Site Not Served over HTTPS (SSL/TLS)
The site is not served over HTTPS. Modern browsers show "Not Secure" warnings on non-HTTPS pages and Google deprioritizes them in search results. All traffic should be encrypted with SSL/TLS.
Use this article when
- You need deeper remediation guidance than the issue card can show.
- You want CMS-specific steps before handing the fix to a developer.
- You want a repeatable re-check path after shipping the change.
What this issue is
The site is not served over HTTPS. Modern browsers show "Not Secure" warnings on non-HTTPS pages and Google deprioritizes them in search results. All traffic should be encrypted with SSL/TLS.
Why it matters
The site is not served over HTTPS. Modern browsers show "Not Secure" warnings on non-HTTPS pages and Google deprioritizes them in search results. All traffic should be encrypted with SSL/TLS. This affects browser trust signals and whether visitors feel safe submitting contact details.
How we detect it
- FreeSiteAudit flags this issue when the rule for SEC-CERT-VALID-001 fails and the page evidence points to Http headers.
- You can usually confirm this by checking the page source or the relevant page settings inside your CMS.
Evidence examples
How to fix it
- 1Obtain an SSL/TLS certificate (Let's Encrypt is free; most hosts provide one automatically)
- 2Configure your web server to serve HTTPS on port 443
- 3Redirect all HTTP traffic to HTTPS at the server or CDN level
- 4Update internal links to use https:// so users don't hit redirects
How to re-check it
- Visit the site and confirm the browser shows a padlock icon without warnings
Related tools
This issue is best verified with the full FreeSiteAudit crawl rather than a single-point mini tool.
On your platform