Hello,
The site currently uses HTTPS only if the user enters it into their browser, even then clicking around the site falls back to HTTP. This allows people to steal cookies/passwords on public networks.
Solution, enforce HTTPS.
Since the site is behind a CDN, you can use their configuration page to do it: https://support.cloudflare.com/hc/e...-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
The site currently uses HTTPS only if the user enters it into their browser, even then clicking around the site falls back to HTTP. This allows people to steal cookies/passwords on public networks.
Solution, enforce HTTPS.
Since the site is behind a CDN, you can use their configuration page to do it: https://support.cloudflare.com/hc/e...-How-do-I-redirect-all-visitors-to-HTTPS-SSL-