What is Automatic HTTPS Rewrites?
Automatic HTTPS Rewrites is a feature that safely rewrites links to un-encrypted resources from HTTP to HTTPS. Before the rewrite is applied and served in the HTML sent to your web visitors, a rule set is checked to ensure the references can be accessed via HTTPS.
How do I enable Automatic HTTPS Rewrites?
From the Cloudflare dashboard Crypto app, toggle the feature on:
Do I need anything on my server to use this feature?
No. Rewriting occurs within Cloudflare's proxy, and does not require any changes to your origin server.
Why should I use Automatic HTTPS Rewrites?
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).
Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS by rewriting URLs automatically. This helps you avoid making these changes manually or allows link rewrite in cases where the source files are not under your direct control (e.g. for third party plugins).
Will Automatic HTTPS Rewrites resolve all mixed content errors?
Some external resources may not have HTTPS available at all. In those cases, Cloudflare can't rewrite the URL, as doing so would only make that content unavailable. There may also be some resources loaded by JavaScript or CSS via HTTP when the site is loaded in a browser. In those situations, mixed content warnings will still appear. To determine which URLs do not have HTTPS support, Cloudflare uses data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list, among others.
If a third party domain you know supports HTTPS and is not being rewritten automatically, you can manually change those links to relative links or HTTPS links. You can also ask the domain owner to submit their site for inclusion in the HTTPS Everywhere rulesets, which accept pull requests on GitHub.
What should I do if I encounter issues with Automatic HTTPS Rewrites enabled?
For any issues with Automatic HTTPS Rewrites, contact Cloudflare Support and include a detailed description of the problem.