HTTP 301
The HTTP response status code 301 Moved Permanently is used for permanent URL redirection, meaning current links or records using the URL that the response is received for should be updated. The new URL should be provided in the Location field included with the response. The 301 redirect is considered a best practice for upgrading users from HTTP to HTTPS.[1]
HTTP |
---|
Request methods |
Header fields |
Status codes |
Security access control methods |
Security vulnerabilities |
- If a client has link-editing capabilities, it should update all references to the Request URL.
- The response is cacheable unless indicated otherwise.
- Unless the request method was HEAD, the entity should contain a small hypertext note with a hyperlink to the new URL(s).
- If the 301 status code is received in response to a request of any type other than GET or HEAD, the client must ask the user before redirecting.
Example
Client request:
GET /index.php HTTP/1.1
Host: www.example.org
Server response:
HTTP/1.1 301 Moved Permanently
Location: http://www.example.org/index.asp
Here is an example using a .htaccess file to redirect a non-secure URL to a secure address without the leading "www" [3]:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
Here is an example using Perl CGI.pm:
1 print redirect("https://example.com/newpage.html");
Here is an example using a PHP redirect:
1 <?php
2 header("Location: https://example.com/newpage.html", true, 301);
3 exit;
Equivalently simple for an nginx configuration:
location /old/url/ {
return 301 /new/url/;
}
Here is one way to redirect using Express.js:
app.all("/old/url", (req, res) => {
res.redirect(301, "/new/url");
});
Search engines
Both Bing and Google recommend using a 301 redirect to change the URL of a page as it is shown in search engine results, providing that URL will permanently change and is not due to be changed again any time soon.[4][5]
References
- Google. "Secure your site with HTTPS". support.google.com. Google. Retrieved 2016-02-06.
- Fielding, et al (1999-06). "10.3.2 301 Moved Permanently". RFC 2616, p 61. IETF, June 1999. Retrieved from https://tools.ietf.org/html/rfc2616#section-10.3.2.
- Raj, Abhishek. "301 redirect with htaccess for a WordPress site [How-To Guide]". Budding Geek.
- Site Move Tool - Bing Webmaster Help & How-to - https://www.bing.com/webmaster/help/how-to-use-the-site-move-tool-bb8f5112
- 301 redirects - Google Webmaster Tools Help - https://support.google.com/webmasters/bin/answer.py?hl=en&answer=93633
Bibliography
301 HTTPS