Cloudflare Docs
SSL/TLS
SSL/TLS
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Cloudflare SSL/TLS

Encrypt your web traffic to prevent data theft and other tampering
Available on all plans

Through Universal SSL, Cloudflare is the first Internet performance and security company to offer free SSL/TLS protection. Cloudflare SSL/TLS also provides a number of other features to meet your encryption requirements and certificate management needs.

Get started Learn more


​​ Features

FeatureAdditional featuresFreeProBusinessEnterprise

Advanced Certificates

Paid add-onPaid add-onPaid add-onPaid add-on

Always Use HTTPS

YesYesYesYes

Authenticated origin pull

YesYesYesYes

Automatic HTTPS Rewrites

YesYesYesYes

Backup Certificates

YesYesYesYes

Can opt out?

NoNoNoYes

Certificate Transparency Monitoring

YesYesYesYes

Email Recipients

All account membersAll account membersSpecified email addressesSpecified email addresses

Certificate Signing Requests

NoNoNoIncluded with Advanced Certificate Manager

Custom Certificates

NoNoYesYes

Certificates included

001 (Modern)
1 (Legacy)
1 (Modern) (can purchase more)
1 (Legacy) (can purchase more)

Custom origin trust store

Included with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate Manager

SSL/TLS encryption mode

YesYesYesYes

Strict (SSL-Only Origin Pull)

NoNoNoYes

HTTP Strict Transport Security

YesYesYesYes

Keyless SSL

NoNoNoPaid add-on

Minimum TLS Version

YesYesYesYes

Opportunistic Encryption

YesYesYesYes

Origin certificates

YesYesYesYes

SSL/TLS Recommender

YesYesYesYes

Staging environment

NoNoNoYes
(open beta)

TLS 1.3

YesYesYesYes

Total TLS

Included with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate ManagerIncluded with Advanced Certificate Manager

Universal Certificates

YesYesYesYes

Custom Hostnames

YesYesYesYes

Hostnames included

1001001000

Max hostnames

500050005000Unlimited, but contact sales if using over 5000.

CSR support

NoNoNoYes

Custom analytics

YesYesYesYes

Custom certificates

NoNoNoYes

Custom origin

NoNoNoYes

mTLS support

NoNoNoYes

Non-SNI support for SaaS zone

NoYesYesYes

Selectable CA

NoNoNoYes

WAF for SaaS

WAF rules with current zone planWAF rules with current zone planWAF rules with current zone planCreate and apply custom firewall rulesets.

Wildcard custom hostnames

NoNoNoYes

Apex proxing/BYOIP

NoNoNoPaid add-on

Custom metadata

NoNoNoPaid add-on