Google considers a secure website with a valid SSL certificate (run under HTTPS) as an SEO ranking factor. If you haven’t already done so you need to setup your domain to run under https AND setup relevant 301 redirect http to https htaccess rules.
In this SEO tutorial you will learn how to setup a .htaccess 301 redirect rule to automatically redirect all traffic from the http://… version of a site to the corresponding https://… version and also learn how to setup relevant WWW or Non-WWW canonical .htaccess rules as well.
Note: This tutorial is only relevant for websites run on an Apache server, if your domain is hosted on a Windows server you’ll need to find another tutorial: I suggest using Google :-)
Also see how to move a WordPress site from http to https tutorial.
Setup 301 Redirect Htaccess HTTP to HTTPS Rules
So you have a domain hosted on an Apache server which runs under both http and https (loading http://example.com/ and https://example.com/ versions of your website in a browser stays http and https respectively: AKA no redirection) and want only the https version to show.
Your website needs an .htaccess file with the relevant 301 redirect http to https rules.
Step One: Check if you already have a .htaccess file in the root of your domain.
There’s multiple ways to check this, you might have a control panel to browse your sites files, I’ll use Filezilla (free FTP program, very popular). It’s a simple case of login to your server using Filezilla, browse to the root of the domain (where your main files for domain.com/ are: could be under /public_html/ or /www/) and check if there’s a file called .htaccess.
Note: Some FTP programs don’t show .htaccess files by default, they consider them hidden files and hide them from you!
As you can see in the screenshot above (for this domain) a .htaccess file exists, to modify it I downloaded it to my PC with Filezilla.
If your website lacks a .htaccess file they are a pain to create, a .htaccess file is just a text file with an unusual filename (files tend not to start with a dot .). Not many text editors can create .htaccess files, so if a website lacks one I modify an existing htaccess file like this Downloadable .htaccess File : the zip file contains an almost empty .htaccess file (just has one line RewriteEngine On.
Step Two: Download your sites root .htaccess file, or if you are missing a root .htaccess file download the almost empty one above (or other examples below).
Load the .htaccess file in a text editor (Notepad is OK for this, but can strip carriage returns: I use Notepad ++, it’s free) or if your Apache server has an option to edit files online (via a control panel for example) you could use that feature and check it’s contents.
This site runs under WordPress with pretty permalinks so had a .htaccess file with some default WordPress permalink rules, if you are running default WordPress it will probably look something like this:
# BEGIN WordPress
<ifmodule mod_rewrite.c="">
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPressWith default WordPress (with SEO friendly permalinks enabled) the above is all you’ll find in the .htaccess file. Don’t touch these default WordPress rules, if later you install a caching plugin like W3 Total Cache (really good plugin for SEO performance reasons) the plugin modifies the WordPress rules.
If you are having problems creating the WordPress .htaccess file, Download the Default WordPress .htaccess File. This is only suitable for standard WordPress installs, it’s not suitable for multi-site WordPress installations.
We’ll be adding our new http to https redirection rules ABOVE the WordPress rules because we want the new rules to activate BEFORE WordPress.
Does Your Site Run Under A WWW or Non-WWW URL?
Most servers are setup to automatically output a site in both WWW and Non-WWW versions, what this means is when loading a site via http://www.example.com and https://example.com (or the corresponding https versions) the same content loads. If setting up a new site it’s generally best to use the non-WWW version, but if your site is already running under the WWW version don’t worry, it’s not a big deal.
If your site is already setup to deal with canonical URL issues (check by loading both the http://www.example.com and http://example.com versions and see if the URL changes on the preferred version) remove lines four and five from the rules below. If both WWW and Non-WWW URLs load with no redirection use all five lines of .htaccess rules.
Step Three: Choose a relevant instruction below.
There’s different .htaccess rules for a WWW and Non-WWW site, so use the appropriate instructions below.
My Site Runs Under http:///www.example.com
Update: I moved this article to a domain which is NON-WWW.
