Insecure XMLHttpRequest endpoint

Username (e.g. epiz_XXX) or Website URL

Error Message

Mixed Content: The page at ‘{site_url}/’ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘’. This request has been blocked; the content must be served over HTTPS.

Other Information

All the requests made by AJAX are being added a query string at the end and are being changed to HTTP instead of HTTPS without me specifying anything such in the code. If I remember correctly the ?_=1629050654857 query string is added by InfinityFree but why does it change the protocol?

I’ve managed to solve the issue by issuing a Let’sEncrypt certificate for the server and enable Full SSL/TLS encryption on Cloudflare.


HTTPS detection while using Cloudflare Flexible SSL is a bit tricky, using Full SSL is much easier that way.

If you’re using Full SSL (not strict), you can also get a Self Signed certificate from our SSL tool and use that. It’s about as secure, and you don’t need to renew it every three months.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.