With Google Chrome now calling out insecure browsers as ‘not secure’ and many website falling short of the standard – basically not having SSL. The industry are finally seeing the rush we have always wanted to see to secure website, however there comes an issue with this. Those who do it themselves or have it done on the cheap often skip a step or incorrectly implement this step – implementing the redirection from non-secure to secure.
To implement the redirect correctly, Google have said that you should implement a 301 redirect on all urls from http to https.
The simplest way of doing this is a sitewide 301, you can regex within this if needed or url to url individually but you must use 301 and NOT 302 or 303.
For a clearer answer to this tune into this webmasters video at around 23mins
In essence, 301 your urls over and keep your site structure the same – this is what google looks for and keeps life much easier for bots – anything else makes life much harder for them.
Sidenote: I have recently seen a handful of website implementing SSL where they haven’t added any redirection for SSL at all, or they have added it but somehow removed the non-www to www redirect – please be careful with redirections.
Final note, if you use wordpress and are getting mixed -SSL messages when you test your website – there is a fab SSL plugin ‘Easy HTTPS (SSL) Redirection‘ which redirects all urls from images to content to ssl versions.