We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the Non-WWW URLs to the WWW version of the site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).
Lines two and three (pasted below) are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Lines four and five (pasted below) are a rule-set to automatically 301 redirect all Non-WWW traffic to the WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.
RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.
Any webpage under http or the Non-WWW version of the site will load the corresponding https WWW version of the webpage.
Downloadable https WWW .htaccess File
My Site Runs Under http://example.com
We are going to setup two .htaccess rules, one rule-set to deal with all HTTP traffic (redirect it to HTTPS) and another rule-set to redirect the WWW URLs to the Non-WWW version of the site.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^example.com$
RewriteRule (.*) https://example.com/$1 [L,R=301]The first line RewriteEngine On is required, there has to be a line with this on ABOVE our new rule-sets, if it already exists at the top there’s no need to add it again (it won’t cause a problem if it’s repeated, but the repeat isn’t required).
Lines two and three (pasted below) are the first rule-set for automatically 301 redirecting all HTTP traffic to HTTPS. These two lines require no modification.
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]Lines four and five (pasted below) are a rule-set to automatically 301 redirect all WWW traffic to the Non-WWW version of the site. These two lines require modification, replace example.com with your-domain-name.tld.
RewriteCond %{HTTP_HOST} !^example.com$
RewriteRule (.*) https://example.com/$1 [L,R=301]Add these five lines to the top of your .htaccess file, save it and upload it over your existing .htaccess file.
Any webpage under http or the WWW version of the site will load the corresponding https Non-WWW version of the webpage.
Downloadable https Non-WWW .htaccess File
I use these rules on this site, you will find:
- http://seo-gold.com/ redirects to https://seo-gold.com/
- http://www.seo-gold.com/ redirects to https://seo-gold.com/
- https://www.seo-gold.com/ redirects to https://seo-gold.com/
After uploading the new .htaccess file the easiest way to test your website is load your websites home page with the three URL structures http, https, www & non-www URLs, if the new 301 redirect http to https htaccess rules are working they will all load the same URL.
Update Google Search Console and Google Analytics to Use https
If you haven’t already done so change Google Search Console and Google Analytics to use the https version of the site.
Downloadable .htaccess Files
In the http to https Htaccess 301 Redirect Rules Tutorial above there’s links to three downloadable .htaccess files, below is a copy of those links for easy access.
- Downloadable .htaccess File
- Downloadable https WWW .htaccess File
- Downloadable https Non-WWW .htaccess File
The first file is an almost empty .htaccess file. The 2nd file is htaccess rules to 301 redirect http to https with canonical support for websites which have www. in the URL. The 3rd file is htaccess rules to 301 redirect http to https with canonical support for websites which have do NOT have www. in the URL.
David Law
Website - SEO Gold Services
Hi, first off thanks for the article. I am about to implement https on several sites that currently rank REALLY well on Google, and I’m a bit concerned that I will affect the rankings. You recommend:
RewriteEngine OnRewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
How is this different from:
RewriteEngine OnRewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
And also, some articles recommend:
RedirectPermanent / https://www.new-domain.com/Any information you can provide is really appreciated. I’ve been researching this for hours, but I’m still confused.
I’m afraid moving from http to https can have a negative impact on current rankings in the short-term. There’s no way around this and though it sucks, if you don’t move to https you could lose rankings due to that anyway: https is a Google ranking factor now.
If a site’s been running as http for years and all the backlinks point to the http URLs they have to be all 301 redirected (that’s what the code you posted does).
A 301 redirect costs link benefit (PageRank to be accurate).
How much link benefit it costs isn’t published by Google, I’d assume it’s between 10% and 20% since the original PageRank formula had the dampening factor as 0.85 (basically 15% of PageRank is ‘spent’ through a link) and it’s unlikely it’s changed a huge amount.
