The most effective means of redirecting visitors to a secure connection is through our Always Use HTTPS feature in the Crypto section on your Cloudflare Dashboard. Alternatively if you don't want your whole site redirected to HTTPS, you can do this on a per URL basis using page rules. While you can also redirect to HTTPS using configuration at your origin, the aforementioned redirects are processed at our edge, resulting in a quicker response and reduced requests to your server.
The "Always use HTTPS” action is the simplest option to redirect HTTP requests to HTTPS. The example shown will redirect all requests for example.com to HTTPS, but you can use any valid pattern to limit this action to a specific subdomain or directory:
You can also use the Forwarding URL action with a 301 redirect if you need to redirect to another location/subdomain in addition to forcing HTTPS. For example:
redirected with a 301 response code to
will redirect requests for the example.com root domain to the www.example.com subdomain while preserving the directory.
Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.
The "Always Use HTTPS" option will only appear if your zone has an active SSL certificate associated with it on Cloudflare.