Mixed Content error in inspect even though Automatic Rewrites are on

I have a page rule set up for ‘Automatic HTTPS Rewrites’ but recently there are quite a few Mixed content errors displayed in the browser console.

A few other errors are also appearing now, such as ‘Feature Policy: Skipping unsupported feature name “encrypted-media”.’ which may be related

Shouldn’t Automatic Rewrites be dealing with these?

Check out the limitations when using Automatic HTTPS Rewrites:

Some resources are loaded by JavaScript or CSS via HTTP when the site is loaded in a browser. You will see mixed content warnings in those situations. To determine which URLs do not have HTTPS support, Cloudflare uses data from EFF’s HTTPS Everywhere and Chrome’s HSTS preload list.

These pages used to work until recently without these errors being displayed.

The external resource that is being called has a https version available

Is the URL of the external resource located within the HTML code itself or it’s loaded via a JavaScript?

in the html

This post was flagged by the community and is temporarily hidden.

The response that @erictung gave is likely still correct. The limitations document he linked to says:

If a third-party domain supports HTTPS and is not rewritten automatically, you can manually change those links to relative links or HTTPS links.

Automatic HTTP Rewrites is a best effort tool, and is not always able to rewrite all URLs.

1 Like

pretty sure it was working ok, the pages it cannot rewrite are Open Street Map tiles, so are available

Can you give an example URL? You mentioned some policy based errors also which may be related.