Home / Tools / Force HTTPS sitewide and verify no HTTP pages exist
Transport Security · Scan Check Guide

Force HTTPS sitewide and verify no HTTP pages exist

20 min Impact: high Effort: low ✓ Scan-verified — no manual checkbox

This checks that every version of your site — http://, https://, with or without www — actually serves over HTTPS, and that plain HTTP requests get redirected rather than served directly.

HTTP pages are marked "Not Secure" in Chrome. Google requires HTTPS for Core Web Vitals measurement and uses it as a ranking signal. Any page serving over HTTP is losing trust and rankings.

How to fix it

  1. 1
    Confirm your SSL certificate is installed
    Visit https:// your-domain.com directly. If you see a certificate warning, your host or Cloudflare needs SSL enabled first — this is usually a one-click toggle.
  2. 2
    Force HTTPS at the server or CDN level
    In Cloudflare: SSL/TLS → Edge Certificates → turn on "Always Use HTTPS". On most hosts: enable "Force HTTPS" or add a 301 redirect rule from http:// to https://.
  3. 3
    Test every entry point
    Check http://yoursite.com, http://www.yoursite.com, and https://www.yoursite.com — all four combinations should end up on your one canonical https:// URL.
  4. 4
    Update internal links
    Search your site/CMS for any hardcoded http:// links pointing to your own domain and update them to https://.

Common mistakes

How you'll know it's done

Every variant (http, https, www, non-www) redirects to a single https:// URL with a valid, trusted certificate.

Tools that help

H.I.V.E. checks this automatically

Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.

Run this check in H.I.V.E. →