Available for SWA Plus and SWA Premium, the initial security-related settings are conservative to accommodate a broader range of web clients. With full access to the Cloudflare® control panel or dashboard, raising the minimum TLS version or enabling HTTP Strict Transport Security (HSTS) is as simple as selecting a higher TLS version or clicking a toggle switch to enable HSTS.
The following are a list of suggested security-related settings to change or enabled:
-
Enable DNSSEC (See Cloudflare DNS dashboard app)
-
Always use HTTPS * (see Cloudflare SSL/TLS dashboard app)
-
Enable HSTS * (see Cloudflare SSL/TLS dashboard app)
-
Set Minimum TLS 1.2 Version (see Cloudflare SSL/TLS dashboard app)
-
Enabling TLS 1.3 (see Cloudflare SSL/TLS dashboard app)
-
Enable Automatic HTTPS Rewrites * (see Cloudflare SSL/TLS dashboard app)
-
Enable WAF (See Cloudflare Firewall dashboard app)
-
Enable Email Address Obfuscation (See Cloudflare Scrape Shield dashboard app)
-
Enable Server-side Excludes (See Cloudflare Scrape Shield dashboard app)
-
Enable Hotlink Protection (See Cloudflare Scrape Shield dashboard app)
* An SSL/TLS certificate must be installed/enabled at the origin server or shared hosting space.