By Premnath321


2019-02-05 09:23:35 8 Comments

I have a new website and from day one, it was on HTTPS. For example:

https://www.example.com/

Do I still need to redirect HTTP to HTTPS to avoid content duplication? For example, should I still set a redirect from http://www.example.com/ to https://www.example.com/?

5 comments

@Zhaph - Ben Duguid 2019-02-07 22:22:51

If your site sends HSTS Preload headers and is listed in chrome's HSTS Preload list and all your users are using a browser that uses that list, then you can probably get away without using a redirect (assuming your domain doesn't respond on port 80 at all).

However if there's a chance that users might just type your domain in manually then you should really ensure that you redirect to HTTPS with a 301 permanent redirect.

@unor 2019-02-07 05:41:49

If search engines never crawled HTTP URLs under this domain, and if there are no HTTP links anywhere, you don’t need to redirect from HTTP to HTTPS for SEO purposes.

But you should still redirect for usability reasons:

  • If users manually enter URLs to your site, they often omit the https:// (e.g., starting with www.). Unless they visited your HTTPS site before, their browsers will likely request the HTTP variant.

  • If users enter the full URL, they might not notice the s in https:// and enter http://.

@Keith Tysinger 2019-02-08 03:27:27

Right, so if you are psychic or know the exact SEO algorithm, you can forgo the redirect? That is nonsense.

@unor 2019-02-08 09:19:55

@KeithTysinger: What do you mean? This has nothing to do with ranking, only with crawling/indexing. If a search engine never crawled/indexed a URL, this URL is obviously not part of the search engine’s index. And a URL that is not indexed doesn’t need to be redirected -- as far as search engines are concerned.

@Keith Tysinger 2019-02-09 20:47:39

Are you saying that Google does not penalize websites that are insecure? It goes way beyond "usability." It can be an SEO ranking factor and a huge blunder from a security standpoint. What if your bank's website only used http? It's not a usability issue it's a security issue.

@unor 2019-02-10 10:35:22

@KeithTysinger: This question is about a HTTPS-only site. Search engines can’t penalize a site that doesn’t exist (HTTPS only), or if it does exist, that they don’t know about (HTTP and HTTPS, but only HTTPS is indexed).

@Group Of Oceninfo 2019-02-05 10:25:39

Yes, if http:// and https:// version both are running at the same time.

No, if http:// visitors are already getting redirected to https:// then you don't have to redirect.

Run some tests and see if both websites are opening at the same time or not.

@MrWhite 2019-02-07 00:43:15

What do you mean exactly by your second sentence: "If http:// visitors are already getting redirected to https:// then you don't have to redirect."? If HTTP is "already getting redirected" then presumably a redirect has already been implemented?!

@Group Of Oceninfo 2019-02-07 03:59:31

Yup that's the same what I mean "If HTTP is "already getting redirected" then presumably a redirect has already been implemented and you don't have to do any redirects :)

@MrWhite 2019-02-07 11:23:25

The point is, a redirect has been implemented under that scenario... so a redirect is required. Regardless of when or by whom. A redirect is a redirect.

@Keith Tysinger 2019-02-05 19:28:45

Best practices dictate that we should redirect non-secure traffic to https. One example: if you want to add a login script in the future, it must be secure. At that point, your visitors using http will be getting all sorts of error messages and warnings (mixed content, unsecured web form ...).

To avoid this kind of mess, just do the redirect.

@Patrick Mevzek 2019-02-05 14:34:22

If it is from day one on HTTPS only, for me it means it should not even listen on port 80 for HTTP (trying to connect with pure HTTP should trigger a timeout error).

Only the HTTPS version should exist, and since you do not have an HTTP website in that case, there is nothing to redirect.

@Maximillian Laumeister 2019-02-06 00:27:27

AFAIK if a user types in a web address it only tries to connect via HTTP, so the website would just time out and never load. (HSTS is an exception)

@Patrick Mevzek 2019-02-06 00:36:19

@MaximillianLaumeister Not necessarily, a browser could as well defaults on trying HTTPS if nothing is provided. And based on various announcements by Google and the like this seems to be clearly the direction... You can even do some kind of happy eyeballs algorithm like for the IPv4/IPv6 duality. See github.com/Rob--W/https-by-default and EFF HTTPS Everywhere project

Related Questions

Sponsored Content

2 Answered Questions

3 Answered Questions

[SOLVED] Redirecting from http to https impact SEO?

  • 2016-01-31 00:08:41
  • Simohammedhttc
  • 275 View
  • 1 Score
  • 3 Answer
  • Tags:   seo redirects https

1 Answered Questions

[SOLVED] Duplicated webpage (HTTP & HTTPS)

2 Answered Questions

[SOLVED] Why does 301 redirect timeout with HTTPS even though it works with HTTP?

0 Answered Questions

1 Answered Questions

3 Answered Questions

[SOLVED] HTTPS and HTTP URLs point to different places?

1 Answered Questions

[SOLVED] Locate sitemap at HTTP or HTTPS?

  • 2013-11-29 15:51:14
  • user33692
  • 11717 View
  • 6 Score
  • 1 Answer
  • Tags:   sitemap https http

2 Answered Questions

[SOLVED] HTTPS To http redirect issue. How to overcome?

Sponsored Content