Server behavior test

What is it?

This test performs several routine checks on the configuration of your web server. These represent best practice.

Use SSL for all pages

Almost all websites should now use an SSL certificate (i.e. securely encrypt their traffic with visitors). Any websites which accept data from a user – e.g., a form – must do this.

Google has started penalizing websites which do not use SSL, both through lower search engine rankings and by making the Chrome browser highlight non-SSL websites. SSL certificates are now extremely low cost and much easier to install than they used to be.

Make this website redirect HTTP requests to HTTPS

Once a website is using SSL, it should redirect any requests for non-SSL pages to the SSL version. E.g. if you visit http://example.com/ you should be redirected to https://example.com/. This redirection should be provided by a HTTP redirection, not a JavaScript or meta-refresh.

Without doing this, there will be two copies of your website on the Internet, which will dilute your SEO and undermine the value of having SSL in the first place. See duplicate content.

Make this website redirect from www to non-www

Originally it was very common for websites to be identified by the www prefix, e.g. “my website is www.example.com”. The www prefix is unnecessary, and increasingly irrelevant on the modern web.

It is common for a website to be accessible from a non-www address, e.g. example.com. When this is the case, the website should only be available at one of these addresses, e.g. you should either use www.example.com or example.com, but not both.

Ensure this website has a working “Page not found” page

Websites should detect when a request is made for an unknown page, and display an appropriate error message, such as “Page not found”. Crucially, when doing this, they must return a HTTP status code of 404.

This is an important requirement as it allows search engines like Google to properly understand your content. Some websites do not do this, and make it difficult or impossible for search engines to determine which pages are real, and which pages are not. Often this results in a huge amount of duplicate content, diluting their SEO.