HTTP to HTTPS Test
Test whether a website correctly redirects HTTP traffic to HTTPS and check for HSTS enforcement.
About HTTP to HTTPS Migration
Migrating a website from HTTP to HTTPS secures the connection between the user and the server by encrypting all traffic. It is now a baseline requirement for all websites — required for PWA features, Geolocation API, camera/microphone access, and HTTP/2. Google also uses HTTPS as a positive ranking signal.
Steps for a proper HTTP to HTTPS migration
- Obtain an SSL/TLS certificate — Let's Encrypt provides free certificates. Most hosting providers also offer free certificates. Commercial certificates are available for extended validation (EV) use cases.
- Configure HTTPS on the server — Install the certificate and configure your web server (Nginx, Apache, IIS) to serve HTTPS on port 443.
- Set up 301 permanent redirects — All HTTP URLs must permanently redirect to their HTTPS equivalents. Use 301 (not 302) so browsers and search engines update their records.
- Update internal links — Change all hardcoded
http://references in your HTML, CSS, JavaScript, and database content tohttps://. - Enable HSTS — Add the
Strict-Transport-Securityheader to tell browsers to always use HTTPS, even if a user typeshttp://in the address bar. - Update external services — Update your sitemap, Google Search Console, analytics, CDN, and any third-party integrations with the new HTTPS URLs.
Mixed content
Mixed content occurs when an HTTPS page loads resources (images, scripts, stylesheets) over HTTP. Browsers block or warn about mixed content because it undermines the security of the encrypted page. After migrating, check for mixed content using browser developer tools or an online scanner.
Frequently asked questions
What should happen when I visit HTTP?
A correctly configured site should redirect HTTP (port 80) to HTTPS (port 443) with a 301 or 308 permanent redirect. If it serves content over HTTP without redirecting, it is insecure.