Google has confirmed this, there’s a video by Matt Cutts (when he worked for Google) explaining it costs link benefit to 301 redirect…
The way to think about this is to Google a 301 redirect is the equivalent of changing links from:
No 301 redirect
Page A Links Directly to Page B
A page with a 301 redirect
Page A Links to Page AA, Which Links to Page B
The 301 redirect is like adding an intermediate link to a page (Page AA) that links to the page you wanted the link to, this wastes a % of link benefit, probably between 10% and 20% of the link benefit!
How this impacts rankings on a particular site is difficult to predict. It’s like losing some of your backlinks, if links are a major factor in your rankings they could go down. Then you also have the boost from https, so they could go up as well.
No way to know in advance.
Regarding the 301 code examples.
Without testing the 301 redirects (they can be confusing), your first two examples almost do the same thing.
RewriteCond %{HTTPS} offand
RewriteCond %{SERVER_PORT} 80Achieve the same thing, the first checks if it’s NOT an HTTPS URL, the second checks if it IS a HTTP URL.
Your 1st example redirects all http URLs to the equivalent https URLs, this code will work on any site with no modification.
The 2nd example redirects all http URLs to whatever the URL is set to, this code needs modification first, this www.example.com needs changing.
The third one would only redirect the home page / to the URL linked to: third one isn’t what you want as it only handles the home page.
All you are basically after is a simple .htaccess rule which redirects all http traffic to the corresponding https pages and ideally (it’s optional) also takes into account www or non-www usage.
On this domain I use:
RewriteEngine OnRewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^seo-gold.com$
RewriteRule (.*) https://seo-gold.com/$1 [L,R=301]
Because I use the non-www version of the site https://seo-gold.com. I have an equivalent www version in the main article.
How this works is explained in the main article. Lines 2 and 3 handles the HTTP to HTTPS 301 redirect and lines 4 and 5 handle the www canonical redirect.
Strictly speaking you only need lines 1, 2 and 3 for the http to https 301 redirect.
This means any old links to the http://www.seo-gold.com site (I used to use www) is redirected to https://www.seo-gold.com by lines 2 and 3. Then lines 4 and 5 redirect the https://www.seo-gold.com to https://seo-gold.com. To Google it’s one 301 redirect, not two, it’s just performed in two steps.
If you don’t do the second step you could have both www and non-www versions of webpages indexed: usually not a big deal, but for the sake of a couple of lines in your main .htaccess file…
David
Hi David,
I signed up SSL cert to my web site without www attached to it.
I would like the website shown as https://www version.
I have plug in yoast SEO to my wordpress and setup.
Changed the display in wordpress to https://www
Added 4 properties to google console : www, non-wwww, http & https
Added the following script in .htaccess file :
# Always use https for secure connections
# Replace 'www.luvbeauti.com' with your domain name
# (as it appears on your SSL certificate)
RewriteCond %{HTTP_HOST} luvbeauti\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://luvbeauti.com/$1 [R,L]
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^ https://www.%1%{REQUEST_URI} [R=301,L,NE]
But, i still can’t get google console to index and crawl my website after 3 wks.
total index still show as 0?
Sitemap still show indexed column as 0?
Not sure what’s go wrong.
Good news is Google is indexing your site, you can quickly check it via this Google search:
site:https://luvbeauti.com/The site: search looks for everything indexed under a domain.
It’s a mixture of what you want https://www and others, but since it’s a relatively new change that’s nothing to worry about.
If we check all relevant URL formats
http://www.luvbeauti.com/ loads https://www.luvbeauti.com/Confirms the http redirects to https (good).
http://luvbeauti.com/ loads https://luvbeauti.com/Confirms the http redirects to https (good).
but non-www isn’t redirecting to the www version (not bad, but not ideal).
https://www.luvbeauti.com/ loads https://www.luvbeauti.com/Does what it should do, loads secure site (good).
https://luvbeauti.com/ loads https://luvbeauti.com/Does what it should do, loads secure site (good).
but non-www isn’t redirecting to the www version (not bad, but not ideal).
