Recommended Security Settings for SWA Plus, SWA Professional

The initial security-related settings are conservative to accommodate a broader range of web clients. With full access to the Cloudflare® control panel or dashboard, raising the minimum TLS version or enabling HTTP Strict Transport Security (HSTS) is as simple as selecting a higher TLS version or clicking a toggle switch to enable HSTS.

The following are a list of suggested security-related settings to change or enabled:

  • Enable DNSSEC (See Cloudflare DNS dashboard app)
  • Always use HTTPS (see Cloudflare SSL/TLS dashboard app)
  • Enable HSTS (see Cloudflare SSL/TLS dashboard app)
  • Set Minimum TLS 1.2 Version (see Cloudflare SSL/TLS dashboard app)
  • Enabling TLS 1.3 (see Cloudflare SSL/TLS dashboard app)
  • Enable Automatic HTTPS Rewrites (see Cloudflare SSL/TLS dashboard app)
  • Enable WAF (See Cloudflare Firewall dashboard app)
  • Enable Email Address Obfuscation (See Cloudflare Scrape Shield dashboard app)
  • Enable Server-side Excludes (See Cloudflare Scrape Shield dashboard app)
  • Enable Hotlink Protection (See Cloudflare Scrape Shield dashboard app)

*

An SSL/TLS certificate must be installed/enabled at the origin server or shared hosting space.