How To Test Canonical Redirects (http, https, www, non-www) ?

User Guide : Run URL Tests > How To Test Canonical Redirects (http, https, www, non-www)?

How To Test Canonical Redirects (http, https, www, non-www)?

Canonical redirects are an important part of a domain technical SEO setup and security.

Visitors can try to access the same content on a domain with 2 to 4 different URLs.

Example: your homepage might be requested from 4 different addresses:

https://domain.com
http://domain.com
https://www.domain.com
http://www.domain.com

Here's the best canonical URL redirection setup:

Choose one canonical URL variant for all pages
Use the canonical URL variant for all internal links
Redirect all other non-canonical URL variants with a single 301 redirect (no redirect chains, no 302 redirections).

Example: if your canonical URL form is https://domain.com, then all other 3 variants (https://www.domain.com; http://www.domain.com; http://domain.com) should redirect to https://domain.com with one 301 redirect.

HEADMasterSEO can take a list of URLs, generate all of their domain URL variants and check if they redirect to the correct final URL using a single 301 redirect.

It's one of the first tests I run to audit the SEO setup of a website. It's also my goto first test to assess HTTP to HTTPs migrations.

HEADMasterSEO will grade each tested input URL and its variants as a PASS or FAIL [reasons for failure].

To pass the canonical redirection test, each tested URL must:

Return status code 200, if it is the preferred canonical form.
Redirect to the proper canonical form using a single 301 redirect, if it is not the canonical URL variant.

Testing for secure cookies and HSTS response headers

Some websites that use secure https:// urls implement additional security measures - using only secure cookies and HSTS (Strict-Transport-Security response header policy).

If you check for non-secure cookies, each URL (including the URLs in a redirection sequence) will pass the test if:

There is no cookie set on an http:// URL. If there's a Set-Cookie header field in the response headers of an http:// page, the URL fails the test.
All cookies set on https:// URLs must have the Secure attribute present, which means that the cookie will not be sent over an http:// connection.

If you run the check for HSTS headers, then every https:// URL must have the Strict-Transport-Security response header present. The URL will fail the test if the Strict-Transport-Security header is set using a max-age=0 parameter.

Viewing, Saving and Exporting the Test Results

When running canonical URL redirection tests, HEADMasterSEO will present the results with an additional "Test Result" column:

Example URL redirection check results:

Test example for HSTS policy and secure cookies:

Test results can be saved and reloaded from .HEAD files.

You can export test results to CSV using the "Standard Report" CSV Export.