Switching from HTTP to HTTPS is definitely among the hot topics of 2017.
If your haven’t migrated from HTTP to HTTPS protocol this article is definitely for you. I bet you’re wondering if adding security to your domain will have any benefits.
Will it improve your SEO? Will it make your visitors happier?
I will answer this and many other questions so let’s dive right in.
While browsing through the Internet, you may have noticed that some of the URL addresses have HTTP while other have HTTPS prefix.
I’d like to begin from the basics so let’s answer the question “What is HTTP?” first.
What is HTTP and what does it do?
HTTP stands for Hypertext Transfer Protocol.
This system was invented in order to allow is sending and receiving information across the Internet.
An interesting thing about this web protocol is that it doesn’t keep any history of your previous web sessions.
This is good and bad at the same time.
It’s good because less data means better speed or in other words this is a fast way to transfer data.
However, if you want to send classified information HTTP is not the best way to do it as it’s simply not safe.
This is why HTTPS was invented.
What are HTTPS and SSL?
Use of HTTPS encryption has more of a technical nature.
It stands for Secure HyperText Transfer Protocol and as its name implies it secures the process of transferring data across the web.
What does this mean?
You see, computers communicate with each other by exchanging a special code.
This code is a very important part of internet security. It allows PCs to encrypt messages preventing outside entities from reading them.
The code is called Secure Sockets Layer or SSL (otherwise known as Transport Layer Security or TLS).
With this additional security option, computers are able to exchange data between servers and browsers which remains private and integral.
Now, the main question for you as a website owner is why would you move from HTTP to HTTPS?
HTTP vs HTTPS in SEO
In August 2016 Google officially announced that HTTPS is becoming one of their ranking signals.
What this means is that supposedly HTTPS websites will be given a small SEO boost.
However, this is not the main reason why you should consider installing a secure protocol on your domain.
As we all know, there are numerous potential dangers on the Internet.
Nowadays data theft is as common as subscribing to a website.
There are even sites that are scraping your personal information and selling it to third parties for profit.
Although it’s hard to do anything about the sites we visit, we are able to protect our own information from third parties that may interfere with our web activity.
HTTPS is much better, not only for your visitors, but also for you as a website owner.
We all know that Google is always trying to improve user experience.
Therefore, it is only normal that the biggest search engine would reward all domains that have implemented this type of protocol.
But that’s not the only reason why you should consider switching from HTTP to HTTPS.
As I said, HTTPS positively affects your organic rankings and gives you a little SEO nudge.
However, do not expect miracles from it as it is just a minor factor.
Nevertheless, the graph below clearly shows which direction the Internet is heading towards.
Image taken from Ahrefs.com
Now, let’s summarize the three main benefits of HTTPS:
- Encryption– It allows all the data on your domain to be encrypted (much more secure). So, whenever users are accessing this information, third parties won’t be able to gain insight into their activity or to steal their confidential information.
- Data integrity– During the transfer, all the data will remain intact. If some disturbance does occur, it will be detected. For example, whenever you use a credit card to purchase products online, you can rest assured that you data will be safe.
- Authentication– With authentication, it is possible to establish whether a user is communicating with the right website. It is a great way to prevent third parties from interfering with sensitive business transactions.
Who should use HTTPS?
Based on what I said, HTTPS is something that every website can benefit from.
Basically, we are progressing towards a type of network where users and websites will be protected from outside interference.
It is safe to say that HTTPS protocol will become a standard in a few years and it is only a matter of time when everyone will have it installed.
Nevertheless, until that time comes, it is presented as something that can benefit your SEO.
With the smart move Google made a year ago, the integration process will only be quickened.
When we talk about types of sites that benefit from HTTPS the most, it is obvious that e-commerce sites have most to gain from it.
Every money transaction performed on the Internet holds certain risks.
By using a HTTPS communications protocol, you are able to mitigate a big chunk of them.
However, this is not all.
You should know that in January 2017 both Mozilla Firefox and Chrome browsers started flagging HTTP connections as insecure.
This means users will see such a screen when they try to access your HTTP site:
Now, I don’t know about you but I’m sure less and less Internet users will be inclined to ignore such messages.
Difference between HTTP and HTTPS
The main purpose of HTTP is to present information to end user by sending web page requests to a server.
This process happens through a web browser. All these browsers are able to decipher this type of data.
The main problem with HTTP is that this protocol cannot do much more than that.
For example, when data travels from one point to another, there is no way for data to be protected with HTTP as it only helps with deciphering and presentation of information.
How is HTTPS different than HTTP?
Secure HyperText Transfer Protocol doesn’t only read information, it is also able to distinguish sender from receiver.
This is very important for numerous internet transactions and credit card payments.
Here, SSL is able to encrypt the data before sending it to receiver.
Due to this, third party is unable to interfere in any way.
Even if someone could get a hold of this encrypted data, they won’t be able to decipher it.
User gets a certificate that is specially encrypted. It has a unique code that cannot be found anyplace else.
However, in order for a certificate to be issued, website owner has to submit a lot of different data such as server host, name of the website etc.
Abundance of data secures its complexity and uniqueness.
