1.2 Indexability & statusHighVerified

HTTP→HTTPS redirect missing

If the insecure version of a URL does not redirect to HTTPS, I end up with two versions of every page and a security warning for users. Every http URL should 301 to its https equivalent.

What it is

Insecure URLs don’t redirect to secure.

Why it matters

Duplicate HTTP/HTTPS URLs and a weaker trust/ranking position.

How to fix it

301 all HTTP to HTTPS; set canonical to HTTPS.

How to find it on your site

Run curl -I http://yourdomain.com/page and check for a 301 to the https version.
Test several URLs across the site, not just the homepage.
Confirm there is a site-wide rule rather than scattered per-page redirects.
Check HSTS is set so browsers prefer https automatically.

Cross-reference to ranking and citation factors

HTTPS is a confirmed ranking signal, and duplicate http and https URLs split signals. A clean site-wide redirect consolidates them.

Impact

Medium-high. Direct (HTTPS is a ranking signal).

Evidence

HTTPS is a ranking signal; consolidate to it. Google Search Central, Secure your site with HTTPS

Sources

← Redirect to an irrelevant page Mixed content (HTTPS page loading HTTP) →