Use this when fyuhls is behind Cloudflare.

• preserve real visitor IPs
• trust HTTPS correctly
• avoid breaking downloads or fraud scoring

• enable Cloudflare trust in Config Hub only when the site is actually behind Cloudflare
• keep SSL mode sane
• make sure real-IP restoration is correct
• sync Cloudflare IP ranges after enabling trust or after infrastructure changes

Several systems depend on correct client IP restoration:

• security logs
• rate limiting
• rewards fraud scoring
• country and network signals

• forwarded host and proxy trust handling is stricter
• secure-cookie and trusted HTTPS behavior are safer
• URL generation for password resets, verification links, and other signed/public flows is less willing to trust arbitrary request headers

• login from a real browser and inspect IP-sensitive logs
• verify downloads still work through the proxied hostname
• confirm the canonical base URL is set correctly in SEO settings
• if using rewards fraud, make sure the IP and network signals look sane in the fraud UI
• if using Nginx completion-aware delivery, also make sure Nginx itself is restoring the real client IP for the completion log path