What is Automatic HTTPS Rewrites?
Automatic HTTPS Rewrites is a feature that safely rewrites links to unencrypted resources from HTTP to HTTPS. Before the rewrite is applied and served in the HTML sent to your web visitors, a ruleset is checked to ensure the references are accessible via HTTPS.
How do I enable Automatic HTTPS Rewrites?
Under the Crypto section of your dashboard, toggle the feature on:
Do I need anything on my server to use this feature?
No. Rewriting occurs within Cloudflare's proxy, and does not require any changes to your origin server.
Why Should I use Automatic HTTPS Rewrites?
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).
Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS by rewriting URLs automatically, avoiding the need to make these changes manually or allowing for rewriting where the source is not directly under your control (e.g. for third-party plugins).
Will Automatic HTTPS Rewrites resolve all mixed content errors?
If a third-party domain you know does support HTTPS is not being rewritten automatically, you can still manually change those links to relative links or HTTPS links. You can also ask the domain owner to submit their site for inclusion in the HTTPS Everywhere rulesets, which accept pull requests on GitHub.
What should I do if I encounter issues with Automatic HTTPS Rewrites enabled?
We do not expect any major issues with this feature, but if you do encounter any, please contact Support with a description of the problem and we'll investigate as needed.