How to Redirect HTTP to HTTPS Quickly

Share your love

If your site is using HTTPS then HTTP to HTTPS redirect should be enabled to avoid duplicate content. But, sometimes, these HTTP to HTTPS redirects are slow. I will show you how to speed it up!

Why HTTP to HTTPS Redirect is Slow?

If you are using WordPress, then WordPress will use PHP to redirect. But, most shared hosting providers have slow PHP. So, as a result, the HTTP to HTTPS redirects become slow.

To fix this problem, we will offload redirects from PHP. Also, we will do some things which will further increase the redirection speed.

How to Redirect via Webserver?

PHP redirects will be offloaded to the webserver to speed them up. Here is how you can do it.

Apache/LiteSpeed

If you use Apache or LiteSpeed (Enterprise or Open Source version), add the following code to your .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Nginx

If you are using Nginx, add the following lines to the Nginx config file of your vhost:

server {
  listen 80;
  server_name domain.com www.domain.com;
  return 301 https://domain.com$request_uri;
}
NOTE: If you are using Apache and Nginx both (Nginx as reverse proxy for Apache, just like SiteGround uses), then you will need to follow the .htaccess method

Cloudflare

If you are using Cloudflare, then go to SSL/TLS > Edge Certificates > Enable ‘Always Use HTTPS’

Cloudflare Always Use HTTPS

Optionally, you can enable Automatic HTTPS Rewrites from the same page.

Enable HSTS

HSTS stands for HTTP Strict Transport Security. It is a response header. This header tells the browser that “this website has HTTPS for x seconds, so always use HTTPS”.

So, if someone opens https://wpsteam.net, then the browser will directly open https://wpsteam.net. So, here the HTTP to HTTPS redirect is skipped by the browser.

How to Enable HSTS?

Here is how you can enable HSTS in different webservers

Apache/LiteSpeed

Add the following code to the .htaccess file:

<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

(the 31536000 equals 1 year (in seconds). If you want HSTS to be enabled for a shorter amount of time, just decrease this value.)

Nginx

If you are using Nginx, add the following lines to the Nginx config file of your vhost:

server {
    listen 443 ssl;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}

Cloudflare

Enable HSTS in Cloudflare by going to SSL/TLS Settings > Edge Certificates > ‘Enable HSTS’.

Cloudflare HSTS

Configure it as shown in the screenshot below:

HSTS Settings Cloudflare

You can verify if HSTS is working with the help of the header as shown below:

HSTS Header

Alternatively, you can visit  https://hstspreload.org/ to check the same.

Submit your Site to Chrome HSTS List

Google chrome (and any Chromium based browser and Firefox too!) use a HSTS preload list which tells the browser that the entire site is available in HTTPS and the browser should directly load the HTTPS version. This mitigates the need of HTTP to HTTPS redirection.

You can do this by visiting https://hstspreload.org/ and then submitting your domain.

HSTS Preload List

Verdict

HTTP to HTTPS redirection takes as much as over 1 secs in some of the budget hosts which is terrible for SEO. Google can and will rank your site lower if the redirection is slow. But, by using the above methods, you can mitigate the need for HTTP to HTTPS redirection.

If you have any queries or suggestions, then please let me know in the comments down below.

Share your love
Rahul Biswas
Rahul Biswas

I am the founder of WPSteam. I am currently doing my B.Tech in Electronics & Telecommunication Engineering from KIIT University, Bhubaneshwar, India

Articles: 89

One comment

Leave a Reply

%d bloggers like this: