5 Reasons why your website needs HTTPS
Having an online presence is vital for your business, allowing you to easily connect with potential customers whether it be for reasons such as e-commerce, leads or making connections.
Improving your search visibility can increase visits to your website, but have you considered how your website security can also affect visibility, conversions and trust in your brand?
In this blog we’ll be talking about HTTPS is, five reasons you should make the switch, and finally some common questions and issues that can arise with a HTTPS migration.
What is HTTPS?
HTTPS (Hyper Text Transfer Protocol Secure) is the secure version of HTTP. It’s an internet communication protocol which protects the data sent between your browser and the website you are visiting.
How does HTTPs work?
To make a website secure you need an SSL (secure sockets layer) certificate. It protects the data transferred by encrypting it in transit, making it impossible to read.
The SSL certificate is a small data file that has been issued by a trusted certificate authority. The certificate authenticates the website identity and encrypts data sent using cryptographic keys. When you visit a HTTPS website, the SSL certificate is sent to your browser. This generates a secure and unique connection between your browser and the website. Popular CA’s include Comodo, Let’s Encrypt and GlobalSign.
If you want to go secure, a good place to start is with your hosting company, the reason being that they will often be able to help with the set-up which can otherwise be difficult. The type of SSL certificate you should choose will depend on your website and the level of security you need. For more information, Search Engine Land has a fantastic guide to SSL certificates.
When a website is secured by an SSL certificate you will see HTTPS in the address bar, along with a padlock:
So why should my website enable HTTPS?
Now that we know what it is and how it works, the question is, why should you use HTTPS on your own website? Below we will go through 5 reasons why your business’ website should absolutely switch to the HTTPS protocol.
1. It’s safer for your visitors
As mentioned earlier, HTTPS keeps the information sent between the browser and the user secured. The SSL encryption layer prevents these “man in the middle”attacks by stopping unwanted users from eavesdropping on and modifying data that is passing between the two. This is especially crucial to prevent for e-commerce websites where credit card details are entered, or for websites that allow account creation and store sensitive information.
When visitors are on your website, they want to know that the information they are sending is secured. For e-commerce sites, not having HTTPS set up can affect purchase decisions. Any issues with data security can have a detrimental impact on your brand. With many high profile stories in the news concerning data breaches visitors want to know that the information they are sending through your site is secure.
2. It’s better for your search visibility
Google highly recommends switching to the HTTPS protocol and has issued many updates over the past few years to encourage website owners to make the change. One of the biggest updates in 2014 was to state that HTTPS is now a ranking signal. This signal was very lightweight in its inception but is expected to strengthen over time. Since 2015, Google will search for and index HTTPS URLs before HTTP URLs, even if they’re not linked to (unless given mixed signals, which is explained later in this article).
By June 2016 Moz found that over 32% of page 1 Google results are using the HTTPS protocol which is a big increase since being first announced by Google. As mentioned in the article while this graph can mean that the Google updates are causing HTTPS websites to be rewarded, it could also be because the Google announcements and recommendations are convincing more and more website to make the switch.
3. You’ll avoid the “Not Secure” message
As part of Google’s ongoing quest against unsecure websites, in September 2016 it was announced that Google Chrome will label HTTP websites that have password and credit card fields as “Not Secure” in the address bar.
While this is initially rolling out to websites that specifically use these fields, eventually this will roll out to all unsecured websites with the inclusion of a red triangle. This obviously is not a good signal for visitors landing on your website.
4. It’s required for HTTP/2
HTTP/2 is the latest update to the HTTP protocol and boasts some serious speed and performance benefits.
HTTP/2 is starting to be rolled out by hosting providers and the speed improvements alone are convincing enough to make the change. It’s important to note that as well as improving usability, speed is also a ranking factor. Browser compatibility is improving all the time, recent stats at CanIUse showing a compatibility of 79% globally for the protocol.
Although HTTPS is not a specific requirement for HTTP/2, popular browsers like Chrome will only support it over a secure connection which makes it essential to set HTTPS up first.
5. Improved Referral Data in Google Analytics
Another reason to switch is that you’ll get more data shown within Analytics, specifically the Referral section. A Referral URL shows the originating website the user was on before they clicked through to your website. This is important information to see as can tell you more about where your direct traffic is coming from, which is key to measuring link building successes. However if you’re having a lot of referral traffic just showing as Direct, switching to HTTPS may be the answer.
This is because secure websites using HTTPS will not send referral data to non-secure websites which use HTTP. You may have some great links on secure websites but in Analytics due to your site being on HTTP they’ll all be thrown together under the “Direct” traffic source category. There is a way around this if the secure website uses a meta referrer tag but you cannot force them to do this. As more and more websites are moving across to HTTPS, you may have some referral data problems.
While moving to HTTPS sounds like a win-win situation, there are some things to consider. Incorrectly implementing HTTPS can have a number of consequences such as de-indexed pages, content duplication and traffic drops.
As the HTTP to HTTPS switch is considered by Google as a site change, having a good site migration plan is key. It should be planned as carefully as you would for a domain name change, take your time and don’t rush into it before you’re ready!
Common HTTPS Questions & Issues
Below we’ve listed some common issues you might encounter when moving to the secure protocol.
1. What’s wrong with my certificate?
If you have a certificate but the padlock isn’t showing or you are receiving security warnings, the certificate is the first place to check. Certificates are only valid for a certain amount of time so first check that it hasn’t expired. The domain registered on the certificate must match the preferred domain for the URL. Having a certificate registered for example.com when www.example.com is the preferred URL is enough to cause a mismatch name error.
2. So my certificate is valid but why isn’t Google indexing my HTTPS URLs?
Some websites have the SSL certificate set correctly but the HTTPS URL has not been set as the preferred version throughout the website. Google will actively check for an equivalent HTTPS URL but how the website is set up can prevent Google from choosing to index them.
After going live with HTTPS, all canonical tags, resources (images, js, css), links and sitemap.xml references in your website should all now point to HTTPS. A sitewide HTTP to HTTPS redirect should then be set up. Make sure that the HTTPS URLs you want to be visible are not disallowed via the robots.txt, are set to noindex, have insecure resources or have a redirect back to HTTP on them.
Mixed content warnings can appear if you are still linking to HTTP resources instead of HTTPS which can explain a missing green padlock. You can use Chrome Developer Tools to check what is causing these issues.
Example of a website with a valid certificate but mixed content errors
Having both a HTTP and HTTPS version of a URL available can cause duplicate content issues and can cause both URLs to be indexed which is a problem.
From an SEO perspective you also want to make sure that you update external links such as local citations and especially your Google My Business profile and link.
3. Do I need to change Google Analytics and Search Console after migrating to HTTPS?
Absolutely! Within Google Analytics you should update the URL settings to the secure protocol.
For Search Console you should create a new property for the HTTPS version. Don’t delete the HTTP version as it’s still needed, in the respective index count section you should see the HTTP index count decrease while the HTTPS count rises. Google have helpfully created a Property Set function where you can add all of the different versions (http://, http://www, https:// and https://www), grouping them together so you can see the combined impressions and clicks.
It’s a great way to see any increases in visibility after making the switch. We would also recommend adding an annotation in analytics of the date HTTPS went live, in order to be referred to in the future.
4. How secure is my certificate?
Not all certificates are equal and some are more secure than others depending on the type, the CA and the set-up. You can test your SSL certificate by using an online SSL testing tool such as SSLLabs.
There we have it! Now you know what HTTPS is and why you should be considering making the switch. If you have any questions be sure to contact our Technical SEO team. As well as our SEO audits, we can also assist with your HTTPS site migration too!