This tells us your .htaccess file lacks a non-www to www canonical rule set.
Easiest solution is replace your .htaccess file rules you listed with these (make a backup of your current .htaccess file, in case it goes wrong):
# Always use https for secure connections# Replace 'www.luvbeauti.com' with your domain name
# (as it appears on your SSL certificate)
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.luvbeauti.com$
RewriteRule (.*) https://www.luvbeauti.com/$1 [L,R=301]
This will achieve what your current rules do in a cleaner way (less lines of code) AND automatically redirect the non-www traffic (secure and unsecure) to the relevant https://www. URL.
Easy to check by loading those 4 URL structures again, when it’s working they will all go to the same secure www URL.
You can get caching issues when testing, so if it doesn’t work clear your cache or use deeper URLs from the site so it’s less likely they are cached.
Not sure why your Google console isn’t registering the change, but it’s not a problem with your site per se. It will be you’ve missed a change within the console, been a while since I changed the console settings, but have had the issue myself and it was due to forgetting one setting, but don’t recall which one. :-)
David
Thank you for the great explanation! “Others” tend to be vague and seem to purposely keep information to themselves so they seem smarter than everyone else…
Great site…
Regards,
Gabriella
Thanks for the information this part is very important while migrating from http to https so just wanted to reconfirm it from you my final site should always display https://www.example.com
so when user types any of these http://www.example.com/, http://example.com, https://example.com should always display https://www.example.com my site had been 2 years old
i have kept
RewriteEngine OnRewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www.example.com$
RewriteRule (.*) https://www.example.com/$1 [L,R=301]
but when i checked from other 301 redirect checker for example http://example.com
it is taking in two stages
1 http://example.com/ 301 https://example.com/ 3012 https://example.com/ 301 https://www.example.com/ 200
is this fine? will there will any effect on my SERPS
Thanks
It should always be the www version OR the non-www version.
In your example you will always want the www version, so as you say no matter what URL you load it loads https://www.example.com/.
On my SEO Gold site I want the non-www version, so I always want the https://seo-gold.com/ version.
So that part is as you want.
It does look like the 301 redirect checker is saying you’ve got a two stage redirect. Suggests something is wrong.
The URL http://example.com/ first 301 redirects to https://example.com/ which then 301 redirects to https://www.example.com/ which reports a 200 header (as it should).
Which redirect checker are you using?
A basic .htaccess 301 redirect rule set like you posted (and I use) wouldn’t result in a 301 checker ‘knowing’ the .htaccess rule is in two parts.
If you run http://www.seo-gold.com/ through a 301 redirect checker or a header checker it reports a 301 redirect to https://seo-gold.com/ even though in my .htaccess rules it’s redirected in two stages.
Basically the .htaccess rules are run behind the scene, so all the 301 redirect checker/header checker gets is the starting URL and the end URL, the middle bit is ‘hidden’ on your server.
This suggests you’ve got something else causing the behavior outside the standard .htaccess rules.
I did a big SEO review on a site called “Languagenut” a while back and it had a weird redirect setup related to multilingual version of the site (see Languagenut Website for the relevant part of the review).
I didn’t have access to the server or any information from Languagenut, so don’t know for sure how they messed it up. Even now the PageSpeed Insights tool reports “Avoid landing page redirects” for the Languagenut home page: https://developers.google.com/speed/pagespeed/insights/?url=https%3A%2F%2Fwww.languagenut.com%2F
Try your site in the PageSpeed Insights Tool to see if it reports a similar issue. If it does check your HTML source for a meta refresh that’s redirecting AFTER the webpage loads.
You can see with this checker http://www.redirect-checker.org/ the Languagenut site when loaded via the http non-www version http://languagenut.com/ it reports a double redirect.
This checker http://redirectcheck.com/ reports:
So one reports 302 the other a 301 which is similar to what you describe for your site.
