Taking SSL One Step Further with Redirection Mode

https vs https cross signs

In recent years, Secure Sockets Layer (SSL) has become a standard in the industry. Already used by millions of websites to protect their information, SSL is a necessary and relatively accessible security feature to apply onto your site. We’ve talked a lot about what SSL is, and how reliable free SSL can be – and to take it further today, we’ll talk about redirecting your domain to HTTPS and WWW URLs.

To fully grasp the concept of the need for redirection, one has to understand that websites can have variations in terms of URL. Take for example, the following:
1. http://www.example.com
2. http://example.com
3. https://www.example.com
4. https://example.com

While the same site would show up in the web browser, search engines consider these to be four different websites. #1 and #2 are utilizing HTTP, while #3 and #4 are utilizing HTTPS. Whenever you visit a website, one of the easiest ways to see if the site is utilizing SSL or not is to see whether or not “https://” is visible in the URL address bar. The “s” here stands for “secure” and denotes that it uses the SSL protocol. Many website visitors, especially if they are dealing with financial transactions on the site, look for “https://” in the URL to reassure themselves that the information exchange will be secure.

However, many website owners may be surprised to find out that having SSL set up doesn’t mean that the site is encrypted. When a redirect from HTTP to HTTPS is not set up, a user may still land on the HTTP or unencrypted version of the site.

Unfortunately, this means that:
a) They’re unable to fully leverage the SEO boost that comes from enabling HTTPS (a Google ranking signal since 2014) as search engines may index their HTTP sites instead
b) Visitors ending up on the HTTP version of their site are still at risk of sensitive data exposure from simple man-in-the-middle attacks
c) They are unable to gain the trust of visitors who don’t feel reassured seeing the “http://” URL

So how do you set up domain redirects so that you don’t always have to include “https://” in the address bar? According to Google, the best way to ensure that users and search engines are directed to the correct page is a server-side 301 redirect. One way to do this is to go into your web server, and input the redirection code. However, this step can get complicated, especially if you’re not web-savvy.

This is where Cloudbric comes in to live up to its “all-inclusive” promise. In addition to offering all users free SSL certificate generation and installation services, we’re also providing all users with Redirection Mode.

Setup is simple. After signing up for the service, head over to your dashboard settings and turn on both the HTTP to HTTPS redirection, as well as the Non-WWW to WWW redirection. This will ensure that all variations of your domain redirect to the same site with the URL format https://www.example.com.

 

root domain https setupFor your subdomains, the same directions apply – except that Non-WWW to WWW redirection is not necessary.

suddomain https setup cloudbric

But a couple of things to consider before turning on Redirection Mode. First, make sure that your website is up and running normally when you type the “https://” in front of your domain name. Popular browsers like Google Chrome, Internet Explorer, and Firefox block mixed content (when initial resources are loaded in HTTPS but other resources like scripts or stylesheets are loaded over HTTP). With mixed content, your website can look broken to users and will need to be remedied.

Second, this mode on the Cloudbric dashboard is only for users who are using a SSL certificate. If you aren’t using SSL and prefer HTTP connection only, make sure that Redirection Mode is turned OFF, or face potential errors to your website.

ssl no redirection mode cloudbric

For users that are using SSL, 301 redirection with Cloudbric’s Redirection Mode ensures that your visitor connection is encrypted no matter what URL your visitors land on. Get started today, and for additional questions or concerns, send us an email at global@cloudbric.com.