Always Use HTTPS
Always Use HTTPS redirects all your visitor requests from http to https, for all subdomains and hosts in your application.
Cloudflare recommends not performing redirects at your origin web server, as this can cause redirect loop errors.
| Free | Pro | Business | Enterprise | |
|---|---|---|---|---|
Availability | Yes | Yes | Yes | Yes |
To redirect traffic for all subdomains and hosts in your application, you can enable Always Use HTTPS.
To enable Always Use HTTPS in the dashboard:
-
In the Cloudflare dashboard, go to the SSL/TLS Overview page.
Go to Overview -
Make sure that your SSL/TLS encryption mode is not set to Off. When you set your encryption mode to Off, the Always Use HTTPS option will not be visible in your Cloudflare dashboard.
-
Go to the Edge Certificates ↗ page.
-
Turn on Always Use HTTPS.
To enable or disable Always Use HTTPS with the API:
- Make sure that your SSL/TLS encryption mode is not set to Off.
- Send a
PATCHrequest withalways_use_httpsas the setting name in the URI path, and thevalueparameter set to your desired setting ("on"or"off").
Forcing HTTPS does not resolve issues with mixed content, as browsers check the protocol of included resources before making a request. You will need to use only relative links or HTTPS links on pages that you force to HTTPS. Cloudflare can automatically resolve some mixed-content links using our Automatic HTTPS Rewrites functionality.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark