Skip to content
SSL
Visit SSL on GitHub
Set theme to dark (⇧+D)

Always Use HTTPS

Always Use HTTPS redirects all http requests to https for all subdomain and hosts in your application.

How to redirect all visitors to HTTPS/SSL

You can redirect your domain visitors to HTTPS through SSL/TLS or Page Rules, depending on if you want to redirect traffic for all subdomains or only specific subdomains. While protecting your site via Cloudflare, it is not recommended to perform redirects at your origin web server, as this can cause redirect loop errors.

SSL/TLS

To redirect traffic for all subdomains and hosts in your domain:

  1. Log into your Cloudflare account and go to a specific domain.
  2. Navigate to SSL/TLS > Edge Certificates.
  3. For Always Use HTTPS, switch the toggle to On.

Page Rules

If you only want specific subdomains redirected to HTTPS, redirect on a URL basis using Cloudflare Page Rules.

  1. Navigate to Rules > Page Rules > Create Page Rules
  2. Enter the URL, for example http://example.com/*
  3. Choose Forwarding URL from the drop down menu.
  4. Click Select Status Code and choose 301 (Permanent Redirect) or 302 (Temporary Redirect).
  5. Enter the destination URL (https://www.example.com/$1).

This rule will redirect requests for the example.com root domain to the www.example.com subdomain while preserving the URL directory.

Limitations

Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.