URL resolves under both HTTP and HTTPS

This means that the URL in question returns a 200 (OK) status for both the HTTP and HTTPS versions of the URL.

Why is this important?

First and foremost, this situation could pose a security risk, if users are able to access content via HTTP that is supposed to be secure.

However there is also an SEO concern, as both URLs will have identical content, and will be accessible to search engine crawlers - which could cause duplicate content issues that may impact search performance of the website.

What does the Hint check?

This Hint will trigger for any internal URL which returns a 200 status for both HTTP and HTTPS protocol.

Examples that trigger this Hint

Assume you have entered a start URL of http://example.com, and as such have elected to crawl the HTTP version of the website.

Consider a URL http://example.com/page1 which returns a HTTP header response of 200.

This Hint will trigger for this URL if the HTTPS version of the URL, https://example.com/page1, also returns a status of 200.

Vice versa, the same is true if you elected to crawl the HTTPS version of the site.

How do you resolve this issue?

Fundamentally, all URLs should only be accessible via one unique address. If URLs are accessible via both HTTP and HTTPS, then you will need to select one of these as the 'canonical' version, and ensure that the other version redirects to the canonical, across all URLs.

Given the current trend towards 'secure by default', it would make sense to select HTTPS, making sure to follow a proper HTTP-HTTPS migration plan.

If the website has historically been HTTP, and it is not possible to change to HTTPS right now, we'd suggest setting up redirect rules for HTTPS -> HTTP.