Cloudflare Automatic HTTPS Rewrites can be enabled to prevent mixed content errors. Read on to find out more. 

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Services.

Let’s take a look at how our Support Team is ready to help customers with Cloudflare Automatic HTTPS Rewrites.

What is Cloudflare Automatic HTTPS Rewrites

Automatic HTTPS Rewrites is responsible for preventing end-users from coming across mixed content errors. These errors often occur due to rewriting URLs from HTTP to HTTPS for links or resources on our website. This is a result of complex content management systems or embedded third-party content.

Rewriting HTTP to HTTPS causes Automatic HTTPS Rewrites to simplify the task of making the website available via HTTPS. In fact, this eliminates mixed content errors thereby making sure the data on the website is safe from tampering and eavesdropping.

Furthermore, this feature runs by causing URLs to point to localhost in case the URL is fetching active resources like iframe, script, object, link, and so on.

How to enable Cloudflare Automatic HTTPS Rewrites

1. To begin with, log into the Cloudflare account.
2. Then, head to the specific domain and navigate to SSL/TLS > Edge Certificates.
3. Next, toggle the switch next to Automatic HTTPS Rewrites as seen below:

   

Cloudflare verifies the HTTPS resources to check if they are accessible via HTTPS. In case the resources are not available, Cloudflare will not rewrite the URL. However, some resources get loaded by CSS or Javascript via HTTP when the site is loaded to a browser. This is is when we come across mixed content warnings.

Furthermore, Cloudflare relies on data from Chrome’s HSTS preload list and EFF’s HTTPS Everywhere to decide if the URL has HTTPS support or not.

In case our zone is not on any of the lists, only active content gets rewritten. However, passive content like images is not rewritten. Still leading to mixed content errors.

Moreover, we have to manually change the links to HTTPS links or relative links if a third-party domain supports HTTPS and is not rewritten automatically. On the other hand, we can request the third-part domain owner to submit the site for including within HTTPS Everywhere rulesets.

[Need assistance with a different issue? We are available 24/7.]

Conclusion

In a nutshell, our skilled Support Engineers at Bobcares demonstrated how to enable Cloudflare Automatic HTTPS Rewrites.