[spben]

Sorry to hear about this experience, would love to know more as we take security very serious.

Our CDN certainly will validate SSL certificates at the origin if the setting is enabled.

With that said, you may be on a legacy CDN product often referred to as "Secure CDN" and that setting may differ from our current CDN offering.

I'd be more than happy to loop our CDN team in to clarify. Feel free to reach out directly to product at stackpath.com and I'll get it setup :)