Connections over cleartext HTTP ports risk exposing sensitive information as they are transmitted unencrypted and can be intercepted by network intermediaries. To address this, Cloudflare is closing all HTTP ports on its API endpoint (`api.cloudflare.com`) to prevent initial plaintext requests from being exposed before a secure HTTPS connection is established. This change will make it clear to developers that accessing the API over HTTP instead of HTTPS with their secret API keys can have serious implications. The transition has been made gradually across data centers, and customers will be able to opt-in to this feature in the last quarter of 2025. The goal is to eliminate exposure entirely and prevent sensitive information from being transmitted in plaintext. By closing the underlying cleartext connection, Cloudflare is enforcing HTTPS-only connections for its API traffic, enhancing the security and reliability of its API endpoints.