Many redirection on my website

I have a wordpress site keep getting redirection http://beautysecrets.ro to http://www.beautysecrets.ro and from http://www.beautysecrets.ro to https://www.beautysecrets.ro

My domain is: beautysecrets.ro

lets encrypt enabled from siteground hosting

Hi @Mohdaljaraba

your configuration isn’t perfect, but it’s ok ( https://check-your-website.server-daten.de/?q=beautysecrets.ro ):

Domainname Http-Status redirect Sec. G
• http://beautysecrets.ro/
77.104.159.237 301 http://www.beautysecrets.ro/ 0.040 D
• http://www.beautysecrets.ro/
77.104.159.237 301 https://www.beautysecrets.ro/ 0.044 A
• https://beautysecrets.ro/
77.104.159.237 301 https://www.beautysecrets.ro/ 1.197 B
• https://www.beautysecrets.ro/
77.104.159.237 200 1.300 B

And your certificate is new.

CN=beautysecrets.ro
	20.05.2019
	18.08.2019
expires in 90 days	
b-secrets.ro, beautysecrets.ro, 
www.b-secrets.ro, www.beautysecrets.ro - 4 entries

Many redirection on my website

That’s not a problem. There is no loop, that’s the only really critical thing.

Thank you for answer but this thing its not slowing the site a bit ? and theres no solution for to redirect from http://beautysecrets.ro/ to https://www.beautysecrets.ro/ ?

A redirect isn’t a performance problem. If yes, the redirect is wrong (meta refresh). But you use a http redirect, that shouldn’t be a performance problem.

That would be a wrong redirect.

First redirect: http -> https without a new dns query.

Same with your Grade D redirect.

But like Siteground.com website redirection from Siteground.com to https://www.siteground.com . as an example
and here is on the waterfall test around 305 ms per redirection https://gtmetrix.com/reports/beautysecrets.ro/MwZVAiW4

Maybe (didn’t checked it). There are a lot of sites with wrong redirects.

You have a wrong redirect http -> http, that’s always bad. That’s your Grade D (check-your-website) or Grade F (gtmextrix).

PS: 13 seconds are not good.

PPS: Checked the check-your-website - 98 % - https://gtmetrix.com/reports/check-your-website.server-daten.de/wV4ATrhw - 2.2s complete load.

You have 180 requests.

Yes thats why i asked this problem I had it when I had fresh wordpress installed ,and lets encrypt enabled I check it its gave me like this I contact the hosting services they told me its normal , I had not plugins no theme only wordpress

See your content summary ( https://check-your-website.server-daten.de/?q=beautysecrets.ro#html-content ):

39 stylesheets, 46 scripts. That’s terrible.

There is a short delay obviously. It depends on the speed of the connections of the client and server on how long the delay is.

I understand so I should search and replace http to https ? to avoid http redirect !

You shouldn’t remove the http -> https redirect. If a user uses your http version and if you don’t have a redirect, the user uses the not encrypted version.

Create correct redirects http + domain -> https + domain, then https + not-preferred-version -> https + preferred version.

I really appreciate all what u wrote , excuse me because im not a webmaster and this redirects should be do on htaccess file with a code ?

What is the issue with http://not-preferred-version -> https://preferred-version?

It's wrong - check the output of a Grade E - domain - https://check-your-website.server-daten.de/

wrong redirect one domain http to other domain https - first redirect to https without new dns query, so the server can send the HSTS header. That's fundamental using HSTS (Http Strict Transport Security).

Or check the HSTS preload form from Google:

https://hstspreload.org/

In order to be accepted to the HSTS preload list through this form, your site must satisfy the following set of requirements:

  1. Serve a valid certificate .
  2. Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.
  3. Serve all subdomains over HTTPS.
  • In particular, you must support HTTPS for the www subdomain if a DNS record for that subdomain exists.
  1. Serve an HSTS header on the base domain for HTTPS requests:
  • The max-age must be at least 31536000 seconds (1 year).
  • The includeSubDomains directive must be specified.
  • The preload directive must be specified.
  • If you are serving an additional redirect from your HTTPS site, that redirect must still have the HSTS header (rather than the page it redirects to).

(2) is that rule. Redirect to the same host without a new dns query.

Its very big words I think ill need help from a pro to do that ! correct or theres any tutorial for this ?

I thought that’s your own tool. So you’re using your own “it is wrong” as an argument? :face_with_raised_eyebrow:

Hmm, I’m not really convinced by this. Multiple hostnames can lead to the same host.

Redirecting from http://example.com to https://www.example.com is wrong (in the context of HSTS) because you skip the HSTS header on https://example.com that could have enabled HSTS for example.com and all its subdomains. The preload submission validation process also requires this.

Redirecting from http://www.example.com directly to https://example.com doesn’t have this problem (if you use includeSubdomains in the HSTS header) and I don’t think the preload validation checks for it either.

1 Like

Possibly. Your site seems to be using nginx but that might just be SiteGround’s proxy. If it’s really apache behind the scenes you can use .htaccess - something like the following should probably work (but make a backup just in case - I don’t use SiteGround so I can’t test this):

RewriteEngine on

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.