Have you switched your website to HTTPS, a secured protocol that is the answer to data protection? If you haven’t, then you probably should.

Google announced HTTPS as a ranking signal, and their index is starting to display secured pages over unsecured pages. They went as far as to publish a guide to maintain your site with Google in mind, explaining why you should protect your site and your users.

The transition starts with obtaining an SSL certificate and installing it on your hosting account. The certificate is issued by an authority that ensures your web address belongs to your organization.

While your site may still be vulnerable to attack, data sent and received through HTTPS include encryption, authentication, and data integrity where you won’t see data corrupted through transfer.

The switch helps in many ways, and it’s important that you take the proper steps for a smooth transition.

301 Redirects

This may seem obvious, but when you’re making the transition between HTTP and HTTPS, make sure all pages are setup with a 301 redirect. It notifies search engines that your site’s address has been changed.

Plus, if anyone has bookmarked a page on your site, they will be automatically redirected to the HTTPS version of your page once the transition is complete.

Remember, all redirects run the risk of losing traffic. When Google first announced a minor ranking boost for secured sites, many webmasters were hesitant to 301 redirect their entire site. That’s partly the reason why Google allowed the 301 redirect to not affect PageRank.

All redirects will carry an SEO risk, but for permanent redirects (from HTTP to HTTPS), 301s are the method that is preferred by Google.

Update Internal Links in Content

Ideally before, but also right after a migration to HTTPS, make sure all references in your content back up your migration. This means that the URL in internal links have to be updated to reflect the change.

If you don’t update the internal links and other links on each page of your site, users who are looking to navigate further will experience 404 pages.

To replace and update is simple. Typically, you can make sure all instances are updated through the search-and-replace function in the database. Make sure the redirect chain in minimalized and link directly to the canonicals of the HTTPS destination.

Your internal linking structure must be looked at closely to avoid the redirect chains. Run crawl reports after you’ve switched to HTTPS to ensure all internal links have been updated and there are no errors.

Enable HSTS

HSTS (HTTP Strict Transport Security) is used to prevent unnecessary redirections for websites that operate solely on HTTPS.

The purpose of the HSTS is to eliminate a server-side check and allow your website to load faster. This results in a better user experience.

The HSTS was placed into effect so websites can submit their domain name to be preloaded into the browser. While it may be confusing because the browser will use a 307 redirect (Internal), it acts as the 301 as it is generated by the browser.

When your domain is typed into the address bar, the HSTS will redirect the user to your HTTPS version straightaway. To qualify, users will need a valid SSL certificate, and all hostnames need to serve content from the HTTPS version.

Update Canonical Tags

While most CMS systems will take care of this step for you, you can overlook it if they don’t. Ensure that all of your rel=canonical tags are pointing users to the correct version of your site.

Once you have moved over, the tags should be pointing to HTTPS to help Google understand which version of the page should rank. Keep in mind that Google views an HTTP version as a completely different site than an HTTPS, so updating all tags and links within the site is crucial.

When one step is missed, notably the rel=canonical tags, Google can become confused over which page should be rankings in the SERPs. Common problems include content duplication issues between the HTTP and HTTPS versions, which can be regulated with the update of canonical tags.

Add HTTPS to Search Console

Once you make the transition to a secure protocol, you must configure that with Google Search Console and proceed to monitor the impact it has made. Configure the switch with Google Search Console once the redirections are in place and the XML sitemaps and robots.txt have been updated.

Utilize the Fetch and Render function to ensure everything is working as intended.

  • Go to the homepage of the HTTP version to verify it redirects properly.
  • For the HTTPS version, verify it renders correctly. If so, click the “Submit to Index” button and select the “Crawl this URL and its direct links” option when prompted.

You’ll have to navigate through Search Console to determine if factor is holding back your migration. This includes verifying there are no manual actions holding your site back. Plus, update the Crawl Rate to the HTTPS property, as well as checking the URL Removal tool to see if any URLs have been submitted for temporary removal.

Search Console treats HTTP and HTTPS separately, so if you have pages for both protocols, you must have a separate Search Console property for each one.


Switching to HTTPS can be a headache with all the technical challenges. Plan ahead and make sure all redirects are in place to avoid major hiccups. There will be flaws and there are likely to be fluctuations in search visibility, but the switch can’t be ignored.

You’re going to be confused at some point during the transition, and you’ll have to focus on a lot of things to ensure the migration is completed as smoothly as possible.

With the right planning, the right tracking, and the right implementation, you should have minimal trouble when migrating from HTTP to HTTPS.