Checklist For Failing HTTP To HTTPS
Since Google announced it would begin using the HTTPS as a signal SEO , many websites have begun to migrate to HTTPS , not only for security reasons but also to benefit from the extra boost in the rankings in The results pages of Google.
However, while Google has published best practices to move from HTTP to HTTPS , the reality is that in many cases they are not followed or some are missed because there are so many different areas involved, as well as Verification and validation before, during and after migration.
For example, Gary Illyes, Webmaster Trends Analyst at Google, has published a Tweet for some useful reminders calling to check and edit tracking and ad scripts to avoid blocking:
The real issue when migrating from HTTP to HTTPS is really not a complete lack of knowledge of webmasters, because even if people know some good practices to consider, the problem is often more due to a lack of Complete resources with all validations, specifying when to implement them.
This could be easily shared and monitored by all parties involved in the migration, and who would know from the beginning when to do what, in order to plan the right resources at the right time.
Here is a checklist that tells you the tasks before, during and after migration.
Before switching from HTTP to HTTPS
SSL Certificate: Purchase, configure, and test the SSL / TLS Secure Certificate using SHA-2 for SSL on the server.
Save and validate both the http and https domain name in the Google Search Console, and in versions with www and without www. If you have also registered subdomains or subdirectories in the Search Console, replicate these records and configurations with their https version.
Install and start tracking rankings in parallel with the HTTPS domain name in your SEO tools or tracking software.
Identify the best site pages in the Search Console and in Google Analytics, as well as related queries, which provide you with organic visibility and traffic. You will make it a priority when validating and monitoring the performance of the site.
Analyze the HTTP version of the site to identify and correct all broken internal links, as well as the current structure before migration.
Configure the new version of the website in order to modify, test and update the links in a staging environment, to point to the URLs ( pages and resources such as images, js, pdfs, etc. ) with HTTPS.
Update canonicales tag ( rel = “canonical” ) to include absolute URLs using the https protocol.
Ensure that all existing rewrites and redirects ( with or without www, with or without a slash (slash), etc .) Are also implemented in the HTTPS version as they used to run on the http.
Prepare and test the redirects rewriting rules 301 of all existing URL identified ( pages, images, js, etc ) on the domain http to https, on the server.
Generate a new Sitemap file in XML format with the URLs for HTTPS in order to download it in the HTTPS version of the domain name in the Search Console, once the site has been moved to HTTPS.
Prepare the robots.txt file that will be uploaded to the HTTPS version of the domain name when the site will be deployed by replicating the current HTTP version directives but pointing to HTTPS URLs if necessary.
Prepare changes on all ad campaigns, emailing or affiliate campaigns to start pointing to HTTPS versions of URLs as soon as the migration is done.
Verify that link disallow requests have been submitted in the past to re-submit them for HTTPS versions of the URLs via the domain name property in HTTPS in Google Search Console.
If you migrate a gTLD ( top level domain ) you are targeting geographically via Webmaster ( as far as its subdomains or subdirectories, if you target the geographically individually ), make sure the Re-target geographically with the HTTPS version of the domain name.
If the URL settings are managed through the Google Search Console, the existing configuration must be replicated in the site’s HTTPS profile or property.
If a CDN ( Content Delivery Network ) is used, make sure it will be able to serve the version of the name of the field site HTTPS and SSL when managing the migration will be effective.
Verify that all ad serving codes served, third-party extensions, and social plugins used on the site will work correctly when moved to the HTTPS.
Make sure that the existing Web Analytics configuration will also monitor HTTPS domain traffic.
Checks during migration to HTTPS
Publish HTTPS version of the site online ( in production mode ).
Verify that the URL structure on the HTTPS version of the site is the same as that of the HTTP version.
Verify that the site links actually point to the correct HTTPS URLs.
Check that the canon’s tag ( rel = “canonical” ) in the header of the pages also link to the right URLs HTTPS.
Check that the new version canonical HTTPS implements the rewrites and redirections versions with or without www, with or without slash at the end, etc., in the new version HTTPS.
Set up the 301 redirects of each site URL from HTTP to its HTTPS version.
Annotate the migration date in your Web Analytics platform and verify that the configuration has been set to track the performance of the HTTPS version.
Verify that the SSL configuration of your Web server is correct. You can use a service such as SSLLabs to test .
Refresh the parameters of the robots.txt file in the HTTPS domain name with the relevant changes.
Analyze the site to verify that HTTPS URLs are those that should be accessible, linked, and served without errors, erroneous noindex, wrong redirects, or canonical tags.
Check that the redirect rules of http and https, with www and without www, with slash and without slash are correctly implemented.
Download and check the XML sitemap file generated with the HTTPS URL versions in HTTPS property ( the domain name ) Google Webmaster Tools.
Update, as can be done, external links ( backlinks ) pointing to the site well before check they are redirected to the HTTPS version.
Ensure that plug-ins, social buttons, third-party ads, and extensions work correctly in HTTPS versions of URLs. You can scan your site to check if there are still non-secure content with JitBit .
Implement relevant changes to the ad campaigns, emailing, and affiliation so that they are properly redirected to the HTTPS web version of the site.
Monitor the crawl, indexing, visibility, and errors of both HTTP and HTTPS versions of the site. Because, you should under no circumstances remove the HTTP version.
Monitor traffic to HTTP and HTTPS versions of the site, as well as their rankings.
Check the settings of the robots.txt file in the domain name in https to ensure that the configuration has been properly updated.
In principle, with all these guidelines for implementing and migrating to secure HTTPS hosting, you should make a no-fault.
But, it is also important to mention that once you move your site to your HTTPS server, you might consider serving the pages via HTTP / 2.
Indeed, HTTP / 2 (originally named HTTP / 2.0) is a major release of the HTTP network protocol used on the World Wide Web. He is from the experimental protocol SPDY ( pronounce like the English word speedy ) developed by Google.
For the record, know that HTTP / 2 does not require modification of existing web applications, an effort has been made on the backward compatibility with HTTP 1.1. But existing or future web applications can be developed to benefit from the new features proposed especially for transmission speed gains.
HTTP / 2 retains the majority of the HTTP 1.1 syntax, such as methods, codes, URIs or headers. An element has been modified: how the data is segmented and transported between the client and the servers. This has no impact on existing applications.