Removing domains

[caleuanhopkins]

HOW TO REMOVE YOUR SITE

1. verify the site is static and contains no user data (I will remove it immediately once I confirm)
   OR
2. Verify ownership, send me an email from @yourdomain.com, post a random nonce on the domain, or provide keybase proof
3. Verify you are not using the Cloudflare proxy service

I will not remove sites that contain user data and are returning server:cloudflare-nginx in response headers, since they may have been affected.

So how do we have domains removed which have been confirmed by Cloudflare that they have not been effected by the Cloudbleed bug? I understand the need for some verification but I have been told by Cloudflare that my sites were unaffected and they do return server:cloudflare-nginx. Either we need a better confirmation process for removal or if the domains are not safe, should Cloudflare be informing customers that their sites were unaffected?

[cryptk]

Considering that in many cases it is pretty easy to externally validate that a site is not using the CF proxy service, I would like to see the list of "possibly affected domains" culled down a bit.

[cryptk]

And while it is correct that just because you don't use the SSL proxy service, that does not mean that you aren't affected... if you are a DNS only user (so no SSL proxy, and no caching) then you are indeed not affected (because your sites data never crossed the CF network, only DNS requests).

It is easy to determine if a site is using the CF caching service or not, so it would be prudent to remove those sites from the list. Doing this proactively will reduce the number of PR's submitted to remove non-affected sites (such as mine) which will reduce the total workload required to maintain this list.

[Xaekai]

This has already been discussed repeatedly. Did you even read the other open issues?

Checking the response headers for 4 million domains can't be done at the snap of a finger.

[pirate]

See: #67 for progress on narrowing down the non-caching customers.