Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Encryption modes

The modes listed below control the scheme (http:// or https://) that Cloudflare uses to connect to your origin web server and how SSL certificates presented by your origin will be validated.

If possible, Cloudflare strongly recommends using Full or Full (strict) modes to prevent malicious connections to your origin.

For more details about how your encryption mode fits into the bigger picture of SSL/TLS protection, refer to Get started.

​​ Available encryption modes

​​ Update your encryption mode

To change your encryption mode in the dashboard:

  1. Log in to the Cloudflare dashboard and select your account and domain.
  2. Go to SSL/TLS.
  3. Choose an encryption mode.

To adjust your encryption mode with the API, send a PATCH request with the value parameter set to your desired setting (off, flexible, full, strict).

Your available values depend on your zone’s plan level.