HTTP vs. HTTPS

Author
Bethany Webb

Let’s start with a little throwback to 2014, when Google first announced that they were going to reward sites that were using a HTTPS encryption with their HTTPS Everywhere campaign. It came as a shock to many marketers due to the fact that those at Google rarely reveal the ranking factors, but this one was different. Security was being put first, and although it was only a “light-weight signal”, it paved the way for things to come.

These ‘things’ are why we are here writing this blog post, and why you are here reading this blog post. Before we delve into the nitty gritty of what is to come, let’s strip it back to the basics and understand the difference between HTTP and HTTPS.

What is HTTP?

HTTP stands for Hyper Text Transfer Protocol. It is essentially a system that transmits and receives information across the internet. As it’s an application layer protocol, its main focus is moving data from one point to another, without caring how it gets there.

(It would be like a clothing company sending your parcel off with a delivery person, and not caring how it gets to you, as long as it gets there quickly.)

What is HTTPS?

Now, HTTPS stands for Secure Hyper Text Transfer Protocol. Technically, it’s identical to HTTP because it follows the same basic protocols, however it was developed to allow secure transactions. As it sends data from point to point, it works alongside another protocol known as Secure Sockets Layer (SSL). So as the HTTP part is focused on moving your data along, the SSL focuses on keeping it secure.

(Using HTTPS would be like a clothing company sending your parcel off with a delivery vehicle that is tracked, can’t be broken into, and won’t go walkabouts.)

Why should I move to HTTPS?

In Google’s website migration guide, they have highlighted three key reasons as to why you should move to HTTPS:

Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

  • Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
  • Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  • Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

 

 

blue-digital-padlock-secure-chrome-address-bar

 

What are the SEO benefits of HTTPS?

  1. Rankings Boost
    We’ve touched on this briefly, but the fact that Google prefers sites that are HTTPS rather than HTTP is the first reason to migrate. Although it is hard to isolate on its own, like most ranking signals, it could give you that added advantage over your competitors.
  2. Referrer Data
    When traffic passes from a HTTPS site to a HTTP site, the data gets stripped away and displayed as ‘Direct’ in your Google Analytics. This means you don’t actually know where the traffic is coming from. However, when traffic passes from a HTTP/HTTPS site to a HTTPS site, the referral information is preserved. This means your Google Analytics reports will be displaying more accurate data of your traffic sources.
  3. Security and Privacy
    By moving to HTTPS you will avoid third party tampering, authenticate the website and the server communication and encrypt all browsing communications, protecting data such as passwords and credit cards.

To take the security even further, Chrome is beginning its journey towards a safer web. Previously, Google Chrome has never pinpointed those websites that aren’t on HTTPS that should be if they’re handling sensitive information, but by the end of January, that’s all about to change. Websites that aren’t on a secure network will be marked as non-secure in the address bar, with the eventual move to change the indicator to a red triangle that is currently used for broken HTTPS.

This change will make it more obvious to users as to what sites are secure to use if they’re entering login information or payment details, meaning you could start to see a drop in your conversions and traffic if this applies to your website.

http-address-bar

How do I become HTTPS?

Migrating to HTTPS should be treated like a whole site migration, there are many things to take into consideration. To start with you need to decide on whether you need a single, multi-domain or wildcard certificate. Once you’ve made that decision, you then need to choose and purchase a SSL certificate from a trusted provider. Currently, there are two you can choose from, standard or extended. According to John Mueller from Google, Google doesn’t currently care what kind of SSL certificate you choose, but it may change in the future.

There are also some SEO considerations to take into account to preserve your rankings and protect your performance:

  • Ensure all your internal and external links are pointing to the new HTTPS domain.
  • Implement 301 redirects to point all HTTP URLs to HTTPS.
  • Double check that canonical links are pointing to the right domain
  • Update your robots.txt file to allow Google to crawl and index your new HTTPS domain.
  • Enable HSTS to tell the browser to always use HTTPS
  • Register your HTTPS version in Webmaster Tools
  • Upload a new sitemap
  • Update your social share counts
  • Monitor and triple check everything during the migration is running smoothly and that Google isn’t having any problems.

Are there any reasons why I shouldn’t migrate to HTTPS?

If you’re a website that handles any sensitive information, then this move is critical for you, however there are two circumstances that highlight HTTPS isn’t the move for you right now.

  • If you’re a simple brochure site, then this current trend probably won’t affect your website as much as it would an eCommerce site. This isn’t to say you shouldn’t ever move to HTTPS, as eventually these changes will affect all sites, whether you process sensitive  data or not. However, going forward, if you’re considering a new website or change of domain, we’d highly recommend making the change to HTTPS to smoothen the process.
  • If your site has suffered from a penalty, whether that be a Panda, Penguin or a manual link one, it’s important that you hold off on that HTTPS migration until you’ve recovered. This is because Google may see this as an attempt to leave by the back door, and escape your penalty, which can in turn earn you a harsher penalty. So before you hop onto the HTTPS bus, it’s important you rebuild that bridge with Google and recover from your penalties.

What next?

As you migrate, don’t be worried if you initially see some fluctuations in rankings. Even the best migrations hit a few bumps in the road whilst Google understands the change, and whilst this move to a safer website might not directly affect you now, there’s no saying how long it’ll be before Google makes it mandatory to all sites.

About Bethany Webb

Meet Beth, also known as B2. Described as a clumsy perfectionist, you’ll usually find her watching a Disney film, drinking hot chocolate, pinning on Pinterest or writing for her blog.