Search engine spiders can be very forgiving with a lot of types duplicate content. I've found that, given enough time, the engines can learn when two websites or web pages are complete duplicates of the other. Once they figure this out then they basically understand that a link to one is a link to the other, etc. One version will ultimately be dropped from the index in favor of the other.

There are two basic problems with this. First, it takes time. Until the search engines figure out which dupes should be "merged" you're essentially splitting link flow between pages. Two inbound links split between each of the duplicate pages produces only half the power than two links both pointing to a single page. So until that merging occurs in the the search index, you're losing valuable link power.

The second problem is that you leave it to the search engines to decide which of the duplicate pages (or sites) should be dropped from the index. When you let the search engines decide, you lose essential control over your marketing plan.

The less you make the search engines think the better. It's not only OK, but it's essential to tell the search engines what to think, especially when it comes to which pages of your site should or should not be included in the index. If you have duplicate pages and don't keep the search engines from finding and indexing all of them, then you're forcing them to make the decision for you. Instead, you need to be proactive, let them know which version is the "correct" version.

One issue we've come across, especially with e-commerce sites is when products can be accessed via both secure and non-secure URLs.

Secure and non-secure images

This issue is typically caused by poorly implemented site navigation and linking. What happens is that the shopper adds a product to the shopping cart. At that point they enter into the secure pages. But when the shopper continues shopping, instead of proceeding to checkout, they navigate back into the site keeping the https: in the browser URL. This opens up the entire site to be indexed using secure URLs, creating duplicates of the non-secure URLs

There are a couple fixes to this. The first is to not allow your visitors to enter the secure areas of the site until they are ready to check out.

Shop, Cart, Checkout

There is no reason to pass your visitors into the secure part of your site when they add products to their cart. The place to go secure is when they hit the checkout button. But--and this is important--if they enter the secure check out process but want to leave it to continue shopping, they need to be placed back into non-secure pages.

This leads us to our second fix: Use absolute URLs in all site navigation and shopping cart pages.

Quick refresher: an absolute link uses the full domain name in the link:

A relative link only uses the path from current location to the destination:


When using relative links, if the shopper is already on an secure (https:) URL then they'll stay on secure URLs. When you use absolute links then you are forcing the visitor to go http: instead of https:.

When shoppers can access secure and non secure versions of the same page, then likely the search engines can as well. This creates almost a complete duplicate of your site, one secure and one non-secure version. Using absolute links will ensure that at no point can a regular page be accessed in secure mode, thus preventing the duplication.

This article is part of a series on duplicate content. Follow the links below to read more:

  1. Theories in Duplicate Content Penalties
  2. How Poor Product Categorization Creates Duplicate Content and Frustrates Your Shoppers
  3. Redirecting Alternate Domains to Prevent Duplicate Content
  4. Preventing Secure & Non-Secure Site Duplication
  5. Why Session ID's And Search Engines Don't Get Along (Hint: It's a Duplicate Content Thing)
  6. What Does a Title Tag, Title Tag and Title Tag Have In Common?
  7. How to Create Printer Friendly Pages Without Creating Duplicate Content
  8. How to Use Your WWW. to Prevent Duplicate Content

May 7, 2008

Stoney deGeyter is the President of Pole Position Marketing, a leading search engine optimization and marketing firm helping businesses grow since 1998. Stoney is a frequent speaker at website marketing conferences and has published hundreds of helpful SEO, SEM and small business articles.

If you'd like Stoney deGeyter to speak at your conference, seminar, workshop or provide in-house training to your team, contact him via his site or by phone at 866-685-3374.

Stoney pioneered the concept of Destination Search Engine Marketing which is the driving philosophy of how Pole Position Marketing helps clients expand their online presence and grow their businesses. Stoney is Associate Editor at Search Engine Guide and has written several SEO and SEM e-books including E-Marketing Performance; The Best Damn Web Marketing Checklist, Period!; Keyword Research and Selection, Destination Search Engine Marketing, and more.

Stoney has five wonderful children and spends his free time reviewing restaurants and other things to do in Canton, Ohio.


Good article. This is certainly an issue that needs to be addressed by any good site.

I would argue however, that the basket page should be secure. Whilst it doesn't matter from a technical point of view, I feel it gives users more confidence to enter the checkout process.

In my site, I solve this problem by defining a PHP constant SECURE = true at the top of all pages that need to be delivered over HTTPS. Then, in my header file and before displaying any content, I check the value of $_SERVER['HTTPS'] and SECURE. If the two don't match, I redirect the user to the HTTP or HTTPS version of the page accordingly.

Hi Edward,

I concede your point on helping your users feel confident when they enter the shopping cart, but I'm not convinced it matters all that much. Putting items in a basket, whether offline or online is about as low risk as it gets. You're not taking out your wallet, and you're not worried that someone may spot something in your cart you don't want them to see, etc. With that said, I don't see the harm in it either, providing you've go the safeguards in place to prevent the dupe issue I've described, which it appears you have.

Comments closed after 30 days to combat spam.

Search Engine Guide > Stoney deGeyter > Preventing Secure & Non-Secure Site Duplication