Infrastructure

Cloudflare Configuration Status

Edge security and performance posture for sitooadvisory.com on the Cloudflare Free plan.

Complete

Pending

Total Items

#	Item	Status
1	SSL/TLS — Full (strict), TLS 1.2 min, TLS 1.3, OE, Auto HTTPS Rewrites	● Done
2	Edge Certificates — Always HTTPS, HSTS (6 mo)	● Done
3	Bot Fight Mode	● Done
4	0-RTT Connection Resumption	● Done
5	Browser Cache TTL — Respect Existing Headers	● Done
6	5 WAF Custom Rules (threat-score, empty-UA, bad-bots, admin-paths, non-GET/POST)	● Done
7	Rate Limiting on `/api/public/*` — 17 req / 10s (Free-plan max)	● Done
8	3 Page Rules — `/assets/` cache, `/api/` bypass, Always HTTPS	● Done
9	Crawler Hints — Caching → Configuration toggle	● Done
10	DNSSEC — DS record auto-provisioning at registrar (Active pending DS propagation)	● Done

Free-plan deviation: Rate limiting could not match the original spec (100/min, 1-hour block) — Cloudflare Free only allows period=10s and mitigation_timeout=10s. Configured as 17 req / 10s, block 10s (≈100 req/min equivalent). In-Worker per-IP throttles in /api/public/chat and /api/public/lead remain the primary defense.

DNSSEC: Enabled via Cloudflare's auto-setup flow; DS record propagation at the registrar typically completes within a few hours. Status will flip from "pending" to "Active" automatically once propagation finishes.

Last reviewed: 2026-05-19 · Zone: sitooadvisory.com · Plan: Free