Always Use HTTPS

​​ How to redirect all visitors to HTTPS/SSL

You can redirect your domain visitors to HTTPS through SSL/TLS or Page Rules, depending on if you want to redirect traffic for all subdomains or only specific subdomains. While protecting your site via Cloudflare, it is not recommended to perform redirects at your origin web server, as this can cause redirect loop errors Open external link .

​​ SSL/TLS

To redirect traffic for all subdomains and hosts in your domain:

1. Log into your Cloudflare account Open external link and go to a specific domain.
2. Navigate to SSL/TLS > Edge Certificates.
3. For Always Use HTTPS, switch the toggle to On.

​​ Page Rules

If you only want specific subdomains redirected to HTTPS, redirect on a URL basis using Cloudflare Page Rules Open external link .

1. Navigate to Rules > Page Rules > Create Page Rules
2. Enter the URL, for example http://example.com/*
3. Choose Forwarding URL from the drop down menu.
4. Click Select Status Code and choose 301 (Permanent Redirect) or 302 (Temporary Redirect).
5. Enter the destination URL (https://www.example.com/$1).

This rule will redirect requests for the example.com root domain to the www.example.com Open external link subdomain while preserving the URL directory.

​​ Limitations

Forcing HTTPS does not resolve issues with mixed content Open external link , as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.