The most effective means of redirecting visitors to HTTPS when using Cloudflare is using a page rule. While you can also redirect to HTTPS using configuration at your origin, page rules are processed at our edge, resulting in a quicker response and reduced requests to your server.
The "Always use HTTPS” action is the simplest option to redirect HTTP requests to HTTPS. The example shown will redirect all requests for example.com to HTTPS, but you can use any valid pattern to limit this action to a specific subdomain or directory:
You can also use the Forwarding URL action with a 301 redirect if you need to redirect to another location/subdomain in addition to forcing HTTPS. For example:
redirected with a 301 response code to
will redirect requests for the example.com root domain to the www.example.com subdomain while preserving the directory.
Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.
The "Always Use HTTPS" option will only appear if your zone has an active SSL certificate associated with it on Cloudflare.