**Here is the message from our technical team for the http to https migration; are there any other http to https migration steps recommended? **
Http to https migration steps (for this large ecommerce site):
We implemented HTTPS (HTTP over TLS) protocol today (5/4/2017).
- Applied a patch to ensure that HTTPS pages did not have NoIndex, NoFollow and tested before and after .
- Added new IIS HTTPS Redirect to enforce HTTPS from HTTP and changed others, including the WWW redirect
- Changed HTTPS only for Cookies as required as per new PCI vulnerabilities
- Changed the Basepage HTML template to use Relative Paths or Absolute URLs with HTTPS only (to prevent mixed content)
- Created and ran a SQL Script to cleanup 16 tables from HTTP to HTTPS (about 20,000 of them, including internal URL links, site settings, etc)
- Ran Google Sitemap Generator to create new sitemaps with HTTPS
- Added new HTTPS instance of the site into Webmaster Tools, then added verification code to master page, verified and then submitted the sitemaps to Search Console (QUESTION: will historical data in Google Console/ WMT be preserved for https?)
**Follow up steps for http to https migration for large ecommerce: **
- From this point forward, to avoid “mixed content”, the Marketing team must use either Relative Paths or Absolute Paths with HTTPS only in any customization (i.e. Basepage) or any new link, such as created in Content Management (i.e. Long Description). Any mixed content will make the website look not secure to customers and search engine spiders – so it is very important to be disciplined and diligent about this.
- Contact Salesforce to change the protocol to HTTPS only. Meanwhile, to prevent mixed content, we put in a temporary custom javascript change as workaround – but this should not be permanent especially as to the next upgrade will remove it – so we need Saleforce to make a change ASAP.
- We did not change Blog site (on sub domain), but we should even though it is only a Content site because it will not be signaled as Secure. This means we need to have someone make the changes to WordPress to enforce HTTPS and then change any links.
In terms of impact to page ranking due to Google’s treatment of HTTPS over HTTP and due to some impact to page speed – we will need to monitor closely to see how indexing, organic traffic and page ranking goes and take any additional actions as necessary.