SECOND SOLUTION: In all https (secure pages), place a link rel canonical tag in the <head> section of the main website templates pointing to the equivalent http version of the URLs.

If the secure protocol already earns some Google page rank juice, using the meta no index tag is not the best solution. Instead, use the link rel canonical tag:

<link rel="canonical" href="http://www.thisisyourwebsite.biz/" />

To use this tag, place it somewhere on the <head> section of your website template. This is how it works: when the Google bot visits an https version of the URL, the server returns the https version but on the <head> section of the source code, you can see this tag: <link rel="canonical" href="http://www.thisisthehttpversion.biz/" /> Google will crawl the http version but not the https version.

It acts like a 301 redirect, but the URL on the address bar is not even redirected at all. In this situation, Google will award any page rank or any URL properties to the canonical http version. Therefore, even if the https version is indexable, Google will only display the http version in its search results. And if  previously the https version has earned a Google page rank, it will now be transferred to the http version, which is the canonical version.

A sample PHP script that will execute this job is:

<?php

$URL=$_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];

if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on')

{

echo '<link rel="canonical" href="http://'.$URL.'" />';

}

?>

If your website is using osCommerce or other popular software packages, there is a more recommended PHP script to cover canonical issues -- not only the secure vs insecure issues, but also the non-www and www issues.

In my article on using the link rel="canonical" tag to solve for canonical issues in Apache/PHP powered websites, I recommended this PHP script:

<?php

//place this script between the <head> and </head> section of your header.php or related dynamic website template

//such as index.php, product_info.php in the OsCommerce templates

//this script is applicable when the CANONICAL PROTOCOL IS HTTP AND USING WWW VERSION.

//this script is NOT APPLICABLE to a subdomain of a main domain.

//Example: if your canonical version is www.mysite.com, you should NOT be using the script in any of its subdomain.

//First step eliminate any session IDs in the URL:

$requestedurl = $_SERVER["REQUEST_URI"];

//Define array of most common open source session IDs

$id=array('osCsid','zenid','PHPSESSID');

if (preg_match("/osCsid/i", $requestedurl))

{

$x=0;

}

elseif (preg_match("/zenid/i", $requestedurl))

{

$x=1;

}

elseif (preg_match("/PHPSESSID/i", $requestedurl))

{

$x=2;

}

if ((preg_match("/osCsid/i", $requestedurl)) || (preg_match("/zenid/i", $requestedurl)) || (preg_match("/PHPSESSID/i", $requestedurl)) )

{

//URL is session ID based

$position=(strpos($requestedurl,$id[$x]))- 1;

}

else

//no session ID

{

$position=strlen($requestedurl);

}

//trim the URLs any session ID

$cleanrequest=substr($requestedurl,0,$position);

//set protocol to http:// since this the canonical protocol

$protocol='http://';

//check if the server name contains www

if (preg_match("/www/i", $_SERVER["SERVER_NAME"]))

{

//the URL is using the www version

//display the complete canonical URL without any session ID

$canonical=$protocol.$_SERVER["SERVER_NAME"].$cleanrequest;

}

else

{

//append the canonical www version to the server name and display the canonical www version

$URL='www.'.$_SERVER["SERVER_NAME"];

$canonical=$protocol.$URL.$cleanrequest;

}

//Final step defining the final link rel canonical element

echo '<link rel="canonical" href="'.$canonical.'" />';

?>

This script is only applicable if the canonical version is HTTP (not HTTPS), and uses the www version of the site. A sample canonical URL could be:

http://www.thisisasampleurl.com