Canonical tag points to HTTPS not HTTP version
Issue No: 173
Category: page seo basics
Issue type: Issue
Priority: CRITICAL
Description
Verify that pages served over HTTPS declare canonical URLs using the HTTPS scheme, not HTTP, to prevent canonicalization ambiguity and mixed protocol signals.
How do we capture it
- Fetch the target URL with HTTP GET and store the final URL after redirects.
- Parse raw HTML from the response and extract
<link rel="canonical">from the<head>section. - Resolve canonical
hrefto an absolute URL when relative values are present. - Parse both final page URL and canonical URL scheme components (
httporhttps). - If the final page scheme is
https, validate that canonical scheme is alsohttps. - Record mismatch when canonical points to
httpwhile page is served onhttps. - Optionally request canonical target URL headers to verify transport behavior and redirect destination.
- Constraint: this audit uses only HTTP response data and raw HTML. No JavaScript execution or browser rendering is used.
What to store
| Field | Type | Comment |
|---|---|---|
| page_url TEXT | TEXT | Original crawled URL requested by crawler. |
| final_url TEXT | TEXT | Final URL after redirects. |
| final_url_scheme TEXT | TEXT | Scheme of final URL (http or https). |
| canonical_raw_href TEXT | TEXT | Raw canonical href value extracted from HTML. |
| canonical_url TEXT | TEXT | Canonical URL normalized to absolute form. |
| canonical_url_scheme TEXT | TEXT | Scheme of canonical URL (http or https). |
| has_canonical_tag BOOLEAN | BOOLEAN | Whether canonical tag exists in page head. |
| canonical_scheme_matches_page_scheme BOOLEAN | BOOLEAN | Whether canonical scheme matches final page scheme. |
| canonical_https_mismatch BOOLEAN | BOOLEAN | True when HTTPS page points canonical to HTTP URL. |
| canonical_target_status_code INTEGER | INTEGER | Optional status code from canonical target request. |
| canonical_protocol_check_error TEXT | TEXT | Parsing or request error details for diagnostics. |
| canonical_checked_at TIMESTAMPTZ | TIMESTAMPTZ | Timestamp when protocol validation was performed. |
Condition for trigger
This audit triggers when canonical scheme does not align with HTTPS page transport.
-
Trigger Rule 1: HTTPS Page Uses HTTP Canonical
- Target Field:
canonical_https_mismatch - Evaluation Logic:
final_url_scheme = 'https' AND canonical_url_scheme = 'http' - Severity: CRITICAL
- Diagnostic Message: "Canonical URL uses HTTP on a page served via HTTPS."
- Target Field:
-
Trigger Rule 2: Canonical Scheme Missing or Invalid
- Target Field:
canonical_url_scheme - Evaluation Logic:
has_canonical_tag = TRUE AND (canonical_url_scheme IS NULL OR canonical_url_scheme = '') - Severity: CRITICAL
- Diagnostic Message: "Canonical URL scheme is missing or invalid."
- Target Field:
-
Trigger Rule 3: Canonical Scheme Mismatch
- Target Field:
canonical_scheme_matches_page_scheme - Evaluation Logic:
has_canonical_tag = TRUE AND canonical_scheme_matches_page_scheme = FALSE - Severity: CRITICAL
- Diagnostic Message: "Canonical URL scheme does not match the served page scheme."
- Target Field:
Sources
- Google Search Central - Canonicalization: https://developers.google.com/search/docs/crawling-indexing/consolidate-duplicate-urls
- Google Search Central Blog - HTTPS as a ranking signal: https://developers.google.com/search/blog/2014/08/https-as-ranking-signal
- RFC 3986 - URI Generic Syntax: https://www.rfc-editor.org/rfc/rfc3986
Long description
When a page is delivered over HTTPS but declares an HTTP canonical URL, crawlers receive conflicting preference signals about the authoritative protocol. This can reduce canonical consistency, fragment link equity across protocol variants, and increase the chance that search engines select a non-preferred URL.
Common failure scenarios checked by the crawler:
- Canonical href is hardcoded with
http://on secure pages. - Canonical URL is generated from an outdated base URL configuration.
- Canonical value is malformed or missing scheme.
- Canonical target redirects unexpectedly across protocols.
How to Fix
Ensure canonical URL generation always emits HTTPS for HTTPS-served pages. Standardize canonical helpers on one secure base URL, validate output at template level, and recrawl representative pages to confirm protocol-consistent canonical tags.