All sites should be protected with HTTPS. See the following Lighthouse doc to learn why: Site is on HTTPS.
Once you've got HTTPS set up, you need to make sure that all unsecure HTTP traffic to your site is redirected to HTTPS.
Use canonical links in the
headof your HTML to help search engines figure out the best way to get to the page.
Configure your server to redirect HTTP traffic to HTTPS. See your server's documentation to figure out the best way to do this.
Lighthouse changes the page's URL to
http, loads the page, and then waits for
the event from the Chrome Debugger that indicates that the page is secure. If
Lighthouse does not receive the event within 10 seconds then the audit fails.