Why HTTPS is Better For Your Website

Google has recently announced that it would make HTTPS encryption a search-ranking signal. That’s why in the future your Chrome browser will flag unencrypted websites as insecure, displaying a red “x” over a padlock in the URL bar.

HTTP vs HTTPS

Hypertext Transfer Protocol (HTTP) is a system for transmitting and receiving information across the Internet. HTTP is an “application layer protocol,” which ultimately means that its focus is on how information is presented to the user, however, this option doesn’t really care how data gets from Point A to Point B. It is said to be “stateless,” which means it doesn’t attempt to remember anything about the previous web session. The benefit to being stateless it that there is less data to send, and that means increased speed.

When is HTTP beneficial?
HTTP is most commonly used to access html pages, and it is important to consider that other resources can be utilized through accessing HTTP. This was the way that most websites who did not house confidential information (such as credit card information) would setup their websites.

HTTPS, or “secure http”, was developed to allow authorization and secured transactions. Exchanging confidential information needs to be secured in order to prevent unauthorized access, and HTTPS makes this happen. In many ways, HTTPS is identical to HTTP because it follows the same basic protocols. The HTTPS or HTTP client, such as a Web browser, establishes a connection to a server on a standard port. However, HTTPS offers an extra layer of security because it uses SSL to move data. For all intents and purposes, HTTPS is HTTP, it’s just the secure version. The main difference between the two is that HTTPS uses TCP Port 443 by default. Meaning, HTTP and HTTPS are two separate communications.

https_padlockHTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely (which is really the key difference that Google cares about).

Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like (like HTTP does).

That is why HTTPS really offers the best of both worlds: Caring about what the user sees visually, but also having an extra layer of security when moving data from point A to point B.

HTTPS Security

Google will soon shame all websites that are unencrypted. Why? Google wants everything on the web to be travelling over a secure channel. With this upcoming change in Chrome, Google makes it clear that the web of the future should all be encrypted, and all sites should be served over HTTPS, which is essentially a secure layer on top of the usual HTTP web protocol.

http_cross_out Currently, Chrome displays only an icon of a white page when the website you’re accessing is not secured with HTTPS, a green locked padlock when it is, as well as a padlock with a red “x” on it when there’s something wrong with the HTTPS page the user is trying to access. The change will draw even more attention to the sites that are potentially insecure.

The reason behind this is that on every website served over HTTP the data exchanged between the site’s server and the user is in the clear, meaning anyone with the ability to snoop on the connection, be it a hacker at a coffee shop or a secretive government agency, could steal passwords, private messages, or other sensitive information.

But HTTPS doesn’t just protect user data, it also ensures that the user is really connecting to the right site and not an imposter one. This is important because setting up a fake version of a website users normally trust is a favorite tactic of hackers and malicious actors. HTTPS also ensures that a malicious third party can’t hijack the connection and insert malware or censor information. When a user connects to your website, it will automatically use a channel that encrypts the communications from their computer to the website.

HTTPS SEO Advantages

In addition to the security offered by HTTPS, there are additional SEO benefits for marketers to take advantage of.

1. More referrer data
Whenever traffic passes from a secure HTTPS site to a non-secure HTTP site, the referral data gets stripped away. This traffic shows up in your analytics report as ‘Direct.’ This is a problem because you don’t know where the traffic actually comes from. If you use HTTP, traffic from sites like Paypal shows up as ‘direct’, because Paypal uses HTTPS.

Fortunately, there’s a simple solution: when traffic passes to an HTTPS site, the secure referral information is preserved. This holds true whether the original site uses HTTP or HTTPS. As more and more sites make the switch, this becomes increasingly important.

2. HTTPS as a rankings boost
As was already discussed, Google has confirmed the ranking boost of HTTPS. But take note, this boost is minimal at best. When considering boosting your rank, you might want to look at other factors like content and data reliability.

3. Privacy
Many people argue that HTTPS only provides an advantage if your site uses sensitive passwords. That’s not exactly true. Even regular boring content websites can benefit from HTTPS / SSL encryption. Security and trust add to the small ranking gains, making it worth the effort if you can.

HTTPS Challenges

1. Speed issues
Because HTTPS requires extra communication “handshakes” between servers, it has the potential to slow down your website – especially on slower sites. Add to this the fact that speed is itself a ranking factor, especially on mobile.

The good news is, if you follow best practices your site should be more than fast enough to handle HTTPS. New HTTPS friendly technologies like SPDY offer you the opportunity to speed up your website more than ever before.

2. Costs
Many webmasters pay between $100-200 a year for SSL certificates. That’s a significant amount for small websites. It’s also a barrier that most spammers won’t bother with. On the other hand, it’s completely possible to switch to HTTPS for free.

3. Not everything is ready for HTTPS
Sometimes, things don’t play well with HTTPS. Older web applications can have trouble with HTTPS URLs. If you run AdSense, you may see your earnings fall significantly, as Google will restrict your ads to those that are SSL-compliant.

4. Details often overlooked
Moving your entire site to HTTPS requires many moving parts. It’s easy to overlook important details. Some of which could include blocking important URLs in robots.txt or pointing canonical tags at the wrong URL. Usually, because of the size of the website itself, these simple but important details are sometimes passed over and could potentially lead to your rankings actually dropping.

Much of the web is now moving towards HTTPS encryption, and within a few years it may even become the default. SEOs, consultants and agencies that become experts and who are in the know may be rewarded as the popularity of the protocol grows. Unlike content insertion, however, HTTPS isn’t like other ranking factors. Implementing it requires complexity, risks, and costs. This push is not only a large overhaul in itself, but would require a big shift in mentality for both webmasters and visitors. But as is often said when rules are not yet set in stone, we must be prepared lest we be caught off-guard and be left behind.