Enable SSL/TLS recommendations
To make sure you do not inadvertently block the SSL/TLS Recommender, review your settings to make sure your domain:
- Is accessible.
- Is not blocking requests from our bot (which uses a user agent of
- Does not have any active, SSL-specific or .
Then, you can enable the SSL/TLS recommender.
To enable SSL/TLS recommendations in the dashboard:
Manually trigger a new scan
Once you enable it, the recommender runs future scans periodically — typically every two days — and sends notifications if new recommendations become available.
How it works
Once enabled, the SSL/TLS Recommender runs an origin scan using the user agent
Cloudflare-SSLDetector and ignores your
robots.txt file (except for rules explicitly targeting the user agent).
If so, it will send the application owner an email with the recommended option and add a Recommended by Cloudflare tag to that option on the SSL/TLS page. You are not required to use this recommendation.
If you do not receive an email, keep your current SSL encryption mode.