What is Automatic HTTPS Rewrites?
Automatic HTTPS Rewrites is a feature that safely rewrites links to unencrypted resources from HTTP to HTTPS. Before the rewrite is applied and served in the HTML sent to your web visitors, a ruleset is checked to ensure the references are accessible via HTTPS.
How do I enable Automatic HTTPS Rewrites?
Under the Crypto section of your dashboard, toggle the feature on:
Do I need anything on my server to use this feature?
No. Rewriting occurs within Cloudflare's proxy, and does not require any changes to your origin server.
Why Should I use Automatic HTTPS Rewrites?
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).
Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS by rewriting URLs automatically, avoiding the need to make these changes manually or allowing for rewriting where the source is not directly under your control (e.g. for third-party plugins).
Will Automatic HTTPS Rewrites resolve all mixed content errors?
Some external resources may not have HTTPS available at all. In those cases we will not be able to rewrite the URL, as doing so would only make that content unavailable. There may also be some resources loaded by JavaScript or CSS via HTTP when the site is loaded in a browser. In those situations, mixed content warnings will still appear. To determine which URLs do not have HTTPS support, we use data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list, among others.
If a third-party domain you know does support HTTPS is not being rewritten automatically, you can still manually change those links to relative links or HTTPS links. You can also ask the domain owner to submit their site for inclusion in the HTTPS Everywhere rulesets, which accept pull requests on GitHub.
What should I do if I encounter issues with Automatic HTTPS Rewrites enabled?
We do not expect any major issues with this feature, but if you do encounter any, please contact Support with a description of the problem and we'll investigate as needed.