If your site is using HTTPS then HTTP to HTTPS redirect should be enabled to avoid duplicate content. But, sometimes, these HTTP to HTTPS redirects are slow. I will show you how to speed it up!
Why HTTP to HTTPS Redirect is Slow?
If you are using WordPress, then WordPress will use PHP to redirect. But, most shared hosting providers have slow PHP. So, as a result, the HTTP to HTTPS redirects become slow.
To fix this problem, we will offload redirects from PHP. Also, we will do some things which will further increase the redirection speed.
How to Redirect via Webserver?
PHP redirects will be offloaded to the webserver to speed them up. Here is how you can do it.
Apache/LiteSpeed
If you use Apache or LiteSpeed (Enterprise or Open Source version), add the following code to your .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Nginx
If you are using Nginx, add the following lines to the Nginx config file of your vhost:
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}NOTE: If you are using Apache and Nginx both (Nginx as reverse proxy for Apache, just like SiteGround uses), then you will need to follow the .htaccess method
Cloudflare
If you are using Cloudflare, then go to SSL/TLS > Edge Certificates > Enable ‘Always Use HTTPS’
Optionally, you can enable Automatic HTTPS Rewrites from the same page.
Enable HSTS
HSTS stands for HTTP Strict Transport Security. It is a response header. This header tells the browser that “this website has HTTPS for x seconds, so always use HTTPS”.
So, if someone opens https://wpsteam.net, then the browser will directly open https://wpsteam.net. So, here the HTTP to HTTPS redirect is skipped by the browser.
How to Enable HSTS?
Here is how you can enable HSTS in different webservers
Apache/LiteSpeed
Add the following code to the .htaccess file:
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>(the 31536000 equals 1 year (in seconds). If you want HSTS to be enabled for a shorter amount of time, just decrease this value.)
Nginx
If you are using Nginx, add the following lines to the Nginx config file of your vhost:
server {
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}Cloudflare
Enable HSTS in Cloudflare by going to SSL/TLS Settings > Edge Certificates > ‘Enable HSTS’.
Configure it as shown in the screenshot below:
You can verify if HSTS is working with the help of the header as shown below:
Alternatively, you can visit https://hstspreload.org/ to check the same.
Submit your Site to Chrome HSTS List
Google chrome (and any Chromium based browser and Firefox too!) use a HSTS preload list which tells the browser that the entire site is available in HTTPS and the browser should directly load the HTTPS version. This mitigates the need of HTTP to HTTPS redirection.
You can do this by visiting https://hstspreload.org/ and then submitting your domain.
Verdict
HTTP to HTTPS redirection takes as much as over 1 secs in some of the budget hosts which is terrible for SEO. Google can and will rank your site lower if the redirection is slow. But, by using the above methods, you can mitigate the need for HTTP to HTTPS redirection.
If you have any queries or suggestions, then please let me know in the comments down below.
Great post. I’m dealing with a few of these issues as well..