After enabling HTTPS, use a permanent 301 redirect to send all HTTP requests to the HTTPS version. This protects visitors who type or click old links and consolidates your SEO signals on one canonical, secure URL.
A correct HTTP-to-HTTPS redirect ensures nobody lands on the insecure version of your site. Using a 301 (permanent) redirect preserves search rankings and prevents duplicate-content and mixed-signal problems.
Check your website
See how your site handles http to https redirects: doing the migration right — free, no account needed.
For business owners
Enabling HTTPS is only half the job. If http:// URLs still serve content, visitors and search engines can end up on the insecure version, and you effectively run two copies of your site. A single permanent redirect fixes this: everyone ends up on the secure URL, your rankings consolidate, and the "Not secure" label can never appear.
How it works (technical)
The web server should respond to any http:// request with 301 Moved Permanently and a Location header pointing to the identical https:// URL, preserving the path and query string. A 301 (not 302) tells search engines the move is permanent so link equity transfers.
Pair the redirect with the HSTS header so that after the first visit, browsers skip HTTP entirely and go straight to HTTPS — eliminating the insecure request altogether.
Real-world example
A site added HTTPS but used a 302 temporary redirect. Google kept indexing both http and https URLs, splitting rankings. Switching to a 301 and adding HSTS consolidated everything onto the secure URLs, and organic traffic recovered over the following weeks.
Why it matters
Redirects are where HTTPS migrations succeed or fail. Wrong redirect types cause duplicate content and lost rankings; missing redirects leave an insecure version live. Scanners test whether HTTP properly redirects to HTTPS.
How to fix it
Configure the server to 301-redirect all HTTP requests to the same HTTPS URL.
Preserve the full path and query string in the redirect target.
Redirect both
wwwand non-wwwto your single preferred canonical host.Add the HSTS header once HTTPS is confirmed working everywhere.
Update your sitemap, canonical tags and internal links to HTTPS.
Best practices
Use 301, not 302, for the permanent HTTPS move.
Redirect in a single hop where possible (avoid http→www→https chains).
Combine with HSTS to remove the insecure request entirely on repeat visits.
Common mistakes
Using a 302 temporary redirect and losing SEO signals.
Redirecting everything to the homepage instead of the matching path.
Creating long redirect chains that slow the first load.
Frequently asked questions
Will redirecting hurt my SEO?
A correct 301 preserves rankings. Problems come from 302s, redirect chains, or redirecting all pages to the homepage.
Do I still need redirects if I have HSTS?
Yes. HSTS only applies after a browser has seen the header once; the redirect handles the very first visit and non-browser clients.
Put this into practice
See how your site scores with Plexa Trust — start with a free scan, then unlock the complete audit on Pro.
Scan your website free