Even before data breaches have become a major concern for everyone, Google and other global search engine leaders have been consistently pushing for security on the web. One key measure is for websites to shift from HTTP to HTTPS version.
Before we move on, let’s first define the difference with these two:
HTTP (HyperText Transfer Protocol) – is a simple protocol for sending and receiving text-based messages.
HTTPS - (HyperText Transfer Protocol Secure) - is the encrypted version of the HTTP
*Communication sent over the HTTP protocol is literally in plain text and can be read by anyone who manages to hack the connection between the browser and the website.
Back in 2014, Google launched their HTTPS everywhere campaign to signify their commitment to making the web secure and safe for all users. With it, they also announced as a ranking signal and from there, started indexing secure pages over unsecured ones. The campaign almost did not pick up at all. According to a study by Stone Temple Marketing, roughly 0.3% of 200,000 websites only have heeded the call to switch.
Even after several years, the adoption of HTTPS has been slow despite a continuous call from Google for a more secure web. In 2016, Google reinforced its efforts and announced that unsecured websites that will be accessed via Chrome browser would be marked by the following year. True to its promise, Google came out with a grey warning on the address field to warn users that they are about to navigate an unsecured website. They even marked this red, later on, to stress the risks to users engaging with unsecured websites.
WHAT ARE THE BENEFITS OF MIGRATING TO HTTPS?
Let us emphasise the benefits of having a secured site. First, let it be known that implementing encryption has never been easier now with the rise of faster servers, affordable and quick SSL certificate set up as well as better protocol mechanism.
Sure migrating to HTTPS will not skyrocket you to the top spot in SERP but will give your site a slight ranking boost as admitted by Google. There is, however, more to HTTPS switch than a ranking boost.
User Trust - Keeping up with updated security requirements shows that you value the security of your website. It shows that you are trustworthy and care about your reputation. Your visitors will feel safer to engage with your website, and this is good for your site.
Security and Privacy - This is the most obvious reason why you should make the switch, making your site a safer web environment for your users and assures them that they will not lose their data.
Ranking Boost - Google admits that switching to HTTPS will contribute to your site’s ranking boost.
Visibility of Referral traffic in Google Analytics - Have the ability to see referral traffic in Google Analytics if you’re on HTTPS.
WHY ARE WEBSITE OWNERS HESITANT TO SWITCH TO HTTPS?
Right from the start, the intent was clear - to make the web a safer place - which should be everyone’s responsibility. Much like the way we live in our physical world, as web users, we spend a big chunk of our time on the web. We work with it, study with it, communicate and socialise, do business, buy stuff, and somehow manage our finances and even personal data on the web. In fact, it’s the second world we live in! We, therefore, realise how important it is to make it a safer place for all of us.
Probably, if we choose to engage only with secure sites, it will help support the call for a safer web and push stakeholders to act upon it. Now, where is the hesitance coming from? There are a few beliefs that sum up why non-compliant sites remain unmoved.
The site does not contain important or sensitive information.
Even if your site does not contain sensitive data or you maintain it that way regularly (which could be cumbersome), know that Javascript-based ad injections can still penetrate your site and could be a factor in keeping your audience in the site.
Running on HTTP also restricts web developers from using major API’s:
- GeoLocation for seeking users’ location
- Web Push Notification
- GetUserMedia for triggering permissions of using a user’s camera/microphone
- HTTP/2
- EME and App Cache (will be unavailable soon)
Shifting to HTTPS will slow down the site.
There is no real evidence of this myth. In fact, when Google migrated to HTTPS, the impact was hardly noticeable. The stats show that TLS accounts for less than 1% of CPU load; less than 10KB of memory per connection and less than 20% of network overhead. (Adam Langley, Google 2010). The negative experience could be attributed to the lack of optimisation.
Dependence on 3rd parties that aren’t on HTTP
Third party service providers are concerned about HTTP referrer header. These referrer headers will be stripped off for privacy reasons when followed from an HTTPS site. The Referrer Policy web platform feature helps with this.
The problem with HTTPS site having partner sites on HTTP is that the mixed content (loading unsecured HTTP content on HTTP) which can compromise the secured site. The Content Security Policy feature allows publishers to scan for mixed content and fix it.
Myths busted! It shows that there is a solution to all these reasons, and they are merely excuses for delaying the switch to HTTPS.
If these aren’t enough to make you decide to make the switch, you should also know that there’s no stopping Google. For a year now, they have been testing how to mark unsecured sites before you can open the site. Yes - right on the SERP. In the US where it was implemented, a huge red flag on search snippets of pages on HTTP.
In February, Google announced that it would mark all HTTP sites as “not secured” without any exceptions by July 2018, along with the release of Chrome 68. When this happens, it can take a toll on CTR rates. Thus, we highly advise adopting HTTP encryption and the use of SSL Certificates on your sites if you haven’t yet. Now is the time!
0 comments:
Post a Comment