
The purpose of this decision is to prevent the transmission of accidental unencrypted API requests, thus, eliminating the risk of sensitive information being exposed in cleartext traffic before the server closes the HTTP connection and redirects it to a secure channel.
“Starting today, any unencrypted connection to api.cloudflare.com will be completely rejected. Developers should not expect a 403 Forbidden response any longer for HTTP connections, as we will prevent the underlying connection to be established by closing the HTTP interface entirely. Only secure HTTPS connections will be allowed to be established,” – Cloudflare.
Previously, Cloudflare allowed access to its APIs via both HTTP and HTTPS, and its servers either redirected or rejected HTTP connections. But even rejected HTTP requests can cause leaks of sensitive data (e.g. API keys or tokens) before the server responds to such a request.
On public or open Wi-Fi networks, the above-described scenario can entail even more severe consequence since it’s easier to deliver a man-in-the-middle attack there.

By closing HTTP ports, Cloudflare preemptively refuses the underlying connection at the transport layer before any HTTP or application-layer data are exchanged.
The new policy directly affects those using HTTP (i.e. scripts, bots, and tools relying on this protocol will fail). This also applies to legacy systems, automated API clients, IoT devices with limited processing power, and low-level clients who either don’t support HTTPS or don’t switch to it by default due to misconfiguration.
By the end of the year, Cloudflare is expected to launch a free feature enabling users to securely disable HTTP traffic on their side.
According to the company, only some 2.4% of traffic from ‘likely human’ clients passing through its systems uses plaintext HTTP. But together with ‘likely automated’ traffic, this proportion increases to almost 17%.

2025.01.25 — 18,000 script kiddies have been infected with backdoor via XWorm RAT builder
According to CloudSEK analysts, malefactors attack novice hackers using a fake malware builder. Script kiddies' systems become infected with a backdoor that steals data and subsequently…
Full article →
2025.04.30 — Coinbase fixes 2FA bug that made customers panic
Cryptocurrency exchange Coinbase has fixed a bug in its Account Activity logs that caused customers to think their credentials were compromised. Earlier this month, BleepingComputer…
Full article →
2025.01.30 — Hackers use vulnerabilities in SimpleHelp RMM to attack corporate networks
Experts believe that recently patched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM) were used by attackers to gain initial access to corporate networks. A number…
Full article →
2025.03.05 — Polish Space Agency disconnects its network due to hacker attack
Last weekend, the Polish Space Agency (POLSA) had to disconnect all of its systems from the Internet to localize an attack targeting its IT infrastructure. After discovering the intrusion,…
Full article →
2025.01.28 — J-magic backdoor attacked Juniper Networks devices using 'magic packets'
A massive backdoor attack targeting Juniper routers often used as VPN gateways has been uncovered. The devices were attacked by the J-magic malware that…
Full article →
2025.01.26 — Cisco patched a critical vulnerability in Meeting Management
Cisco released updates to fix a critical (CVSS score: 9.9) vulnerability in Meeting Management. The bug enables an unprivileged remote authenticated attacker to gain administrative privileges. The vulnerability…
Full article →
2025.04.12 — Hackers compromised a bureau within the U.S. Department of the Treasury and spent months in hacked systems
The Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury, reported a major cybersecurity incident. Unknown attackers had…
Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer
Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…
Full article →
2025.03.18 — Black Basta ransomware group developed its own automated brute-forcing framework
According to EclecticIQ, Black Basta Ransomware-as-a-Service (RaaS) group has developed its own automated brute-forcing framework dubbed BRUTED. It's used to hack edge network devices…
Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices
The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…
Full article →