I currently force SSL everywhere on my Xenforo site, but I figure that it doesn't really make sense especially since the SSL is "broken" on most pages due to users' images (I can't use the image proxy because it allows people to get my backend IP and my site is behind CloudFlare).
I'm going to make it so that only pages that handle sensitive information have SSL. Currently I'm planning to force SSL in these places:
I'm not sure how effective forcing SSL on /login is going to be as you can login to a Xenforo site on the landing page, but I guess there's not much I can do about that.
Anyway, does anyone know other Xenforo native links where I should be forcing SSL? I'm sure I missed something.