In August 2014, Google announced a new ranking factor. HTTPS! We know that the factors that influence the positioning of a website are innumerable and almost all unknown. Because Google, for obvious reasons, tends to keep the laws that regulate its algorithm secret. This is why the August revelation caused quite a stir, created questions, and assumptions.
What Are HTTP and HTTPS Communication Protocols?
Both protocols allow the browser to display web pages and transfer them from the client to the server. HTTP means, in fact, HyperText Transfer Protocol. The addition of the S stands for Security (Secure Socket Layer – SSL).
When the protocol is HTTPS, the transfer of data takes place securely.
How Does HTTPS Work & Why Do You Need It?
Behind this strange acronym lies a very simple and intuitive speech to understand. That’s why we will explain the importance of the HTTPS protocol; how it works, and why it is advisable to insert it within your website.
As said, HTTPS is a communication protocol. Its purpose is to allow the exchange of data between a browser and the sites you visit. Ensuring the possibility of exploiting a secure channel for transmission. This occurs thanks to SSL certificates.
The SSL Certificate
The SSL certificate ensures that the other interlocutor of the transmission is the company and the website you wanted to communicate.
But this is not the most important task of the SSL certificate; in addition to guaranteeing your interlocutor’s identity, it is also a kind of “filter”. All the data you intend to communicate to the server with which you connected, pass through this filter, and are encrypted, so that no one outside of you and the server can interpret them.
Therefore, when you connect to a site that uses the HTTPS protocol; your browser program verifies its certificate and that a legitimate certification authority has issued it.
If any stranger between the two interlocutors intercepts the communication, they will not understand it. Only the sender and the recipient have the key (or code) to decrypt the message, and it is contained in the SSL Certificate.
Good news! Your information is safe.
The issue becomes even more important in the case of browsing e-commerce, or the presence of forms or payment pages; the HTTPS protocol and the SSL certificate, give the customer the guarantee that their credit card data will be processed in safely.
How do I recognize a secure site and one that is not?
- I can understand that I am connected to a site that adopts the HTTPS protocol already at the time of typing. The address will begin with https://
- Another clue is the presence of a padlock icon in the address bar. This icon is an important security index; by clicking on it, you can get more information on the certificate adopted, and push users to complete a payment or transfer their data with greater confidence.
- Websites that still have the classic HTTP protocol will see a circled “i” appear next to the URL; indicating that the connection with that particular URL is exposed to security risks.
The advantages of using the HTTPS protocol on your site, and why it’s better than HTTP
Using the HTTPS communication protocol guarantees:
- Identity: The address you entered is the address you were looking for.
- Communication protection: From cyber attacks (i.e., man-in-the-middle), an external user can intercept traffic and redirect it to a malicious site.
- Data integrity: Sensitive and payment data that have not been altered in the communication.
HTTPS: The Psychological Effect on the User
The importance of using the HTTPS protocol; compared to its HTTP predecessor, must be clear, especially to website owners and managers. By adopting a secure protocol, the user will be comforted by visiting a professional and protected website.
As with any purchase, whether physical or online, most people prefer to turn to a reliable dealer. The certificates demonstrate the authenticity or competence of a company in a specific field; increasing the customers’ safety and trust during the purchase.
Adopting the protocol is a choice that belongs to the owner of the server or website. The user perceives that a site is or is not reliable from the signals that the browser brings to its attention. But it does not have to make changes to its program. The communication for us visitors takes place transparently and is managed by the two computer actors of communication.
HTTPS and SEO
But HTTPS is also fundamental for another reason: positioning on search engines and especially on Google.
In 2017, Google said that websites that would not adopt the HTTPS protocol would be penalized by showing a warning page about an unsecured connection with the site.
Surely you will have noticed that by using the Google Chrome browser for navigation, you are warned when a website is safe or potentially risky. This fact is already able to determine the traffic of a site heavily!
Most SEO agencies will tell you that Google takes a lot of factors into consideration when evaluating your site’s ranking. The choice not to adopt a more secure communication protocol will probably lead to a “penalty” in E-Commerce portals, where it is necessary to ask the customer for their data and payment methods.
For other types of websites; the potential negative effect on the organic positioning of your site is instead linked to the behavior of visitors. Proposing an unprotected portal determines, in fact, fewer visits, less trust and leads users to look elsewhere as desired. And these are just some of the factors that affect the reputation of your site on Google.
After the necessary premise, we see what implications at SEO level, or what we need to pay attention to, are there to adopt HTTPS.
- This is one of the cases in which 301 Redirects are essential to send all URLs from HTTP to HTTPS. And when we all say we mean ALL.
- Like URLs, canonical
relsmust also be corrected and directed to the URL with HTTPS
- Report the HTTPS version in Google and Bing’s Webmaster Tools.
- Once done, use the View as Google tool in Webmaster Tools to request the site crawl and render.
- Sitemaps must be updated so that they contain the new URLs with HTTPS (otherwise, they are all 404). Once modified, they must be reported in GWT. Before deleting old sitemaps, it is better to wait for the engine to process all the redirects.
- The robots.txt file must be updated, and new sitemaps should be reported.
- Update the Google Analytics tracking code if necessary; most modern snippets already manage HTTPS.
- Implementing HTTP Strict Transport Security (HSTS) is an HTTP response that serves to communicate to the user agent that the server interacts with the browser via HTTPS.
- For the generation of RSS feeds, you must make sure that you use a service that supports HTTPS, not that affects the ranking directly, but it is still important for the visibility of the site.
- The social buttons, as well as for RSS feeds, by default, do not support HTTPS, their code must be modified to make them functional and guarantee users the ability to share content.
HTTPS And GDPR
Preferring the HTTPS protocol also has positive implications for the management of personal data.
You have certainly heard of the GDPR, or the new regulation for security and data processing, which came into force on May 25, 2018.
As we saw at the beginning of this article, the HTTPS protocol adoption is also important as a form of guarantee for users regarding the “Privacy” speech. It is also an advantage for the website owner who, in doing so, offers additional “protection” from a GDPR perspective.
FAQs About HTTPS
HTTPS protects both sides against man-in-the-middle attacks. Also, the bidirectional encryption communications between parties protect the communications from eavesdropping and tampering.
Almost everyone knows SSL (Secure Socket Layer), but not TLS (Transport Layer Security). Yet both protocols send data securely. Although TLS is younger, all SSL certificates can use both SSL and TLS encryption.
You can get viruses from HTTPS-protected websites. HTTPS servers only encrypt your text data to coding language so nobody can eavesdrop or tamper it during transmission. HTTPS servers can’t scan for viruses.
Conclusion – Duty Calls!
To conclude, the transition to a secure connection is more a duty than a piece of advice, and at the moment, there seem to be no side effects. On the contrary: it is undoubtedly worth taking advantage of the circumstances to improve your site in terms of SEO and User Experience. Otherwise, what is still a detail for the moment will soon become something unpleasant to deal with day after day.