HTTPS Pages without HSTS

HTTPS pages which include a Strict-Transport-Security HSTS header in the HTTP response headers

Priority: Low

Impact: Negative

What issues it may cause

If any pages are being served on the HTTP protocol without a redirect, users will be able to access them on the HTTP protocol resulting in a poorer user-experience. This may result in a higher bounce/exit rate reducing conversions.

How do you fix it

A Strict-Transport-Security HSTS header should be included the response headers on all HTTPS URLs.

What is the positive impact

Users who have interacted with an HTTPS page that contains an HSTS header will be automatically redirected in the browser from any HTTP URLs on the same domain to the HTTPS equivalent, resulting in fewer pageviews of HTTP URLs, and a more secure experience.

Users will not see any further pages as insecure, resulting in an improved user-experience and a lower rate of bounce back to search results. This may positively impact the rankings and increase traffic.

How to fetch the data for this report template

You will need to run a crawl for report template to generate report. When report has been generated and you have crawl id you can fetch data for the report using the following query:

Query

query GetReportStatForCrawl(
    $crawlId: ObjectID!
    $reportTemplateCode: String!
    $after: String
   ) {
      getReportStat(
        input: {crawlId: $crawlId, reportTemplateCode: $reportTemplateCode}
      ) {
        crawlUrls(after: $after, reportType: Basic) {
          nodes {
            pageTitle
            url
            foundAtUrl
            deeprank
            level
            hsts
            https
            redirectedToUrl
            foundInGoogleAnalytics
            foundInGoogleSearchConsole
            foundInBacklinks
            foundInList
            foundInLogSummary
            foundInWebCrawl
            foundInSitemap
          }
          totalCount
          pageInfo {
            endCursor
            hasNextPage
          }
        }
     }
   }

Variables

{"crawlId":"TjAwNUNyYXdsNDAwMA","reportTemplateCode":"https_pages_without_hsts"}

cURL

curl -X POST -H "Content-Type: application/json" -H "apollographql-client-name: docs-example-client" -H "apollographql-client-version: 1.0.0" -H "x-auth-token: YOUR_API_SESSION_TOKEN" --data '{"query":"query GetReportStatForCrawl( $crawlId: ObjectID! $reportTemplateCode: String! $after: String ) { getReportStat( input: {crawlId: $crawlId, reportTemplateCode: $reportTemplateCode} ) { crawlUrls(after: $after, reportType: Basic) { nodes { pageTitle url foundAtUrl deeprank level hsts https redirectedToUrl foundInGoogleAnalytics foundInGoogleSearchConsole foundInBacklinks foundInList foundInLogSummary foundInWebCrawl foundInSitemap } totalCount pageInfo { endCursor hasNextPage } } } }","variables":{"crawlId":"TjAwNUNyYXdsNDAwMA","reportTemplateCode":"https_pages_without_hsts"}}' https://api.lumar.io/graphql

Try in explorer