Will Kennard
Will Kennard 8 December 2015

Moving To HTTPS: A Checklist

This is for those who’ve already decided to go secure and need a tick box list of potential issues associated with switching to https.

Way back in August 2014 Google announced that serving your website over a secure connection – HTTPS- is now a ranking factor. 

The SEO industry essentially responded by saying "I got 99 strategies and this ain't one." Because at the time there was a million things you could do to improve your rankings in SERPs that were betting than adding TLS to your web server. 

This post isn’t about whether you should do it or not. There are case studies to say it has a positive impact on search visibility, and there are cases where it has a negative effect, albeit usually short lived. But we’re not going to go into that here – this is for those who have already decided to go secure and want a simple way to tick the boxes on potential issues associated with the switch.


It’s designed to be an exhaustive list, so not all points will apply to your own websites, but please give us a shout in the comments if you think there’s something we’ve missed! Hopefully it can be a resource that keeps developing. We’d also love to hear your case studies and cock-ups too, just for fun.


Some of the points here aren’t necessarily going to have a direct impact on search visibility, but are more centred around usability and ensuring the dreaded “Insecure content warning” isn’t displayed when users navigate to your new HTTPS website. Which, by the way, Google is now warning you about in Search Console.

HTTPS Changeover Checklist

Update core website template links.

What & Why: If your website template/structure doesn’t use relative URLs (WordPress doesn’t for example), then you’ll need to update these to the new HTTPS version.

Redirect all HTTP traffic.

What & Why: You’ll need to redirect all user requests for HTTP pages to the new HTTPS version so that it’s not possible for users to navigate to an unsecured URL. Use server side 301 redirects here to preserve link equity.

Modify current .htaccess redirects.

What & Why: To make sure you’re not creating redirect chains, you’ll want to update your .htaccess file to make sure URLs being redirected are now pointing to HTTPS versions of the final pages.

Ensure site is completely secure.

What & Why: Having an “Insecure content warning” presented to users when they navigate to your website can make your site seem less trustworthy and discourage them to continue. Not good. You’ll want to ensure that resources being served from external sources are secure. This could include content or ads from CDNs, third party analytics tools that don’t force SSL (most do), and embedded widgets. You might also want to update cookies to (mentioned below).

Change canonical tags.

What & Why: If your website uses canonical tags, you’ll need to ensure that they point to the new versions of your URLs with HTTPS included. This ensures you are not sending crawlers to redirects when it’s not necessary.

Update Robots.txt

What & Why: Your Robots.txt will need to be updated to include new HTTPS URLs to avoid any potential errors that may occur.

Update your sitemap

What & Why: Update your sitemap to contain new HTTPS URLs to make sure Google is able to understand your site structure.

Create a new search console account

What & Why: Unfortunately you’ll need to create a new Search Console (AKA Webmaster Tools) property and account for the new HTTPS version of the site. Along with this, you’ll need to submit your new sitemap in the new account (leave the old one in the old account) and also resubmit your disavow file if you have one.

Use relative path names
What & Why: Using relative link paths can be very useful here, particularly with things like images, as it makes sure that changing over to HTTPS doesn’t affect them.

Update Google Analytics

What & Why: It’s important to make sure your Google Analytics account is still measuring everything correctly, otherwise you’ll lose valuable data. Filters, goals, advanced segments, tag manager tags & triggers, Analytics account domain, will all need to be updated to reflect the new HTTPS URL.

Update Cookies

What & Why: Update cookies and set secure flag to make sure cookies are sent over HTTPS only to avoid any insecure content warnings.

Monitor Progress

What & Why: Once it’s all sorted, keep your eye on Search Console to see if your pages are being indexed. You can also use site search to see what’s going on, particularly inurl: which will display any indexed results with your new HTTPS version. Remember, getting your new HTTPS URLs indexed by Google can take a while, I’ve seen up to 3 weeks! So don’t panic if you see your pages haven’t yet been crawled.

Contact us
Hopefully this resource has been useful for you. Of course, if you don’t know what you’re doing and just need someone to handle the process for you, or any SEO consultancy for that matter, then get in touch with us.

Original Article

Read More On Digital Doughnut

Please login or register to add a comment.

Contribute Now!

Loving our articles? Do you have an insightful post that you want to shout about? Well, you've come to the right place! We are always looking for fresh Doughnuts to be a part of our community.

Popular Articles

See all
Digital Marketing Vs. Traditional Marketing: Which One Is Better?

Digital Marketing Vs. Traditional Marketing: Which One Is Better?

What's the difference between digital marketing and traditional marketing, and why does it matter? The answers may surprise you.

Julie Cave
Julie Cave 14 July 2016
Read more
4 Important Digital Marketing Channels You Should Know About

4 Important Digital Marketing Channels You Should Know About

It goes without saying that a company can't do without digital marketing in today's world.

Digital Doughnut Contributor
Digital Doughnut Contributor 5 November 2014
Read more
Customer Journey Mapping: A Real-Life Approach to Your Digital Marketing Strategy

Customer Journey Mapping: A Real-Life Approach to Your Digital Marketing Strategy

As financial services and insurance (FSI) companies strive to deliver the seamless multi-channel customer experience, the traditional marketing model has been radically reimagined. Innovative institutions are showing how cross-functional teams focusing on the customer journey can work to develop a single view of the customer – an approach that can bring tangible rewards. Yet research shows that large institutions still have some way to go in maximising the return on their investment in this area.

Aoife McIlraith
Aoife McIlraith 18 September 2017
Read more
If You’re A Social Media Manager, UGC Should Be Your Top Priority

If You’re A Social Media Manager, UGC Should Be Your Top Priority

It’s high time that the marketing world rethinks what an effective social media manager actually does. Hint: it’s not chasing “likes” or showing off their follower counts. Let’s face it: so many brands today totally miss the mark when it comes to their social content. Maybe their posts come off as too “salesy.” Perhaps they’re pushing too hard, leaving their followers behind in an endless trail of “look at me” posts.

Luisana Cartay
Luisana Cartay 11 September 2017
Read more
10 Marketing Lessons From Apple [Infographic]

10 Marketing Lessons From Apple [Infographic]

The 10-year-old kid, selling ice cold fresh lemonade on the street corner in your local neighbourhood had it right. He or she may not have realized it but the simple marketing strategy that they accidentally and innocently came up with works perfectly on the people strolling by on their daily walk.

Ellie Summers
Ellie Summers 19 September 2017
Read more