Cloudflare now blocks all unencrypted traffic to its API endpoints

Cloudflare announced that it closed all HTTP connections and it is now accepting only secure, HTTPS connections for api.cloudflare.com. The move prevents unencrypted API requests from being sent, even accidentally, to eliminate the risk of sensitive information being exposed in cleartext traffic before the server closes the HTTP conection and redirects to a secure communication channel. “Starting today, any unencrypted connection to api.cloudflare.com will be completely rejected,” reads Cloudflare’s announcement on Thursday. “Developers should not expect a 403 Forbidden response any longer for HTTP connections, as we will prevent the underlying connection to be established by closing the HTTP interface entirely. Only secure HTTPS connections will be allowed to be established” - the internet services company added. The Cloudflare API helps developers and system administrators to automate and manage Cloudflare services. It is used for DNS records management, firewall configuration, D ... Read full article.