Canonical Points to the HTTP Version: How to Fix It
- April 16, 2023
- Indexation, Canonical Issues
Canonical Points to the HTTP Version: How to Fix It
http:// version of the same URL. That tells Google to treat the insecure URL as the master copy, which can undo your HTTPS migration and get the wrong version indexed. The fix is almost always simple: make the canonical point to the https:// URL, usually by correcting a hardcoded protocol in a template.What this means
A canonical tag (rel="canonical") tells search engines which URL is the preferred, master version of a page when several URLs serve similar content. This issue fires when an HTTPS page declares a canonical that uses the http:// protocol instead of https://.
In plain terms: the secure page is voluntarily nominating its own insecure twin as the version that should rank and be indexed. The page is accessible under HTTPS, yet it points search engines back to HTTP. This almost always happens after an HTTP-to-HTTPS migration where the canonical logic in a template was never updated to the new protocol.
Why it matters
Google treats rel="canonical" as a strong canonicalization signal, second only to redirects. Google also prefers HTTPS over HTTP by default, but that preference can be overridden when conflicting signals appear, and an HTTPS page that points its canonical at HTTP is exactly that kind of conflict.
- You are telling Google to prefer the insecure version. A canonical is an explicit instruction. Pointing it at HTTP contradicts the secure setup you migrated to.
- It undermines your HTTPS migration. The effort of moving to HTTPS is partly wasted if every page still nominates its HTTP self as canonical.
- The wrong URL can get indexed. If Google honors the canonical, the HTTP URL may be selected for the index, even though most sites force HTTPS with a redirect, creating a mismatch between what is requested and what is canonicalized.
- It muddies duplicate-content consolidation. HTTP and HTTPS versions of a page are separate URLs. A conflicting canonical can scatter ranking signals across protocols instead of consolidating them on one secure URL.
How it gets flagged
Crawlers such as Screaming Frog and Sitebulb read the canonical link element from both the HTML and the HTTP headers. The issue is reported whenever an internal HTTPS URL declares a canonical that uses an HTTP URL.
- In Screaming Frog, open the Canonicals tab and review the canonical link element and HTTP-header canonical for each URL; sort by the canonical column to spot
http://values on secure pages. - In Sitebulb, the indexability hint flags any internal HTTPS URL whose canonical uses HTTP.
- In Google Search Console, the URL Inspection tool shows the user-declared canonical, so you can confirm whether it resolves to the HTTP or HTTPS version.
How to fix it
Unless the HTTP canonical is deliberate (it almost never is), switch the canonical URL from HTTP to HTTPS. Because canonicals are usually generated by a rule or template, one change often corrects the issue across the whole site.
- Find the source of the protocol. Look for a hardcoded
http://in the canonical logic of your theme, CMS settings, or SEO plugin. In WordPress, confirm the Site Address and WordPress Address both use HTTPS. - Use the correct protocol in the canonical. The canonical must point to the same secure URL the page is served on.
Incorrect, pointing at the insecure version:
<link rel="canonical" href="http://example.com/your-page/" />Correct, pointing at the secure version:
<link rel="canonical" href="https://example.com/your-page/" />After the fix, make sure each HTTPS page uses a self-referencing canonical to its own HTTPS URL, keep internal links and XML sitemap entries on HTTPS, and confirm a site-wide 301 redirect forces HTTP to HTTPS so the signals all agree. For the difference between permanent and temporary redirects, see our 301 vs 302 redirects guide. Recrawl to confirm the warning clears.
False positives
This issue rarely produces false positives, but a few situations are worth checking before you act:
- Intentional HTTP canonical. On the rare site that genuinely keeps HTTP as the indexed version, an HTTP canonical is intended. This is not recommended in 2026, since HTTPS is the expected default.
- Staging or mixed environments. A crawl of a staging server may surface HTTP canonicals that do not exist in production. Confirm against the live HTTPS site.
- Cross-domain canonicals. If the canonical points to a different domain that legitimately runs on HTTP, treat that as a separate review rather than a simple protocol swap.
FAQ
Will an HTTP canonical hurt my rankings?
It can. It sends a conflicting signal that may lead Google to index the insecure URL or to discount your canonical entirely, which weakens how ranking signals consolidate on the page you want to rank.
My pages already redirect HTTP to HTTPS. Do I still need to fix the canonical?
Yes. A redirect and a canonical are separate signals. Leaving the canonical on HTTP creates a contradiction between the two, so update the canonical to HTTPS even when a redirect is in place.
Should the canonical be absolute or relative?
Use an absolute URL that includes the full https:// protocol and domain. Absolute canonicals remove ambiguity about which protocol and host you mean.
How do I confirm Google sees the right canonical?
Use the URL Inspection tool in Google Search Console to compare your user-declared canonical with the Google-selected canonical, and recrawl with your audit tool to confirm the HTTPS canonical is now in place.
For deeper context, see our complete canonical tags reference and our duplicate content guide.
Canonical and indexing signals fighting each other?
An advanced technical audit untangles canonical, redirect, and HTTPS conflicts across your whole site so the right URLs get indexed.
Claude Vincent is a technical SEO consultant focused on crawlability, rendering, and AI-search visibility. He writes the field guides and case studies at SEO ProCheck, with a bias toward the durable, unglamorous work that decides whether search engines and AI answer engines can actually read and cite a site.
About SEO ProCheck
Technical SEO consulting and GEO strategy with 20 years of enterprise experience. Case studies, resources, and tools for search and AI visibility.
Work With Me
Technical SEO audits, GEO strategy, site migrations, and international SEO. Hourly consulting for teams who need hands-on support, not just reports.
Subscribe to our newsletter!
