How do I redirect all visitors to HTTPS/SSL?

The most effective means of redirecting visitors to a secure connection is through our Always Use HTTPS feature in the Crypto section on your Cloudflare Dashboard. Alternatively if you don't want your whole site redirected to HTTPS, you can do this on a per URL basis using page rules. While you can also redirect to HTTPS using configuration at your origin, the aforementioned redirects are processed at our edge, resulting in a quicker response and reduced requests to your server.

The "Always use HTTPS” action is the simplest option to redirect HTTP requests to HTTPS. The example shown will redirect all requests for to HTTPS, but you can use any valid pattern to limit this action to a specific subdomain or directory:

You can also use the Forwarding URL action with a 301 redirect if you need to redirect to another location/subdomain in addition to forcing HTTPS. For example:*

redirected with a 301 response code to$1

will redirect requests for the root domain to the subdomain while preserving the directory.

Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.

The "Always Use HTTPS" option will only appear if your zone has an active SSL certificate associated with it on Cloudflare.

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Powered by Zendesk