Google: how to move from HTTP to HTTPS

In a post on Google+, Google’s John Mueller explained the things that you should do if you are moving your website from HTTP to HTTPS on the same hostname. 

Step 1: add the HTTPS site to the search console

Add the HTTPS version of your site to Google’s Search Console. There’s nothing more you have to do in Google’s Search Console. The ‘change of address’ setting does not apply for HTTP > HTTPS moves.

Step 2: test HTTPS without indexing it

Use 302 redirects and the rel=canonical attribute to HTTP if you want to test HTTPS without indexing it. The rel=canonical attribute does not guarantee that the HTTP URL is indexed. However, it is a strong signal for Google when picking the indexed URL.

Google does not cache 302 redirects. Do not cloak your website to Googlebot specifically. Further information about A/B testing can be found here.

Step 3: after the test, redirect your URLs to HTTPS

Use 301 redirects from HTTP to HTTPS and confirm the new version by adding a rel=canonical attribute on the HTTPS page (pointing to itself). Details can be found here.

Step 4: check the robots.txt file

The HTTPS site uses the HTTPS robots.txt file. Check that it’s reachable or serves a 404 result code, and check that your HTTP URLs aren’t blocked by the HTTP robots.txt file.

Frequently asked questions

• It is okay to have just some pages on HTTPS. You can start with some pages of your site, test them, and then add more pages. Moving your site in sections is fine.
  
  
• There shouldn’t be any ranking drops. Although fluctuations can happen with any bigger site change, Google’s systems are good with HTTP > HTTPS moves.
  
  
• Google accepts all modern security certificates that are accepted by modern browsers.
  
  
• No PageRank is lost for 301 or 302 redirects from HTTP to HTTPS.

Moving your website from HTTP to HTTPS is a good idea if you want to make your website more secure. The ranking bonus of HTTPS sites is rather small at the moment.