Criterion SEC3 : Valid SSL Certificate — guide + checklist

Why it matters: it is an anti-duplicate / anti-cannibalization safeguard. When poorly applied, we often observe: ambiguity (wrong associated query), duplication between pages, or performance loss on bounce rate.

On high-volume generated sites, this criterion also acts as a **safeguard**: a stable rule prevents 1,000 errors at once.

Approach: check via crawl (list + export). Recommended tool: **SecurityHeaders.com**.

1. Open the source code and locate the concerned element (tag/structure).
2. Check hierarchy and coherence with H1 + intro.
3. Run a crawl to detect pages violating the criterion.

Tip: first isolate 10 “representative” URLs (top pages + generated pages) before scaling the fix.

Strategy: repair, re-crawl, and monitor in Search Console.

• Verify HTTPS + clean redirects.
• Add basic headers (HSTS, reasonable CSP) according to your stack.
• Retest after deployment.

Then: re-crawl 50–200 URLs, then monitor Search Console for 7–14 days (impressions/CTR/indexing).

Example (illustrative):

• **Context**: category page for auto garage in Casablanca
• **Before**: HTTPS OK but headers missing (CSP/HSTS).
• **After**: Added HSTS + reasonable CSP + secure cookies (if applicable).
• **Note**: Goal: reduce risks and improve browser trust.

• [ ] HTTPS everywhere
• [ ] Respects: complete chain
• [ ] Clean redirects
• [ ] Basic headers tested
• [ ] No mixed content