HTTP to HTTPS: How to Properly Make the Switch

First off, HTTP – what is it?. HTTP is a protocol for you to view web pages in your browser. Simply put, HTTPS is a secured version of HTTP. In other ramblings, our team has explained why you would use HTTPS for SEO as well as explained other benefits of HTTPS with protection and security. So be sure to click on those earlier links for more great information.

To switch from HTTP to HTTPS, we’ll first have to detect it. HTTP/HTTPS requests can be compared with protocol or port (80/443), and the logic to compare can be down on the server level, the code level, and/or the web application layer (CMS). These layers will then force your browser to show HTTPS in the URL via the response.

Server Level

Maybe you want to upgrade to HTTPS simply for enhanced security. But in some cases, making the switch may be an actual requirement due to the fact that modern browsers have deemed your site “insecure” without HTTPS. Information that needs to be kept safe, such as that on a website that takes and processes payments, is best secured through an encrypted connection, otherwise known as HTTPS. You can “force” this switch and obtain an SSL certificate by following a few steps outlined here. This configuration at the server level can also be done using a few different methods, such as the insertion of the following codes:

• IIS – web.config – link to code snippets on the Microsoft Internet Services platform.
• Apache Tomcat – server.xml – link to code snippets for Java Servlets.
• Apache – default.conf – follow the link to get an example of code on the most popular web webserver.
• NGINX – configuration – additional code examples and configuration.

Code Level

Detect HTTP at the business logic layer and then force HTTPS response for all requests.

• Javascript – reference window.location.protocol
  Browser-level front-end code detection using the read-only javascript object of the current location is provided in the link above.
• PHP – reference $_SERVER[‘HTTPS’]
  See reference to the server-side code via PHP referencing the environment information of the protocol.
• ASP.NET – reference Routing
  Follow the link to view code snippets for examples on the Microsoft platform on requests and responses.

Web Application or CMS Level

Here are popular applications where the settings can be configured within the backend:

• WordPress – summary and HTTPS code snippets
• Drupal – summary and code snippets
• Joomla – summary and code snippets
• Umbraco – summary and code snippets
• DotNetNuke – summary and code snippets

Testing

With testing, watch out for caching, so to make things easier make sure to close all your browser windows and use incognito mode.

Lastly, change links referenced from HTTP to HTTPS, too, in case there are scripts or assets causing mixed content problems.