Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Full (strict) - SSL/TLS encryption modes

When you set your encryption mode to Full (strict), Cloudflare does everything in Full mode but also enforces more stringent requirements for origin certificates.

flowchart LR accTitle: Full - Strict SSL/TLS Encryption accDescr: With an encryption mode of Full (strict), your application encrypts traffic going to and coming from Cloudflare. A[Browser] <--Encrypted--> B((Cloudflare))<--Encrypted--> C[("Origin server (verified) ✅")]

​​ Use when

For the best security, choose Full (strict) mode whenever possible (unless you are an Enterprise customer).

Your origin needs to be able to support an SSL certificate that is:

​​ Required setup

Before enabling Full (strict) mode, make sure your origin allows HTTPS connections on port 443 and presents a certificate matching the requirements above. Otherwise, your visitors may experience a 526 error.

​​ Limitations

Depending on your origin configuration, you may have to adjust settings to avoid Mixed Content errors or redirect loops.