Site

1. Log in to the Cloudflare dashboard and select your account.
2. In Account Home, select Website.
3. click Add a Site.
4. Enter the new domain name and click Add site.
5. Chose the free plan and click Continue.
6. Import the exisiting zone records and add new if needed.
7. Click Continue.
8. Log in to the administrator account for your domain registrar and change the name servers as described.
9. Wait until the domain servers are active.
10. Click Done, check nameservers.
11. Click Get started.
12. Active all and click finish
13. Click Check nameservers and wait until the new nameservers are confirmed.

1. Log in to the Cloudflare dashboard and select your account.
2. In Account Home, select Website.
3. Select the specific website.
4. In the left navigation chose DNS and click Settings.
5. Click Enable DNSSEC.
6. Copy DS Record and Public Key to the registrar and login to this portal.
7. Click confirm in the cloudflare portal.
8. DNSSEC is now pending while is is waited for the DS to be added to the registrar. This usually takes ten minutes, but can take up to an hour.
9. Validate the success.

To configure TLS und Secure HTTP Headers follow theses steps

1. Log in to the Cloudflare dashboard and select your account.
2. In Account Home, select Website.
3. Select the specific website.
4. In the left navigation chose SSL/TLS and click Edge Certificates.

• Keep Total TLS deactivated.
• Activate Always Use HTTPS.
• Activate HSTS.
  • Confirm that I understand.
  • Click Next.
  • Enable HSTS (Strict-Transport-Security).
  • Max Age Header: 12 month.
  • Enable Apply HSTS policy to subdomains.
  • Enable Preload.
  • Enable No-Sniff Header.
  • Click Save.
• Chose TLS 1.3 as Minimum TLS Version.
• Enable Opportunistic Encryption.
• Enable TLS 1.3.
• Enable Certificate Transparency Monitoring. These configuration will provide the following HTTP Headers zone wide:

• strict-transport-security: max-age=31536000; includeSubDomains; preload
• x-content-type-options: nosniff