Site Audit: Complete HTTPS Implementation Report

April 16, 2017image

We are happy to inform you that we’ve completed the HTTPS Implementation report in the Site Audit tool. Now you can get a broader picture of your site’s security state, if you are migrating it to HTTPS, or monitor your HTTPS performance.

This report shows you all possible issues and, most importantly, advises you on how to fix them. Using HTTPS correctly protects your site and your users, and prevents a negative user experience, since poor HTTPS implementation triggers warning messages in browsers.

To access the HTTPS Implementation report, first go to your project or create a new one, then set up Site Audit and you’ll find the report among the tabs.

img

Let’s look closer at the new checks.

Mixed content

This check lets you know if your website contains any elements that are not secured with HTTPS. Unsecure content can lead to a breach in your website’s security and, as a consequence, trigger a ‘Not secure’ warning in browsers, which may reduce confidence in your website.

img

HTTPS pages containing internal links to HTTP pages

When moving your website from HTTP to HTTPS, be sure that every link on your website points to an HTTPS source.

This check warns you if there are links leading to vulnerable HTTP pages. Having a list of those links, you can quickly replace them with the new HTTPS versions and save user experience from being negatively impacted.

No redirects or canonicals to HTTPS URLs from HTTP versions

If you’re running both HTTP and HTTPS versions of your homepage, it is very important to instruct search engines to only index the HTTPS version, otherwise your pages can start competing with each other in search results and you may lose traffic. This check warns you if you’ve forgotten to complete this important step.

Pages with HTTP links in the sitemap.xml

This check lets you know if SEMrush found HTTP links in your sitemap.xml. Using different URL versions in your sitemap could mislead search engines and may result in an incomplete crawling of your website.

For broad-scale monitoring of your site’s security state, read the description of the other checks that have already been launched, and use them in practice:

  • Expired сertificate
  • Certificate registered to incorrect domain name
  • Old security protocol version (TLS 1.0 or older)
  • Non-secure pages with password inputs
  • No Server Name Indication (SNI) support
  • No HTTP Strict Transport Security (HSTS) server support

Since the report is in open beta, your feedback is valuable to us. Please share your thoughts at

site-audit-feedback@semrush.com, and migrate to secure HTTPS with SEMrush!

Is your website secure? Check here

Share