Home » HTTP to HTTPS Migration: A Checklist

HTTP to HTTPS Migration: A Checklist

In 2014, Google announced that security is a ranking signal. Three years down the road, the search giant gave website owners an ultimatum to migrate to the secured version of their websites, or it will mark it as ‘Not secure’ even on an incognito browser.

And, users are big on security. Hence, you cannot afford not to migrate from http to https. HTTP stands for hypertext transfer protocol and the S in the HTTPS stands for security. This protocol is described as the standardization of receiving information from web browsers. Securing it means encrypting the site and making it secure so no third party entities may not tamper the data being transmitted between the users (with whatever information they input) and your website. It makes use of SSL (secure sockets layer), a data file that aims to keep user information safe.

From an SEO perspective, it means a more secure and safer browsing experience for your users too. Landing on your website, you don’t want these users to check the site information found at the address bar and see the Not secure label. Bounce rates would increase this way for sure, affecting click-through rate, traffic and ranking.

While Google makes clear what the solution is for this, migrating from http to https is not without difficulties. It can get too technical too, well that is, if you are not coding savvy. That means the majority of site owners.

Nonetheless, technical savvy or not, you must know which factors and processes impact the success of an http to https migration.

HTTP to HTTPS migration checklist

CheckOptimize crawl settings

Go to Google Search Console to set crawl timing. Minimize the requests sent per second at least 2 to 3 days before the actual https migration. Before that, make sure you have a list of all URLs of your website that you can use for complete migration and comparison later on in the process.


Check with CDN

If you are using a content delivery/distribution network (CDN), it would be wise to check with the provider first how it treats https, in particular, SSL certificates.


Obtain all access to digital assets


Download all existing 301 redirects


Download and update disavow file


Download any URL removal requests


Select SSL certificate

Buy a 2048-bit TLS/SSL SHA-2 secure certificate. Follow the instructions including the required documents to access the signed certificate.


Install the SSL certificate

Install the certificate on your site’s servers. Then, configure the server to reflect https. Perform a simple test to ensure that the certificate is working correctly.


Verify the https website

Your next stop is to verify the preferred https version of the site in Search Console (and Bing’s too). Confirm the preferred version as well between www and non-www. The subsequent updates shall be made to the preferred version of the site.


Check the content

Check if the content of the http is completely migrated to the https version. After the migration, the site content must be able to request https resources.


Update the URL parameters

The https version must reflect the actual URL parameters. If you are not sure about this, just copy the settings for the http version. If the site is using relative URLs, the https update will be automatic. Update the absolute URLs manually.

Update links

Replace all the absolute links. After that, update all internal and external links using the right https website. Do these for all your digital assets including letterheads, email signatures, newsletters, social media profiles and PPC (pay per click) ads as well as blogs that you maintain and control. Update the links on tracking tools as well such as AdWords and remarketing codes.



Import the updated 301 redirects. Implement a permanent redirect to the preferred and verified version. Make sure that the https version is used consistently for 301 redirects.


Create a new sitemap

A new sitemap.xml file should be configured to reflect the new URLs. Make sure that the new sitemap.xml file is declared on robots.txt file.

Update the robots.txt file

Configure the robots.txt file as well so that Google and other search engines will crawl the https version instead of the old one. Make sure that the robots.txt file is not blocking any https URLs and content.


Configure canonicalization

For pages with the same content, put canonical tags to the preferred version. If you need to, add self-referencing rel=canonical tag to every page to point to the https version. Prioritize the relevant pages, though you need to do this for all the pages.


Update Analytics settings

Head to Google Analytics to update the admin settings. Put the https version and save the settings so Google Analytics will start to procure data for the new version of the website. Annotate, fetch, render and submit new URLs for indexing.


Configure data highlighter

While at Search Console, check the data highlighter section as well. Set it up to the new https version so Google may pick up the right URL from this point forward.


Disavow links

Collate a links disavow file and submit to Search Console to get rid of the spammy links.


Submit a removal request

For older pages that no longer add value to the https website, request a removal for each page.


Validate the https version

Validate using an online tool such as W3C. This ensures you that the https version of your website is glitch-free.


Check extensions and plugins

The https version of the site should work even for added extensions and installed plugins particularly those that relate to social sharing.


Check the RSS feed (if applicable)

Make sure that the site’s RSS feed works for the https version.


Check page speed

Analyze the https website’s speed score on both mobile and desktop using Google Pagespeed Insights tool. Implement the recommended changes accordingly.


Evaluate mobile-friendliness

Check the website’s mobile version to ensure that the new URL reflects on this too. Configure a mobile-friendly https website if it’s not yet implemented.


Audit code and backup

Check both front-end and back-end parts of development to ensure that the https implementation would not complicate JavaScript, CSS and other such elements. Most importantly, backup. Keep a backup including that of third-party tracking tools.


Update internal and third-party tools

Other than the social profiles, you also need to update tools that you are using for SEO purposes such as Moz.com.


Crawl the https website


Monitor the new site

Over the next weeks, you need to monitor traffic and rankings. Frequent Google Analytics and Search Console.


To ensure that you are sending search engines the right page signals, make sure that:

  • The use of the preferred version is consistently used on all digital assets
  • The new sitemap.xml file is declared on robots.txt file
  • The tools are all updated and points to the https website
Optimind Logo

Digital Marketing agency with focus on Social Media, SEO, Web Design, and Mobile Development

Google Partner
Dot PH


Optimind Technology Solutions

2nd Flr CTP Building
Gil Fernando Avenue
Marikina City
Manila 1803 Philippines

+(63) 2 86820173
+(63) 2 86891425
+(63) 2 77394337
Australia - +(61) 2 80050168
Los Angeles, CA - +19092722457