Maybe you have a weird setup like Languagenut that’s adding an extra layer to the redirect.
Languagenut’s problems are related to a poorly implemented multilingual setup, looks like they check the users IP address and if it matches a country they have a language section for it 302 redirects to https://www.languagenut.com/global/ which 301 redirects to the relevant country specific section.
The Languagenut setup was so poor if you accessed their home page from a Chinese IP address there’s no redirect, you’d see the home page which wasn’t supposed to load!
David Law
Hi David, thanks for publishing this, it’s very helpful!
I’ve been very reluctant to move from http to https as I’m very worried about it affecting our ranking, and it’s taken a long time to build up the ranking and it’s vital for bookings as 90% of our business comes through google.
However the red ‘not secure’ on our website in google is probably putting customers off (it would me!)
I had been reading on other pages that it shouldn’t have any affect on google ranking, as apparently someone from Google had said a few years ago that 301 redirects for http to https would no longer carry a penalty, but having checked the dates on articles it seems they predate yours, so now I’m worried they’re wrong! As far as you know is there still a penalty for doing this redirect even now?
Also, I had a question about the htaccess file – mine has become very very complicated and long as over the years any time we delete or move a page on our website I’ve put a 301 redirect in the htaccess file, so there are hundreds of lines of 301 redirects. If I make the change from http to https should I keep all these 301 redirects in there as they are now, or would I need to change them?
Many thanks!
Is it worthwhile keeping the ‘http:/www…’ site while I list new material in the index page with an https reference? My host has said that I can host both ‘http:/’ and ‘https:/’. In the meanwhile I would just simply change all the initial index navigation entries to https (not a problem as the indexes get changed each time there’s a new entry) where ‘http:/’ is mentioned.
Will the long-standing search engine ‘http:/’ links change over time with a redirect or will they still use the ‘http:/’ since it still exists? And how is the robots.txt changed ?
The issue that remains is that any links within the pages themselves (which are mainly text material) will still be to the http:/ link. Will a redirect cover these?
I think you are misunderstanding http and https. There’s normally nothing needing changing in the robots.txt file related to https.
You can have both the http and https versions accessible at the same time, but unless you do something on the server to load different content, it’s usually the same content, so you only need one version to load for a visitor and ideally that would be the https version.
The difference is how secure the connection to the content is. One is more secure than the other (harder for say a hacker to intercept data being transferred via a form), that’s it really.
Google Chrome Your Connection Is Not Private Warning
For SEO and security reasons you want all your content served as https unless there’s a reason not to. For most sites there won’t be a good reason to have http and https content mixed together. Some older websites might have features which only work in the http version, that’s a reason to have both. I was looking at a forum service recently and they haven’t managed to update their service to https, so their users have no choice but to have a mix of http and https if they want to use that service!
Once you have a valid SSL certificate so the https version loads without any browser warnings it makes sense to 301 redirect the http version to the https version as described in the main article. When the .htaccess file has the redirect rules the http version automatically 301 redirects to the https version. When you do this Google will eventually only spider and index the https version (that’s what you want).
As a webmaster it makes sense to look through the site for old http links and update them to https. I use WordPress on my sites, so when I updated sites to https it was a simple case of run a few database commands to search for links starting http and change them to https. If you leave the old http links like loading images on a webpage via http rather than https the page won’t be considered fully secure.
The browsers Chrome and FireFox provide information if there’s any unsecure links on a webpage that’s loaded. Next to the URL of a webpage is a little lock icon, click it and it will provide info of how secure the page is. Ideally you want everything secure.
You can find all sorts of stuff that’s not secure. If you have an old site with old AdSense code the old code might be loading http ads: update your AdSense code. Ideally you do this with everything on the site.
