- Response Codes
- Internal No Response
- Internal Client Error (4XX)
- Internal Server Error (5XX)
- Internal Redirect Loop
- Internal Blocked by Robots.txt
- Internal Blocked Resource
- Internal Redirect Chain
- External Blocked Resource
- Internal Redirection (3XX)
- Internal Redirection (Meta Refresh)
- Internal Redirection (JavaScript)
- External No Response
- External Client Error (4XX)
- External Server Error (5XX)
- Security
- HTTP URLs
- Mixed Content
- Form URL Insecure
- Form On HTTP URL
- Missing HSTS Header
- Unsafe Cross Origin Links
- Protocol-Relative Resource Links
- Missing Content-Security-Policy Header
- Missing X-Content-Type-Options Header
- Missing X-Frames-Options Header
- Missing Secure Referrer-Policy Header
- Bad Content Type
- Hreflang
- Non-200 Hreflang URLs
- Missing Return Links
- Inconsistent Language & Region Confirmation Links
- Non-Canonical Return Links
- Noindex Returns Links
- Incorrect Language & Region Codes
- Multiple Entries
- Not Using Canonical
- Outside <head>
- Unlinked Hreflang URLs
- Missing Self Reference
- Missing X-Default
- JavaScript
- Noindex Only in Original HTML
- Nofollow Only in Original HTML
- Canonical Mismatch
- Uses Old AJAX Crawling Scheme URLs
- Uses Old AJAX Crawling Scheme Meta Fragment Tag
- Pages with Blocked Resources
- Contains JavaScript Links
- Contains JavaScript Content
- Page Title Only in Rendered HTML
- Page Title Updated by JavaScript
- Meta Description Only in Rendered HTML
- Meta Description Updated by JavaScript
- H1 Only in Rendered HTML
- H1 Updated by JavaScript
- Canonical Only in Rendered HTML
- Pages With JavaScript Errors
- Links
- Outlinks To Localhost
- Pages Without Internal Outlinks
- Non-Indexable Page Inlinks Only
- Internal Nofollow Outlinks
- Pages With High External Outlinks
- Pages With High Internal Outlinks
- Follow & Nofollow Internal Inlinks To Page
- Internal Nofollow Inlinks Only
- Pages With High Crawl Depth
- Internal Outlinks With No Anchor Text
- Non-Descriptive Anchor Text In Internal Outlinks
- AMP
- Non-200 Response
- Missing Non-AMP Return Link
- Missing Canonical to Non-AMP
- Non-Indexable Canonical
- Missing <html amp> Tag
- Missing/Invalid Doctype HTML Tag
- Missing Head Tag
- Missing Body Tag
- Missing Canonical
- Missing/Invalid Meta Charset Tag
- Missing/Invalid Meta Viewport Tag
- Missing/Invalid AMP Script
- Missing/Invalid AMP Boilerplate
- Contains Disallowed HTML
- Other Validation Errors
- Indexable
- Structured Data
- Validation Errors
- Missing
- Validation Warnings
- PageSpeed
- Eliminate Render-Blocking Resources
- Properly Size Images
- Defer Offscreen Images
- Minify CSS
- Minify JavaScript
- Reduce Unused CSS
- Reduce Unused JavaScript
- Efficiently Encode Images
- Serve Images in Next-Gen Formats
- Enable Text Compression
- Preconnect to Required Origin
- Reduce Server Response Times (TTFB)
- Preload Key Requests
- Reduce JavaScript Execution Time
- Serve Static Assets With An Efficient Cache Policy
- Minimize Main-Thread Work
- Image Elements Do Not Have Explicit Width & Height
- Avoid Large Layout Shifts
- Avoid Serving Legacy JavaScript to Modern Browsers
- Avoid Multiple Page Redirects
- Use Video Format for Animated Images
- Avoid Excessive DOM Size
- Ensure Text Remains Visible During Webfont Load
HTTP URLs
HTTP URLs that are encountered in the crawl.
All websites should be secure over HTTPS today on the web. Not only is it important for security, but it’s now expected by users.
Chrome and other browsers display a ‘Not Secure’ message against any URLs that are HTTP, or have mixed content issues (where they load insecure resources on them).
How to Analyse in the SEO Spider
Use the ‘Security’ tab and ‘HTTP URLs’ filter to view these URLs.
To view how these URLs were discovered, view their ‘Inlinks’ in the lower window tab.
Export pages that link to HTTP URLs via ‘Bulk Export > Security > HTTP URLs Inlinks’.
What Triggers This Issue
This issue is triggered for any internal URL found in a crawl that is linked to using HTTP instead of HTTPS. This includes URLs discovered by any link types, such as hyperlinks, canonicals, hreflang and more.
For example, if the following URL:
https://www.screamingfrog.co.uk/
Linked to the following URL:
http://www.screamingfrog.co.uk/froggy/
It would be flagged for this issue.
How To Fix
All URLs should be secure HTTPS pages. Pages should be served over HTTPS, any internal links should be updated to HTTPS versions and HTTP URLs should 301 redirect to HTTPS versions.
HTTP URLs identified in this filter that are redirecting to HTTPS versions already should be updated to link to the correct HTTPS versions directly.
Further Reading
- URL Structure Best Practices - From Screaming Frog
- Why HTTPS matters - From Web.dev