Browsers and certificates
When a browser starts analyzing a website with installed HTTPS encryption, it uses a special SSL certificate to establish whether the user and the website are legit.
After confirming it, the encryption is negotiated between the browser and the server.
SSL certificates are able to work with two keys – private and public.
In conjunction, they are able to create a before mentioned encrypted connection.
In order to get a certificate, website owner must create a certificate signing request (also known as CSR).
After getting it, the webmaster can install it on the server.
Naturally, each web server has a different set of instructions for installation so it is something that varies.
There is one crucial thing you have to know about certificates; they can vary when it comes to authority.
What do I mean?
Basically, anyone can make a certificate.
However, there is a list of organizations that are authoritative enough to create them.
Each browser has a list of organizations that are regarded as trustworthy.
Each time a browser tries to connect to a secured website, a process called SSL Handshake occurs.
It creates a connection between the two and establishes whether they can be trusted.
SSL uses three keys for creation of connection:
- Public keys
- Private keys
- Session keys
Public and private keys are used during the handshake to create the third, session key.
After that, the session key encrypts all the data.
Here’s how SSL encryption process works:
- Browser initiates a connection with a protected website
- Server needs to identify itself
- Server sends SSL certificate together with a public key
- Browser checks it
- If everything is OK, it creates a session key back to server
- Server reads the data from session key
- Session begins
- All the transmitted data is encrypted from this point onward
When HTTPS can’t help us?
Naturally, this protocol has only a limited use.
As I said before, its main concern is protecting data that is downloaded or uploaded on the internet.
It can also help with authorization and confirming the real identity of an Internet user.
Although HTTPS has numerous benefits, it is NOT omnipotent.
It will only preserve the data which is accessed by your visitors through a browser.
However, HTTPS will not protect your site.
According to searchengineland.com HTTPS cannot protect us from:
- Downgrade attacks
- SSL/TLS vulnerabilities
- Heatbleed, Poodle, Logjam, etc.
- Hacks of a website, server or network
- Software vulnerabilities
- Brute force attacks
- DDOS attacks
Besides Secure HyperText Transfer Protocol, your website will also need a standard protection as it did beforehand.
Nevertheless, by adding HTTPS protocol, you will be able to encompass a much larger number of issues.
Issues when switching from HTTP to HTTPS
Although having a HTTPS is much better and it brings numerous benefits, there are certain downsides too.
The biggest issues may appear when switching from HTTP to HTTPS.
According to Google, changing from one to another protocol is regarded as if you are moving the entire website.
Furthermore, this minor change in one letter is seen as global change in your URL structure.
During to this migration process the following problems might occur:
Given that you are “moving” the entire website and changing its URL structure, your traffic is bound to suffer for a while.
At first, Google will have trouble reindexing and recrawling all your pages. Nevertheless, it will take a while until it’s done and until that moment, you will have to be patient.
Occasionally, robots may be prevented from crawling the resource which may lead to additional troubles.
Of course, larger websites with more indexed pages will take more time to restore their previous traffic and rankings.
Duplicate content issues
Switching to HTTPS can lead to various content issues.
Some of your content may be duplicated so you will have both HTTP and HTTPS prefix.
Besides that, your previous content which existed on HTTP website may convert improperly on HTTPS version.
So, always make sure you don’t have any old HTTP versions remaining after you’ve migrated to HTTPS.
HTTPS and rankings
As previously mentioned, Google incites website owners to change to HTTPS by giving them a minor rankings boost.
You need to be realistic about you expectations as this boost is only minor and will not have a significant impact on your organic positions.
Anyway, the biggest benefit of having HTTPS is the additional protection for both you and your users and that is thing which you need to focus on.
Additional information on HTTPS protocol
Here, you can find some additional tips by Google that can help you resolve any issues you might have encountered after the switch.
Things you need to be careful about!
Problems I mentioned so far are just a part of the story and they mostly refer to things which we cannot control.
On the other hand, there are numerous issues which may be caused by our neglect.
In order to switch properly from HTTP to HTTPS, these are the things you need to do:
- Your SSL certificate needs to be up to date
- SSL certificate provider has to be legitimate with a valid certificate authority
- Certificate will be a secure code specifically made for you
- Sometimes, SNI (or server name indication) may be missing
- Make sure not to block search bots from accessing important pages
- You will have to get the newest OpenSSL version as the older SSL may be vulnerable
- Embed HTTPS content on HTTPS pages
- Make sure that you have the same content on your HTTPS version as you had on HTTP
- Your site should return the proper HTTP status code (Code 200: The request has succeeded)
If you are thinking about creating a website, it is best if your protocol is secured from the beginning.
On the other hand, for those who already have a HTTP website make sure to move to HTTPS.
If possible, this change should be performed during industry’s off-season as it will give crawlers time to go through your pages and index everything.
This way, you are making sure that the loss of benefits to your business will be minimal.
Even though switching to HTTPS may be bothersome and cost you financially, it is inevitable.
In time, all the websites will have it and it would be a bad sign if you didn’t.
Remember that having an HTTPS prefix in your URL address is a sign of trust.
It will convince your clients to purchase from you as their personal data will be fully protected.