Http requests in spite of enabling "Always Use HTTPS" #https

Some files get sent in an insecure HTTP when the webpage is sent over HTTPS, so they do not work. I had a css file that won’t load because according to my browser it was sent over HTTP on an HTTPS page.

Occasionally, the entire webpage is sent over in HTTP instead of HTTPS. This happens randomly and that is fairly obnoxious. I had to install HTTPS everywhere on my browser just to stay on the secure connexion when visiting my site.

This issue is not just random, it actually affects any redirect set up on the site. Say if you go to you will be redirected to and I guarantee the webpage will be insecure each time. I can provide a link to my website, so anyone can see that issue for themselves if this is needed.

With both of the issues above being said, sometimes, it correctly directs the visitor to HTTPS, but then redirects them to HTTP, and then back again to HTTPS and, apparently, that is a performance issue for the site.

I have Always Use HTTPS enabled and according to my Cloudflare dashboard, it has been so for 2 months.

Those were all my attempts to resolve the issue myself and they didn’t help much.

  1. Use an htaccess file to force an HTTPS connexion, but it gives me 500 errors and I know for a fact that this issue comes from Cloudflare specifically because the htaccess file works fine whenever I pause Cloudflare on my website.
    This is what was inside that very same htaccess file:
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  2. Block HTTP connexions, so that the website can’t resolve into an insecure connexion, but that did not work either since all connexions were blocked.

What should I do?
I thought about blocking certain ports, but I am afraid to break something by doing this.

First of all just make sure you’re using Full SSL in your SSL settings. Unfortunately with mixed content, sometimes even that isn’t enough.

You may need to try enabling Auto HTTPS Rewites: Understanding Automatic HTTPS Rewrites – Cloudflare Help Center

Outside of that, follow this guide: Troubleshooting mixed content errors – Cloudflare Help Center

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.