS 1.3

YesYesYesYes

Total TLS

Included with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate Manager

Universal Certificates

YesYesYesYes

Custom Hostnames

YesYesYesYes

Hostnames included

100100100100

Max hostnames

500050005000Unlimited, but contact sales if using over 5000.

CSR support

NoNoNoYes

Custom analytics

YesYesYesYes

Custom certificates

NoNoNoYes

Custom origin

NoNoNoYes

mTLS support

NoNoNoYes

Non-SNI support for SaaS zone

NoYesYesYes

Custom analytics

NoNoNoYes

WAF for SaaS

WAF rules with current zone planWAF rules with current zone planWAF rules with current zone planCreate and apply custom firewall rulesets.

Wildcard custom hostnames

NoNoNoYes

Apex proxing/BYOIP

NoNoNoPaid add-on

Custom metadata

NoNoNoPaid add-on