P0 · CriticalSecurity
No HTTPS redirect
HTTP does not redirect to HTTPS
Code: no_https_redirect
Why it matters
HTTP does not redirect to HTTPS. Browsers and users expect sites to be secure. Missing protections expose visitors to data theft, phishing, and loss of trust.
How to fix
Redirect HTTP to HTTPS
nginx# Nginx
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
# Apache (.htaccess)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Related checks in Security
Run a free scan to check your site
Get a complete audit in under 2 minutes. No account required.
Start Free Scan