Thanks, interesting. I plan to add some extra features to this plugin so that site admins can use settings to let WordPress know when to honour those custom HTTP headers like
HTTP_X_FORWARDED_PROTO, and now also CloudFlare's
NB: CloudFlare Flexible SSL is really only half an SSL -- it encrypts data between your site's visitors and CloudFlare, but then sends all that sensitive data in clear text across the Internet to your web server. Great for giving visitors a happy feeling, but I wouldn't trust it for securing credit card details.