Canonical points to HTTP version
This means that the URL in question uses the HTTPS protocol, but the canonical URL uses HTTP.
Why is this important?
With security a growing concern for search engines and search engine marketers alike, it is considered best practice for all websites to use HTTPS as the default and preferred protocol. If a URL is accessible under HTTPS, yet states a canonical URL that uses HTTP, this may cause issues in getting the search engines to recognise and index the 'right' URL (which in this case is assumed to be the HTTPS version).
This issue often comes as a result of a HTTP -> HTTPS migration, where the developer has forgotten to update the protocol used by canonicals.
What does the Hint check?
This Hint will trigger for any internal HTTPS URL which contains a canonical link element that uses a HTTP URL as the canonical URL.
Examples that trigger this Hint:
Consider the URL: https://example.com/page-a
The Hint would trigger for this URL if it had a canonical using a HTTP URL;
Canonical link in the <head> to a HTTP URL
OR HTTP Header canonical link to a HTTP URL
How do you resolve this issue?
Generally, if you see this issue it is a result of a misconfiguration. However it could be the case that this is deliberate, and HTTPS URLs are supposed to canonical to HTTP ones.
Unless it is deliberate, it is simply a case of switching the canonical URLs from HTTP to HTTPs. Often, this type of issue is controlled by particular rules or page templates, so it might be possible to solve this issue for all or lots of pages at once, with a few changes to the governing rules/templates.