Security fix guide
Site Not Served over HTTPS (SSL/TLS)
The site is served over plain HTTP. Browsers show "Not Secure" warnings and Google deprioritizes non-HTTPS sites.
Issue ID: SEC-SSL-001
Severity: critical
Impact: High
Effort: M
Use this article when
- You need deeper remediation guidance than the issue card can show.
- You want CMS-specific steps before handing the fix to a developer.
- You want a repeatable re-check path after shipping the change.
What this issue is
The site is served over plain HTTP. Browsers show "Not Secure" warnings and Google deprioritizes non-HTTPS sites.
Why it matters
The site is served over plain HTTP. Browsers show "Not Secure" warnings and Google deprioritizes non-HTTPS sites. This affects browser trust signals and whether visitors feel safe submitting contact details.
How we detect it
- FreeSiteAudit flags this issue when the rule for SEC-SSL-001 fails and the page evidence points to Http headers.
- You can usually confirm this by checking the page source or the relevant page settings inside your CMS.
Evidence examples
Check the affected page source, rendered output, or relevant CMS setting to confirm the missing or incorrect element.
How to fix it
- 1Get a free SSL/TLS certificate from Let's Encrypt (or use your host's automatic HTTPS)
- 2Configure your web server to serve HTTPS on port 443
- 3Redirect all HTTP traffic to HTTPS at the server or CDN level
- 4Update internal links to use https://
How to re-check it
- Visit the site and confirm the browser shows a padlock icon
Related tools
This issue is best verified with the full FreeSiteAudit crawl rather than a single-point mini tool.
On your platform