Skip to main content

Canonical tag points to HTTPS not HTTP version

Issue No: 173

Category: page seo basics

Issue type: Issue

Priority: CRITICAL

Description

Verify that pages served over HTTPS declare canonical URLs using the HTTPS scheme, not HTTP, to prevent canonicalization ambiguity and mixed protocol signals.

How do we capture it

  1. Fetch the target URL with HTTP GET and store the final URL after redirects.
  2. Parse raw HTML from the response and extract <link rel="canonical"> from the <head> section.
  3. Resolve canonical href to an absolute URL when relative values are present.
  4. Parse both final page URL and canonical URL scheme components (http or https).
  5. If the final page scheme is https, validate that canonical scheme is also https.
  6. Record mismatch when canonical points to http while page is served on https.
  7. Optionally request canonical target URL headers to verify transport behavior and redirect destination.
  8. Constraint: this audit uses only HTTP response data and raw HTML. No JavaScript execution or browser rendering is used.

What to store

FieldTypeComment
page_url TEXTTEXTOriginal crawled URL requested by crawler.
final_url TEXTTEXTFinal URL after redirects.
final_url_scheme TEXTTEXTScheme of final URL (http or https).
canonical_raw_href TEXTTEXTRaw canonical href value extracted from HTML.
canonical_url TEXTTEXTCanonical URL normalized to absolute form.
canonical_url_scheme TEXTTEXTScheme of canonical URL (http or https).
has_canonical_tag BOOLEANBOOLEANWhether canonical tag exists in page head.
canonical_scheme_matches_page_scheme BOOLEANBOOLEANWhether canonical scheme matches final page scheme.
canonical_https_mismatch BOOLEANBOOLEANTrue when HTTPS page points canonical to HTTP URL.
canonical_target_status_code INTEGERINTEGEROptional status code from canonical target request.
canonical_protocol_check_error TEXTTEXTParsing or request error details for diagnostics.
canonical_checked_at TIMESTAMPTZTIMESTAMPTZTimestamp when protocol validation was performed.

Condition for trigger

This audit triggers when canonical scheme does not align with HTTPS page transport.

  • Trigger Rule 1: HTTPS Page Uses HTTP Canonical

    • Target Field: canonical_https_mismatch
    • Evaluation Logic: final_url_scheme = 'https' AND canonical_url_scheme = 'http'
    • Severity: CRITICAL
    • Diagnostic Message: "Canonical URL uses HTTP on a page served via HTTPS."
  • Trigger Rule 2: Canonical Scheme Missing or Invalid

    • Target Field: canonical_url_scheme
    • Evaluation Logic: has_canonical_tag = TRUE AND (canonical_url_scheme IS NULL OR canonical_url_scheme = '')
    • Severity: CRITICAL
    • Diagnostic Message: "Canonical URL scheme is missing or invalid."
  • Trigger Rule 3: Canonical Scheme Mismatch

    • Target Field: canonical_scheme_matches_page_scheme
    • Evaluation Logic: has_canonical_tag = TRUE AND canonical_scheme_matches_page_scheme = FALSE
    • Severity: CRITICAL
    • Diagnostic Message: "Canonical URL scheme does not match the served page scheme."

Sources

Long description

When a page is delivered over HTTPS but declares an HTTP canonical URL, crawlers receive conflicting preference signals about the authoritative protocol. This can reduce canonical consistency, fragment link equity across protocol variants, and increase the chance that search engines select a non-preferred URL.

Common failure scenarios checked by the crawler:

  • Canonical href is hardcoded with http:// on secure pages.
  • Canonical URL is generated from an outdated base URL configuration.
  • Canonical value is malformed or missing scheme.
  • Canonical target redirects unexpectedly across protocols.

How to Fix

Ensure canonical URL generation always emits HTTPS for HTTPS-served pages. Standardize canonical helpers on one secure base URL, validate output at template level, and recrawl representative pages to confirm protocol-consistent canonical tags.