do son 
Cloudflare, the internet services provider, has recently announced the complete deactivation of HTTP connections to its API platform. Effective immediately, all API requests must be transmitted via the encrypted HTTPS protocol. Any attempt to connect via HTTP will result in no response whatsoever.
The decision to block plaintext HTTP connections is rooted in a commitment to enhancing security—specifically, to prevent developers from inadvertently transmitting credential data over unsecured channels. Notably, Cloudflare will not redirect HTTP requests to HTTPS, thereby eliminating even the possibility of accidental exposure.
What sets this implementation apart is that Cloudflare will not return a 403 Forbidden error or any response at all. Instead, the platform enforces security by entirely disabling the HTTP interface, effectively rendering port 80 non-functional and incapable of receiving any traffic.
Historically, the API platform permitted HTTP requests by redirecting them to HTTPS. However, Cloudflare has determined that such a mechanism remains insufficiently secure. As a result, all HTTP connections are now categorically prohibited to ensure a higher standard of protection.
This change applies exclusively to api.cloudflare.com, primarily affecting developers who rely on the platform to manage DNS records, toggle features, and configure domains.
Consequently, all scripts, bots, tools, and legacy systems that depend on HTTP-based API access will cease to function unless reconfigured to use HTTPS. Developers are responsible for making this transition, though some older projects may still experience disruptions.
To address compatibility issues stemming from misconfigured systems, unsupported environments, outdated clients, IoT devices, and lower-tier hardware lacking default HTTPS support, Cloudflare plans to introduce a free option by the end of the year that will disable HTTP traffic in a safer, more controlled manner.
According to Cloudflare’s internal metrics, approximately 2.4% of all traffic on the platform continues to use the HTTP protocol. When automated traffic is included, this figure rises to 17%, highlighting the significance of this security measure.
