Cloudflare supports HTTP Strict Transport Security (HSTS) to help secure your HTTPS web server from a downgrade or SSL stripping attack.
HSTS (RFC 6797) is a web security policy technology that helps secure HTTPS web servers against downgrade attacks. Downgrade attacks (also known as SSL stripping attacks) are a form of man-in-the-middle attack in which an attacker can redirect web browsers from a correctly configured HTTPS web server to an attacker-controlled server.
HSTS consists of an HTTP header with several parameters that directs compliant web browsers to strictly enforce web security practices, specifically turning all HTTP links into HTTPS links within an application, and upgrading all SSL errors from warnings or bypassable errors into non-bypassable errors.
You can enable HSTS in the Crypto app of the Cloudflare dashboard.
Contact Cloudflare Support if you need guidance in configuring HSTS.
- Cloudflare blog post: Enforce Web Policy With HSTS