Insufficient HTTPS Coverage on Your Site

Google Search Console Report

The new Page experience on mobile report in Google Search Console is showing insufficient HTTPS coverage on your site, and yet, my website is using SSL for all the URLs? So what is going on?

How to Fix Insufficient HTTPS Coverage on Your Site

Here’s the Checklist for Fixing Insufficient HTTPS coverage on your site as shown in the above video lesson.

Server Configuration

I will assume that you are using web hosting services with cPanel access. Because manually setting up SSL is the job of a network administrator. Most websites today can check server redirection rules and particularly any 301 directives found in server configuration files such as .htaccess

Furthermore: web technologies are diverse, your website may be using Apache, NGINX, IIS or others. That means there are many different configuration settings, first step is to identify the type of server your website is setup using.

Simple way to check is to use a web browser (Chrome, FireFox, Internet Explorer) web dev toolbar. Access this mode pressing the F12 key on your keyboard. Then, go to the “Network” tab and find Response Headers as shown in the below image

Google Chrome Web Developer Toolbar

If you know that your website is thoroughly meeting Google Webmaster Guidelines. Then follow these steps. Your web hosting service provider help section will show you which .htaccess rules will work for your website. Because there are many different directives which accomplishes the same outcome. Here are some samples rules to test. Below codes are for web servers built on Apache server

Redirect Visitors to SSL Secured Version of a Site Example 1 (NON-WWW)

RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*)$1 [R=301,L]

Redirect Visitors to SSL Secured Version of a website Example 1a (WWW)

RewriteEngine on RewriteCond %{HTTPS} off RewriteRule (.*)$1 [R=301,L]

Redirect Visitors to SSL Secured Version of a Site Example 2

This particular code will use IfModule mod_rewrite directing http to https version of your web pages as well as set env=proto:https <IfModule mod_rewrite.c> RewriteEngine On Options +FollowSymlinks RewriteCond %{HTTPS} !=on RewriteRule ^ - [env=proto:https] RewriteCond %{HTTPS} !=on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] </IfModule>

.htaccess codes for 301 redirect from www to non-www

To make the 301 redirect from www to non-www (this is important IF your website is NOT using www in the domain portion) RewriteEngine On RewriteCond %{HTTP_HOST} RewriteRule (.*)$1 [R=301,L] #To make 301 redirect from non-www to www RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

IMPORTANT You May Need to First Redirect NON-WWW to NON-WWW First

Its very important to triple check Redirection Chain. For example: when someone requests what happens? Where is the request redirected to? Understand the fact that www is considered as a sub-domain in terms of Googlebot crawling your website and webpages. That means, Search Console Page Experience report for HTTPS Failing with insufficient HTTPS coverage on your website may be incorrect redirection chain for subdomains. You must serve all subdomains over HTTPS RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$$1 [R,L] #And then redirect to WWW version RewriteEngine On RewriteCond %{HTTP_HOST} ^example\.com [NC] RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$$1 [R,L]

RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] for WordPress CMS .htaccess file

Above .htaccess directives can be used by any Content Management Systems built on Apache, and yet, if you are using WordPress, you may try adding additional directive HTTP_AUTHORIZATION ensuring correctly serving https for WordPress specific files and directories. # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress

You Should Also Test upgrade-insecure-requests

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] Header always set Content-Security-Policy "upgrade-insecure-requests;"

Send Header Response Code Handling Strict-Transport-Security Google Wants so That HTTPS is NOT Failing

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

Send Header Response Code Strict-Transport-Security Example 2

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS

Website Issues That Could Cause HTTPS Failing

Regardless of which Content Management System you are using, first place to check is your XML Sitemap (if you’ve submitted a XML sitemap to Search Console). Then, URL patterns should be consistent, as in it uses https://

Make sure you have link Canonical URL. Easiest way to check this is through looking at your web page source code (Press CTL+U on your keyword using Chrome). It looks like this: <link rel="canonical" href="" /> Check and update internal links (menu links, footer links, image links, CSS background-image links) as well as 301 Redirection settings if you are using plugins, update the links if they are still using http:// none-secure version.

Google Search Console Analysis for Fixing Insufficient https Coverage on Your Site

Today in 2021, Google Search Console recommends using Domain Property. This helps Google considerate ALL URLs it knows about websites. If you are still using the URL-prefix property you can leave that in place but start using the new Domain Property option. This will better assist Google understanding URL structure of your entire website (especially if you have 10000s of URLs including subdomains or different language settings on subdomains).

As shows in the above how to video for fixing insufficient HTTPS coverage on your site tutorial, you can use Performance Tab > Create New Filter for Pages > Select URLs Containing http:// HTTPS Status

The above points will fix HTTPS failing errors for almost all different website setups. Below are initial videos we’ve created. Insights in first video above will fix the problem no doubt. I’ve created a new service for identifying the HTTPS issues RankYa Identify What is Causing Insufficient HTTPS Coverage Problem

Second Video > Insufficient HTTPS Coverage on Your Site Search Console Tutorials by RankYa

As shown in the above video, you can also test using another .htaccess directives for redirecting non https server requests on Port 80 to go through https version.

First Video > Showing Insufficient HTTPS Coverage on Your Site

What is Port 80?

Port 80 is the port number assigned to commonly used internet communication protocol (Hypertext Transfer Protocol (HTTP)). Port 80 is used by a computer to send and receive communications from a Web Server. In our case, we are using it for trying to fix Google Webmaster Tools HTTPS Failing issues, its to make sure that requests made to Port 80 to send and receive HTML pages or data are directed to https of a site.

By RankYa

RankYa is registered Australian digital marketing and web development business. Founded in 2008 we've built a reputation for hard work, honesty and experience. Particularly for Google and WordPress. RankYa also shares how to videos related to Google (Search Console, Ads, Analytics, YouTube), SEO, FB, WordPress. We also created FREE Google & SEO related courses in hope it will help those wanting to earn an income online. Thank you for visiting our website. You're also welcomed to hire us

Leave a comment

Your email address will not be published. Required fields are marked *