Redirect all non-HTTPS requests to use an HTTPS connection. An SSL certificate must be installed on the web server for this rule to have any meaning.

Add the following to your web.config’s <rules> section:

<system.webServer>
	<rewrite>
		<rules>
			<rule name="Redirect HTTP to HTTPS" stopProcessing="true">
				<match url="(.*)" />
				<conditions>
					<add input="{HTTPS}" pattern="^OFF$" />
				</conditions>
				<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" appendQueryString="true" />
			</rule>
		</rules>
	</rewrite>
</system.webServer>

An SSL certificate must obviously be installed on the server for this to be effective. For SEO purposes, this redirect should be Permanent (301).

In More Detail

Historically, HTTPS connections have typically been used for sites which deal in sensitive information – banks and financial institution, governmental – it is becoming more and more common as HTTPS has become easier and lest costly to implement and has quickly become the standard for all websites.

In addition to the obvious security benefits of having all traffic to a website encrypted, there are some additional benefits to consider if you haven’t made the move to secure connections on every website you may control:

  • Better search engine rankings – since 2014, Google has been ramping up its preference for secure websites; it is now a clear signal in their ranking algorithm, and you may be getting outranked by secure sites if yours isn’t already using HTTPS exclusively
  • Increased customer confidence – surveys have shown that most people will NOT make a purchase over an insecure connection; additionally, most browsers today clearly indicate on the URL bar whether a connection to a site is insecure, degrading confidence even further for users of a non-HTTPS website
  • The future will be secure – as the web continues to grow, and the number of malicious denizens of the web continues to grow, security and privacy will become paramount; be ahead of the curve when it comes to making the web a secure place to be

While SSL certificates have traditionally been of the commercial (paid) variety coming in varying degrees of functionality, such as wildcard certs, multi-domain certs, and the premium ‘green bar’ certificates, they are also now available for free.

Listed on our Resources page you will find places to get both free and commercial SSL certificates.