Automatic HTTPS Rewrites

Learning Focus

By the end of this lesson you will understand what automatic HTTPS rewrites do and when to enable them.

What It Does

Automatic HTTPS Rewrites scans HTML responses and rewrites http:// links to https:// before sending them to the browser. This prevents mixed-content warnings without changing your application code.

Steps

Cloudflare Dashboard → SSL/TLS → Edge Certificates
Toggle Automatic HTTPS Rewrites to On

When It Helps

Legacy applications with hardcoded http:// references
WordPress sites with old content containing HTTP image URLs
Third-party embeds loaded over HTTP

Limitations

Only rewrites resources that are also available over HTTPS
Does not fix all mixed-content issues (e.g., inline scripts)
Not a substitute for fixing the source code

info

This is a safety net, not a permanent fix. Ideally, update your application to use HTTPS URLs natively.

Key Takeaways

Automatic HTTPS Rewrites prevent mixed-content warnings from old HTTP references.
Enable it as a safety net while fixing hardcoded HTTP URLs in your application.

What's Next

Continue to OLS SSL Listener Setup for server-side configuration.

What It Does​

Steps​

When It Helps​

Limitations​

Key Takeaways​

What's Next​