Tips from the team


  • If your website forces TLS connections (e.g. HTTPS:// or you would like to introduce encrypted connections when switching to Deflect - note that certificate generation with Let’s Encrypt happens after your DNS has propagated to Deflect. This means that for the first 30 minutes or so after switching to Deflect, readers may receive a certificate warning when accessing your website. There is no simple way around this problem. We recommend that you switch DNS during low-traffic hours for your website.
  • Is Deflect down? is a question we often hear from our users. Usually the answer is “no” and the problem likely lies with your webserver not responding to our edges, or your provider who has automatically blocked some of our edges. You can always check is Deflect is really down by opening which is protected by the same infrastructure as your website. To get a list of our edge servers (so that your provider knows not to block them) please contact us through the Deflect Dashboard.


  • Change your webserver IP after switching to Deflect. This will make it harder for anyone to target your server with a direct attack. In an ideal scenario, all traffic (whether benign or malicious) destined for your website will go through Deflect. However, before you joined the service, its likely that your server’s IP address existed in public historical DNS records e.g.
  • Make sure account access at your domain registrar is secure - protected by a strong password, 2-factor authentication and complicated reset questions. We sometimes see attackers socially engineering the registrar to take control of your domain.