TLS and domain
HTTPS redirect checker
Check that http:// redirects to https:// as it should.
What this checks
A secure site should send anyone arriving over plain http:// straight to the https:// version with a permanent redirect, so no traffic is ever served unencrypted.
This tool requests the http:// version of a host and reports whether it redirects to https://, and which status code it uses.
Why it matters
Without a redirect, old links, typed addresses and bookmarks load the insecure version, where data can be read or tampered with in transit.
A permanent 301 redirect also consolidates SEO signals onto the https:// version, so the secure URL is the one that ranks.
How to fix common failures
Force HTTPS at the server
Redirect all http:// requests to https:// with a 301 at the web server, CDN or framework level.
Use a 301, not a 302
A 301 is permanent and passes ranking signals. A 302 is temporary and can leave the http:// version indexed.
Add HSTS afterwards
Once the redirect is solid, send Strict-Transport-Security so browsers skip http:// entirely on future visits.
HTTPS redirect checker is one check. Janitor watches HTTPS redirects automatically across every client site and puts it in a branded report.
Start your free trialKeep reading
Related
FAQ
HTTPS redirect checker FAQ
Which status code should the redirect use?
A permanent 301 is best. 307 and 308 also work and preserve the method. Avoid a temporary 302 for a permanent move to HTTPS.
Is a redirect enough on its own?
It is the essential first step. Adding HSTS afterwards is stronger, because browsers then refuse http:// without even making the request.
Can Janitor watch HTTPS redirects?
Yes. Janitor checks the http:// to https:// redirect on every client site, so a server or host change that drops it is caught quickly.
Get started
Check it once, or watch it for every client
Janitor runs around two dozen checks on every site you manage and turns them into a branded report.
30-day free trial. No credit card required.