Force HTTPS at the server
Redirect all http:// requests to https:// with a 301 at the web server, CDN or framework level.
Check that http:// redirects to https:// as it should.
Your result
What this checks
A secure site should send anyone arriving over plain http:// straight to the https:// version with a permanent redirect, so no traffic is ever served unencrypted.
This tool requests the http:// version of a host and reports whether it redirects to https://, and which status code it uses.
Why it matters
Without a redirect, old links, typed addresses and bookmarks load the insecure version, where data can be read or tampered with in transit.
A permanent 301 redirect also consolidates SEO signals onto the https:// version, so the secure URL is the one that ranks.
How to fix it
Redirect all http:// requests to https:// with a 301 at the web server, CDN or framework level.
A 301 is permanent and passes ranking signals. A 302 is temporary and can leave the http:// version indexed.
Once the redirect is solid, send Strict-Transport-Security so browsers skip http:// entirely on future visits.
Janitor watches HTTPS redirects automatically across every client site and puts it in a branded report you can send.
Keep reading
FAQ
A permanent 301 is best. 307 and 308 also work and preserve the method. Avoid a temporary 302 for a permanent move to HTTPS.
It is the essential first step. Adding HSTS afterwards is stronger, because browsers then refuse http:// without even making the request.
Yes. Janitor checks the http:// to https:// redirect on every client site, so a server or host change that drops it is caught quickly.
Get started
Janitor runs around two dozen checks on every site you manage and turns them into a branded report.
30-day free trial. No credit card required.