How To Test http <-> https and www <-> non-www Redirects?

User Guide : Run URL Tests > How To Test http <-> https and www <-> non-www Redirects?

How To Test http <-> https and www <-> non-www Redirects?

Every domain should choose to serve pages using a single (canonical) URL form (www or non-www, http or https) and redirect all other URL forms to the proper canonical one using a single 301 redirect.

These redirections (http <-> https and www <-> non-www) are called canonical redirects.

Canonical redirects make sure that content is accessible only through a single (the canonical) URL.

Here's the best canonical URL redirection setup:

Choose one canonical URL variant for every page on the website (http or https, www or non-www)
Use the canonical URL variant for all internal links
Redirect all non-canonical URL variants with a single 301 redirect (no redirect chains, no 302 redirections).

Example: if your canonical URL form is https://domain.com, then all other 3 variants (https://www.domain.com; http://www.domain.com; http://domain.com) should redirect to https://domain.com with a single 301 redirect.

HEADMasterSEO can take a list of URLs, generate all of their domain URL variants and check if they redirect to the correct final URL using a single 301 redirect.

It's one of the first tests I run to audit the SEO setup of a website. It's also my goto first test to assess HTTP to HTTPs migrations.

HEADMasterSEO will grade each tested input URL and its variants as a PASS or FAIL [reasons for failure].

To pass the canonical redirection test, each tested URL must:

Return status code 200, if it is the preferred canonical form.
Redirect to the proper canonical form using a single 301 redirect, if it is not the canonical URL variant.

Testing for secure cookies and HSTS response headers

Some websites that use secure https:// urls implement additional security measures - using only secure cookies and HSTS (Strict-Transport-Security response header policy).

If you check for non-secure cookies, each URL (including the URLs in a redirection sequence) will pass the test if:

There is no cookie set on an http:// URL. If there's a Set-Cookie header field in the response headers of an http:// page, the URL fails the test.
All cookies set on https:// URLs must have the Secure attribute present, which means that the cookie will not be sent over an http:// connection.

If you run the check for HSTS headers, then every https:// URL must have the Strict-Transport-Security response header present. The URL will fail the test if the Strict-Transport-Security header is set using a max-age=0 parameter.

Viewing, Saving and Exporting the Test Results

When running canonical URL redirection tests, HEADMasterSEO will present the results with an additional "Test Result" column:

Example URL redirection check results:

Test example for HSTS policy and secure cookies:

Test results can be saved and reloaded from .HEAD files.

You can export test results to CSV using the "Standard Report" CSV Export.