Cloudflare Docs
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Strict (SSL-Only Origin Pull) - SSL/TLS encryption modes

When you set your encryption mode to Strict (SSL-Only Origin Pull), connections to the origin will always be made using SSL/TLS, regardless of the scheme requested by the visitor.

The certificate presented by the origin will be validated the same as with Full (strict) mode.

​​ Use when

You want the most secure configuration available for your origin, you are an Enterprise customer, and you meet the requirements for Full (strict) mode.

​​ Required setup

The setup is generally the same as Full (strict) mode, but you select Strict (SSL-Only Origin Pull) for your encryption mode.

​​ Limitations

Depending on your origin configuration, you may have to adjust settings to avoid Mixed Content errors or redirect loops.