security error security/https-security

HTTPS Security SEO Rule

Validate HTTPS usage, detect mixed content, check security headers, and verify secure form submissions

What This Rule Checks

Checks HTTPS protocol usage, detects mixed HTTP content (images, scripts, stylesheets, iframes), validates Content Security Policy and referrer policy meta tags, flags unsafe external links, inline event handlers, and insecure form submissions.

Why It Matters for SEO & GEO

HTTPS is a confirmed Google ranking signal. Mixed content and security issues erode user trust, trigger browser warnings, and can cause pages to be flagged as unsafe in search results.

How to Fix

Serve all pages over HTTPS. Replace HTTP resource URLs with HTTPS. Add rel='noopener noreferrer' to external links. Remove inline event handlers. Use HTTPS for form actions.

Examples

Bad

<img src="http://cdn.example.com/image.jpg"><a href="https://external.com" target="_blank">Link</a>

Good

<img src="https://cdn.example.com/image.jpg"><a href="https://external.com" target="_blank" rel="noopener noreferrer">Link</a>

How VibeLinter Checks HTTPS Security

VibeLinter’s security/https-security rule performs these checks:

For Non-Localhost Sites

  1. HTTPS protocol — Errors when the page is not served over HTTPS
  2. Mixed content detection — Scans for HTTP resources on HTTPS pages: images (img[src^="http:"]), scripts, stylesheets, and iframes
  3. Insecure forms — Detects form actions using HTTP and GET methods with password fields

For All Sites (Including Localhost)

  1. Content Security Policy — Checks for <meta http-equiv="Content-Security-Policy"> tag
  2. Referrer policy — Checks for <meta name="referrer"> tag
  3. External link security — Counts external links missing rel="noopener" or rel="noreferrer"
  4. Inline event handlers — Flags onclick, onload, onerror, onmouseover attributes as security risks

Localhost and 127.0.0.1 environments skip HTTPS requirement checks but still receive basic security analysis.

Configuration

// vibelinter.config.cjs
module.exports = {
  rules: {
    'security/https-security': {
      enabled: true,
      severity: 'error'
    }
  }
}

SEO Impact

HTTPS security affects:

  • Ranking signal — Google confirmed HTTPS as a ranking factor in 2014
  • Browser trust — Chrome and other browsers show “Not Secure” warnings for HTTP pages
  • User data protection — Secure connections protect user data and build trust
  • GEO (Generative Engine Optimization) — AI search engines prioritize secure, trustworthy sources; HTTPS and proper security headers increase the likelihood of being cited in AI-generated content as a reliable source

Related SEO Topics

HTTPS SEO ranking factorSSL TLS security checksecurity headers validationmixed content detectionsecure form submissionContent Security Policy

Related Rules

meta-canonical crawl-robots-txt

References