Is a New HTTP Header Needed for CloudFlare’s Free SSL?

CloudFlare is now offering free SSL to all sites. However, there are two different types of SSL connections – ‘Flexible SSL’ and ‘Full SSL’. While ‘Flexible SSL’ is better than nothing, it is misleading to users who think their data is entirely encrypted. To address this, a new HTTP header named ‘X-Proxy-Security’ is proposed to indicate the security level of the proxy. However, this solution may not be necessary and could still be open to abuse. A better alternative would be to check the SSL certificate itself. If it is not from the intended site, users should not proceed. Additionally, including the necessary details in the certificate would eliminate the need for new headers.

Leave a Reply

Your email address will not be published. Required fields are marked *