Some pages on my site include “affiliate links”. When you follow these and buy something on the other end, I get a small commission. This commission does not raise the price of your purchase. Ever. Not even a little bit.

FAQ's  →  Security

How can I enforce HTTPS with CloudFlare?

CloudFlare offers two options for enforcing HTTPS access to your website:

  1. The Always Use HTTPS feature in CloudFlare’s Crypto app
  2. A CloudFlare Page Rule (Page Rules app) with the Always Use HTTPS setting

The first option enforces HTTPS on the entire domain (including all configured subdomains). The second option targets whatever path you specify in your Page Rule.

In most modern cases, your objective should be a project that can run entirely under HTTPS. This normally includes all paths/directories, and even all subdomains. For this reason, it’s been quite a while since I’ve had cause to go the Page Rule path.

Note that the Crypto app approach essentially covers everything you can do with a Page Rule in this context (enforcing HTTPS, as opposed to disabling it). This means that if you’re transitioning from a Page Rule based implementation to using the Crypto App, you should generally remove the obsolete Page Rule. While leaving the Page Rule in place does not cause any damage, it is certainly a waste of a Page Rule (each type of CloudFlare account includes a certain number of Page Rules, and you have to pay a monthly fee for any Page Rules beyond that limit).