| pcx_content_type | title | weight | learning_center | ||||
|---|---|---|---|---|---|---|---|
how-to |
Always Use HTTPS |
15 |
|
Always Use HTTPS redirects all your visitor requests from http to https, for all subdomains and hosts in your application.
{{
}} This process does not impact certificate validation. If you use HTTP DCV, you can still enable Always Use HTTPS. {{}}Cloudflare recommends not performing redirects at your origin web server, as this can cause redirect loop errors.
{{}}
To redirect traffic for all subdomains and hosts in your application, you can enable Always Use HTTPS.
{{
}} If only some parts of your application can support HTTPS traffic, do not enable Always Use HTTPS and use a dynamic redirect to selectively perform the redirect to HTTPS. Refer to Redirect admin area requests to HTTPS for an example. {{}}{{}} {{}}
To enable Always Use HTTPS in the dashboard:
- Log in to your Cloudflare account and go to a specific domain.
- In SSL/TLS > Overview, make sure that your SSL/TLS encryption mode is not set to Off. When you set your encryption mode to Off, the Always Use HTTPS option will not be visible in your Cloudflare dashboard.
- Go to SSL/TLS > Edge Certificates.
- For Always Use HTTPS, switch the toggle to On.
{{}} {{}}
To enable or disable Always Use HTTPS with the API:
- Make sure that your SSL/TLS encryption mode is not set to Off.
- Send a
PATCHrequest withalways_use_httpsas the setting name in the URI path, and thevalueparameter set to your desired setting ("on"oder"off").
{{}} {{}}
Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.