How Google Handles New HTTPS Pages With Mixed Content Warnings
If you have been thinking of switching over to HTTPS but haven’t wanted to deal with fixing all the potential issues that come up with an HTTPS migration, at least one of the most common issues won’t cause significant issues when you make the leap – and that is the problems surrounding mixed content warnings.
John Mueller talked about this issue specifically, when a site switches to HTTPS but suddenly the site has a lot of mixed content warnings popping up in the browser.
From Google Search side, what would happen there is we would recognize that there is insecure content on this page and we would be less likely to pick that URL as the canonical.
So we have your HTTP version, your HTTPS version, if we recognize that the HTTPS version isn’t correct, then we will prefer the HTTP version.
He also makes it clear that this kind of situation won’t cause a site to be penalized nor will it cause a loss of rankings either.
It doesn’t mean that you will see any change in rankings, you won’t be penalized for that. It’s really just a matter of do we pick this one or the other one.
He was asked for clarification about it if the site is redirecting the HTTP to the HTTPS version, and how that might affect Google’s choice in this situation.
Yeah, it’s still possible we might pick the HTTP version. We use a number of factors in the canonicalization. The redirects do play a big role there. But if we see really strong signs that the HTTP version is actually the one that should be indexed, we might still pick that one for indexing.
One good thing about this is that site owners who are reluctant to switch over to HTTPS because of possible errors taking a long time to fix. Especially for larger sites that may have pulled resources from many places over the years, it is easy to miss some of them when switching to HTTPS and ensuring all those on page resources are also HTTPS too. But definitely fix them in a timely manner, don’t leave them forever.
This also means that searchers won’t see the insecure / mixed content warning that some browsers and browser settings alert users to. This often results in someone abandoning the site, especially if they aren’t familiar with the site in question or what the warning means and if it might be a security or privacy issue for them if they view the page anyway.
At present, we use the same GA tracking code and property for both the HTTPS and HTTP versions of the website. The HTTP pages have the HTTPS pages as canonical. Will there be any loss in user traffic information? What is the recommended practice for sites existing on both HTTP and HTTPS protocols.