I setup my github pages hosted blog site (this one) to be running HTTPS by using Cloudflare. There is no cost involved.

Update July 2019

Cloudflare offer wholesale prices on transferring in domain names, so I’ve moved domain name to Cloudflare, and therefore am using it to do SSL.

Update 2018

Github pages now automatically gets a LetsEncrypt certificate for you! No need to use Cloudflare to do this.


I used this article Cloudflare blog but didn’t setup any rules yet. The concept is that Cloudflare registers a certificate for you for free.


Point DNS to Cloudflare

I use DNSimple to register my domain name then pointed it’s DNS to Cloudflare. DNS

Enforce HTTPS via Cloudflare

I want all and traffic to resolve to Under the Crypto tab on Cloudflare SSL

Turn off Injected Javascript (Email Address Obfuscation)

By default you will get an injected javascript file on all pages to help email addresses be obfuscated called email-decode.min.js. No thank you. In the Scrape Shield menu option. SSL and server side excludes I turned off too. This is found in the menu Scrape Shield

Don’t use Cloudflare’s Cache

We can disable it for 3 hours like this SSL Or disable it completely using a page rule: Rule