Automatic HTTPS RewritesAutomatic HTTPS Rewrites prevents end users from seeing “mixed content” errors by rewriting URLs from
httpsfor resources or links on your web site that can be served with HTTPS.
If your site contains links or references to HTTP URLs that are also available securely via HTTPS, Automatic HTTPS Rewrites can help. If you connect to your site over HTTPS and the lock icon is not present, or has a yellow warning triangle on it, your site may contain references to HTTP assets (“mixed content”).
Mixed content is often due to factors not under the website owner’s control such as embedded third-party content or complex content management systems. By rewriting URLs from “http” to “https”, Automatic HTTPS Rewrites simplifies the task of making your entire website available over HTTPS, helping to eliminate mixed content errors and ensuring that all data loaded by your website is protected from eavesdropping and tampering.
Enable Automatic HTTPS Rewrites
To enable Automatic HTTPS Rewrites:
- Log in to your and go to a specific domain.
- Navigate to SSL/TLS > Edge Certificates.
- For Automatic HTTPS Rewrites, switch the toggle to On.
Before a rewrite is applied, Cloudflare checks the HTTP resources to ensure they are accessible via HTTPS. If they are not available over HTTPS, Cloudflare cannot rewrite the URL.
If a third-party domain supports HTTPS and is not rewritten automatically, you can manually change those links to relative links or HTTPS links. Alternatively, you can ask the third-party domain owner to submit their site for inclusion in the HTTPS Everywhere rulesets, which . For more information on how to fix mixed content errors, see .