Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Opportunistic Encryption

Opportunistic Encryption allows browsers to access HTTP URIs over an encrypted TLS channel. It’s not a substitute for HTTPS, but provides additional security for otherwise vulnerable requests.

Use HTTPS when both strong encryption and authentication are required. HTTP Opportunistic Encryption provides a means of enabling TLS when needed for other protocols such as HTTP/2. It does not provide the same indications of security as HTTPS (the green lock icon in most browser address bars).

​​ Availability

Free Pro Business Enterprise


Yes Yes Yes Yes

​​ Enable Opportunistic Encryption

You do not need to configure your origin web server to support Opportunistic Encryption. All it requires is updating your settings in the Cloudflare dashboard.

To enable Opportunistic Encryption in the dashboard:

  1. Log in to your Cloudflare account and go to a specific domain.
  2. Go to SSL/TLS > Edge Certificates.
  3. For Opportunistic Encryption, switch the toggle to On.

To adjust your Opportunistic Encryption settings with the API, send a PATCH request with the value parameter set to your desired setting ("on" or "off").