HTTP & HTTPS
-
what is best recommended when some of the pages on site goes from HTTP to HTTPS: 301 redirection or 302 redirection?
and why?thank you
I was asked to elaborate so:
on my website I have open account pages. users are asked to fill the details. those page are secured and are HTTPS. the problem is that the whole website turned to HTTPS so they redirected most of the pages from HTTPS to HTTP.
the secured pages are redirected from HTTP to HTTPS.I wanted to check if it's correct and what is the best redirection way (301 or 302)
-
It could be this easy
http://kb.sucuri.net/cloudproxy/Configuration/how-to-enable-SSL
-
The answer is 301 redirect however you would ideally like your chosen and page either non-www.or www.so
Or
To be a 200
Here is an example of an HTTPS:// website and the headers it returns when run through this tool that will give you your answer.
http://www.feedthebot.com/tools/headers/test.php
The site I am referencing is using www. so I put the URL with the www.the tool referenced below the headers it will give me a 200 okay
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 17 Jun 2014 15:38:47 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Vary: Accept-Encoding
If I put the same URL from the same website into this tool but do not include www.
I receive this
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 17 Jun 2014 15:39:53 GMT
Content-Type: text/html
Keep in mind you will get a lot more information but you are really should only care about what it says after HTTP/1.1
Useing
http://www.feedthebot.com/tools/headers/test.php
Like the others though I am concerned as to how you are going to make this change.
What company are you buying the SSL certificate from? What is your hosting company? Many times these things are implemented via the hosting, load balancer, WAF etc.
There are so any ways to implement https://
that in less you elaborate a little bit more on your server architecture for instance if you could tell me for using a CMS in your hosting company that would be a big step in the right direction.
Are you using load balancers?
Are using a WAF
or CDN to carry the SSL Cert?
I strongly suggest you reference this information about redirection
http://moz.com/learn/seo/redirection
This great blog post by Cyrus Shepard
http://moz.com/blog/save-your-website-with-redirects
SSL if you are familiar with Regex I would strongly recommend taking a look at this great information provided by WP engine that can be used on WordPress platforms in addition to other platforms as well.
http://wpengine.com/support/regex/#ssl
If you are using a WAF (I do not recommend CloudFlare regardless I know that you would be using a similar tactic shown here depending on the WAF or cloudproxy)
sincerely,
Thomas
-
In my mind the answer is complicated and depends a lot on your site structure and how your cms or website handles https.
Case in point, if you go to a https page on your site and all of the links pointing out from that page are to https pages, but the pages are redirected to http pages I would consider that bad. The way some sites are written, they just use the same protocol that the current page uses no matter what, so you would have to redirect the links on the page to the non secure pages, I would use a 302 in that instance. At the same time if it is possible I would see if this can be corrected, because it is not proper. The same happens a lot going from non-secure to secure with some platforms as well.
This site has an example of what I mean. http://junglejumparoo.com/product/jungle-jumparoo/ If you add the product to the cart, then hover over the checkout button, it is http, but clicking it redirects you to https. Then on the next page, if you mouse over the menu, you will notice that all of the links are https now. That is handling ssl incorrectly, but in that case I would use a 302 redirect I guess.
Doing the redirect is a quick fix, but as a long game I would try to fix the issue itself and not do a redirect.
-
I think you may need to elaborate a little on your question as to why the page goes from http to https ie for a cart checkout etc?
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Which URL do I request Google News inclusion for: the http or the non-http?
In Google WMT/Search Console, I've marked the non-www. version of my site as the preferred. But I haven't run into a choice between http:// and non-http:// before. Should I choose the one listed at the top, which is the non-http (AND the non-www) version? Thanks! Unknown.png
Technical SEO | | christyrobinson1 -
Blog Comments & nofollow to follow backlink ratio
Hello I have a website with 2000 nofollow links backlinks and about 20 follow links. It is currently ranking 11<sup>th</sup> on Google. The websites that are outranking it have lower ranking stats and in some cases only 2 follow links. Most of the nofollow links are blog comments, could this be what is dragging down my stats. The only factor my website is worst on is the number of server requests per load, which is 194 as it is a theme. Blog comments can be very difficult to remove; I created these several years ago before I knew too much about SEO. Most of them are on other websites in same niche. Would I be best to ask website owners to delete my comments or restart on a new domain. Thanks Rob
Technical SEO | | tomfifteen0 -
Switching site from http to https. Should I do entire site?
Good morning, As many of you have read, Google seems to have confirmed that they will give a small boost to sites with SSL certificates this morning. So my question is, does that mean we have to switch our entire site to https? Even simple information pages and blog posts? Or will we get credit for the https boost as long as the sensitive parts of our site have it? Anybody know? Thanks in advance.
Technical SEO | | rayvensoft1 -
Using the Google Remove URL Tool to remove https pages
I have found a way to get a list of 'some' of my 180,000+ garbage URLs now, and I'm going through the tedious task of using the URL removal tool to put them in one at a time. Between that and my robots.txt file and the URL Parameters, I'm hoping to see some change each week. I have noticed when I put URL's starting with https:// in to the removal tool, it adds the http:// main URL at the front. For example, I add to the removal tool:- https://www.mydomain.com/blah.html?search_garbage_url_addition On the confirmation page, the URL actually shows as:- http://www.mydomain.com/https://www.mydomain.com/blah.html?search_garbage_url_addition I don't want to accidentally remove my main URL or cause problems. Is this the right way this should look? AND PART 2 OF MY QUESTION If you see the search description in Google for a page you want removed that says the following in the SERP results, should I still go to the trouble of putting in the removal request? www.domain.com/url.html?xsearch_... A description for this result is not available because of this site's robots.txt – learn more.
Technical SEO | | sparrowdog1 -
Switching to HTTPS
I'm trying to get my server PCI Compliant and they want me to switch the forums at http://www.usacarry.com/forums/ over to https because of the logins. Could this possibly affect my existing rankings?
Technical SEO | | USACarry0 -
Https-pages still in the SERP's
Hi all, my problem is the following: our CMS (self-developed) produces https-versions of our "normal" web pages, which means duplicate content. Our it-department put the <noindex,nofollow>on the https pages, that was like 6 weeks ago.</noindex,nofollow> I check the number of indexed pages once a week and still see a lot of these https pages in the Google index. I know that I may hit different data center and that these numbers aren't 100% valid, but still... sometimes the number of indexed https even moves up. Any ideas/suggestions? Wait for a longer time? Or take the time and go to Webmaster Tools to kick them out of the index? Another question: for a nice query, one https page ranks No. 1. If I kick the page out of the index, do you think that the http page replaces the No. 1 position? Or will the ranking be lost? (sends some nice traffic :-))... thanx in advance 😉
Technical SEO | | accessKellyOCG0 -
Disallowing https URLs
It there a problem disallowing all https URLs to be indexed in order to avoid duplication? This is the article recommending this practice - http://blog.leonardchallis.com/seo/serve-a-different-robots-txt-for-https/ Thanks!
Technical SEO | | theLotter0 -
How do you disallow HTTPS?
I currently have a site (startuploans.org) that runs everything as http, recently we decided to start an online application to process loan apps. Now, for one certain section we configured ssl to work (https://www.startuploans.org/secure/). If I go to the HTTPS url for any of my other pages they show up...I was going to just 301 everything from https but because it is in a subdirectiory I can't... Also, canonical URL's won't work either because it's a totally different system and the pages are generated in an odd manor. It's really just 1 page that needs to be disallowed.. Is there any way to disallow all HTTPS requests from robots.txt while keeping all the HTTP requests working as normal?
Technical SEO | | WebsiteConsultants0