David
Hey dude,
Thanks, it’s works for me. Cheers
I noticed on your SEO Gold you have 302 redirects? https://varvy.com/tools/redirects/
SEO GOLD HAS PERFECT REDIRECT.
www
1 Redirect
http://www.seo-gold.com
302 redirect
https://seo-gold.com/
Final status code: 200
no www
1 Redirect
http://seo-gold.com
302 redirect
https://seo-gold.com/
Final status code: 200
www (https)
1 Redirect
https://www.seo-gold.com
301 redirect
https://seo-gold.com/
Final status code: 200
no www (https)
No redirect
For better than a year I’ve been trying to figure out why my sites have the dreaded DOUBLE REDIRECT!
www
2 Redirect(s)
http://www.toughjobs.org
301 redirect
https://www.toughjobs.org/
https://www.toughjobs.org/
301 redirect
https://toughjobs.org/
Is it that I have Cloudflare or my WpRocket or is it my Server that is leaving me with this extra redirect? All help will be appreciated.
Drew Downz
I’m glad you asked this question, I’d not realised there was an error in my VPS server setup!
I recently moved to a new VPS server and there was a new Virtualmin (control panel I use) option to:
“Redirect all requests to SSL site?”
Which I selected yes for without checking exactly what it did.
This option is linked to the free Let’s Encrypt SSL certificates I use for all my websites.
What this Virtualmin option does is add a new “RedirectMatch” rule to the virtual servers httpd.conf file.
For my SEO Gold Coast Services domain it looked something like this:
<VirtualHost ipaddress:80 [fe80:://///]:80>Various stuff here
...
RedirectMatch ^/(?!.well-known)(.*)$ https://seo-gold.com/$1
...
More stuff here
</VirtualHost>
What this does is 302 redirect everything** under the http (port 80 is http) version of the site to the https (port 443 is https) version of the site.
**The directory /.well-known/ is excluded from the 302 redirect, the /.well-known/ directory is used by the Let’s Encrypt script, so is required on the http version of the site.
Turning off the Virtualmin “Redirect all requests to SSL site?” option removed the RedirectMatch ^/(?!.well-known)(.*)$ https://seo-gold.com/$1 line from the servers Apache httpd.conf file and when checking headers there’s no longer a 302 redirect.
The problem here is Virtualmin isn’t specifying a 301 redirect and so by default it goes to a 302 redirect! I suspect this is an oversight by the Virtualmin developers, this should be a 301 redirect for SEO reasons.
I already had an .htaccess file rule which 301 redirects all http to https URLs, but due to the order in which rules are executed it meant:
The httpd.conf file 302 redirect (added by Virtualmin) runs first, then the .htaccess file 301 redirect rules are executed. Result was an unnecessary 302 redirect rule was running on any http (port 80) traffic which was a Doh!
If your site has a correct .htaccess file 301 redirect rule set I’d look to your servers Apache conf files. Could be in the main httpd.conf file or one specifically for the domain.
Look through the conf files for rules
<VirtualHost ipaddress:80 [fe80:://///]:80>Look for your domain name here...
Then look for any rules related to Redirects...
</VirtualHost>
When you find your domain name inside some code like the above you’ve found where the issue is likely to be.
Might also be a general rule set outside the specific VirtualHost directives for the domain.
For example I copy the W3 Total Cache Browser Cache rules from a sites .htaccess file and added them directly to the the main httpd.conf file, which means all the domains on the server had access to the same browser cache rules without having to install the W3 Total Cache plugin. I still use the W3 total Cache plugin, but disable the browser cache since the servers httpd.conf file has the rules which the plugin would add to dozens of .htaccess files.
Anyway, look for the word “Redirect” inside the httpd.conf file and other conf files, there might be a single RedirectMatch rule like the one I had to disable or one for the entire server.
There are other ways a 301/302 redirect can be executed including a meta refresh, via JavaScript etc… but if you have a correctly formatted .htaccess 301 redirect rule set and the 302 came BEFORE the 301, the 302 MUST have been executed before the .htaccess file was loaded, that means it’s probably a conf file.
David Law