@one Manually adding https to the front works, but them not redirecting all requests to https is criminal in 2019.
@robinsyl Indeed. Doing HSTS *AND* sending an HTTP 301 redirect if anyone tries to use your website on plain HTTP, should be legally mandatory for webmasters.
For bonus points, also disable TLS equal or lower than 1.1.
@one That said they only use CloudFlare SSL so cf could technically see the traffic