Understanding Automatic HTTPS rewrites

Avatar
traines
Follow

Automatic HTTPS Rewrites safely rewrite HTML source links from HTTP to HTTPS without requiring manual URL changes to resources in your HTML source. 

Overview

If you currently connect to your site over HTTPS and the lock icon is not present in the URL or displays a warning icon, your site may contain references to HTTP assets.  See our guide on troubleshooting mixed content for further details.

Enable Automatic HTTPS Rewrites via the Crypto app to rewrite HTTP resources as HTTPS at Cloudflare without making any changes to the HTML source at your origin server.

Limitations

Before a rewrite is applied, the HTTP resources are checked to ensure they are accessible via HTTPS. In cases where a resource is not available over HTTPS, Cloudflare cannot rewrite the URL.

There may also be some resources loaded by JavaScript or CSS via HTTP when the site is loaded in a browser. In those situations, mixed content warnings will still appear. To determine which URLs do not have HTTPS support, Cloudflare uses data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list.

If a third-party domain supports HTTPS and is not being rewritten automatically, manually change those links to relative links or HTTPS links.  Alternatively, ask the third-party domain owner to submit their site for inclusion in the HTTPS Everywhere rulesets, which accept pull requests on GitHub.

Related resources

Was this article helpful?
24 out of 37 found this helpful
Not finding what you need?
Ask the Community   Submit a request

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Popular questions: Why is my site slow, 522 errors, I'm expecting a spike in traffic

Powered by Zendesk