Below is the transcribed version of the video.
Hello everybody. Welcome to another edition of Feet Up Friday. I'm your host, BrendanGilbert. This week we're talking about HTTPS pros and cons. If you're interested in making your site HTTPS, also known as green bar, green padlock, or ssl, we're going to discuss the benefits and the hurdles you're going to run into making this switch.
Define Your Current Protocol
The first thing we need to do is identify if you're using the standard HTTP protocol. All you need to do is copy your domain from your browser and paste it into a document or email. Odds are it's HTTP. If you are currently using HTTP you will see http:// at the front of the URL once you paste it. It will probably look something like: http://example.com or https://example.com. If your link looks like the second example than you can stop reading as you are already using HTTPS.
So, if you're currently using the HTTP protocol and are curious about switching, continue on.
There's several things that need to be executed before getting the green padlock and taking advantage of the HTTPS protocol.
Buying a Certificate
First you have to buy a certificate. For the most part you have two choices: an EV SSL certificate or a standard SSL certificate. SSL, if you're wondering, stands for Secure Sockets Layer. The EV SSL stands for Extended Validation Secure Sockets Layer. This means that you must submit additional information about your business and have the information legally approved. This process takes extra leg work but can show people that you are a verified business or entity.
From an SEO perspective it doesn't matter which one you decide to purchase, at least for now. That may change as search engines, like Google and Bing, are always modifying their algorithms. That's one thing to keep in mind when deciding on which certificate you want to choose.
Now that you have a basic understanding of HTTPS vs HTTP, and SSL vs EV SSL, we're going to dive into the benefits and potential pitfalls you may discover when making the switch.
HTTPS: The SEO Benefit
Our first benefit is ranking boost. In the video below, Google I/O 2014 - HTTPS Everywhere, Google states that "all communication should be secure by default".
Another example where Google is clearly stating the benefit of HTTPS can be found in one of their articles, HTTPS as a ranking signal, they state that "we're starting to use HTTPS as a ranking signal". Therefore, it is very clear that HTTPS is important and should be considered by webmasters moving forward.
we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
However, Google also stated switching to HTTPS is not considered to be a major ranking factor. The article, which can be read here, also states that "For now it's only a very lightweight signal - affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content - while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
So here we sit in June of 2016, nearly two years from this announcement, and only 27 of the top 100 sites on the internet are using HTTPS by default. This number has increased slowly and will more than likely continue to do so. You can view this handy page from Google displaying the live count.
One interesting side note is that these top 100 sites, according to Google's estimates, account for 25% of all website traffic. As these big time players transition to HTTPS you can be sure the pressure will increase to make the switch for smaller entities.
HTPPS: The Privacy & Security Benefit
Your users privacy is important and securing that information between the server and the visitor is vital. When transmitting personal information such as bank or credit card information, social security numbers, and other private information you want to leverage the HTTPS protocol. This will encrypt all the users data and make it extremely difficult or impossible to view. Doing the same using HTTP would not encrypt the data allowing a hacker, or snooper, relatively easy access to this information.
HTTPS: The Reporting Benefit
Next is referral data. Referral data, also known as referral traffic in your Google Analytics account, allows you to see where web traffic comes from. Basically allowing you to see what websites have a link to your website. This is extremely valuable for marketing and understanding how your website is gaining traffic; enabling HTTPS will help you avoid missing out on this information.
For example, let's say you're in the business of selling fruits and vegetables. There's a farm down the road whom you do business with; this farm supplies you with all your fruit and vegetables. This farm supplier has a website that uses the HTTPS protocol and has a link pointing to your website. If you're site is using HTTP instead of HTTPS any traffic coming from the farmer will display as direct traffic instead of referral traffic in your Google Analytics account.
The main takeaway is that if you use HTTPS instead of HTTP, referral traffic will show as desired. If you're using HTTP it will not show as desired if the visitor is coming from a HTTPS website.
HTTPS: Speed Issues
Speed issues, the bane of webmasters across the land. This is especially true when it comes to HTTPS if your server is not properly setup to ensure smooth implementation. If things are not setup properly you can run into speed issues on your website.
One issue that can absolutely kill your site speed, especially when using HTTPS protocol, is "keep alive" which essentially allows for one request followed by all the requested content vs closing the connection for every request.
For example, imagine if you were having a conversation with someone. You started by saying "hello", which is considered normal, but you had to keep saying "hello", waiting for them to process the greeting, and then they say "hello" back and having to repeat this for every word you wanted to speak within the conversation. This would be crazy and would make for a very annoying conversation.
One thing to note, is that these keep alive settings will affect all traffic whether you're using HTTPS or HTTP. It just compounds greatly on HTTPS because the server is encrypting all of the information before sending it to the user's computer and then the browser has to un-encrypt the packets once received.
If you're looking for more in-depth conversations about enabling HTTPS without sacrificing website performance you should read this post from our friends at MOZ.
HTTPS: Cost Issues
This is pretty straight forward, it's going to be a little bit more expensive to setup a HTTPS site vs a HTTP site. You will have to buy a certificate, which generally range from $10.00 - $200.00, and have it installed. This can be done in house if you have the proper staff and infrastructure; if your business is not capable for the in house option you will have to pay a web hosting company or a developer to enable it for you.
HTTPS: Mistakes to Avoid
When implementing HTTPS you want to be sure your code on your website is working with you and not against you. One major thing to look for is the rel="canonical" tag which is generally found in the head of your document. Your site may or may not have it and webmasters should consider adding it. The purpose of the rel="canonical" tag is to tell search engines which version of your URL you want indexed and will help you avoid duplicate content issues. This article gives a solid explanation on rel="canonical" if you're looking for a deeper dive into canonicalization.
When a search engine crawls a site it will potentially find two separate links with the exact some content. Google does not like this because their website crawlers do not know which page should be indexed and served within their search engine result pages. This will dilute your search presence and could hurt your web traffic. So by adding the rel="canonical" tag you are basically saying "hey website crawler, I am aware of the duplicate content but this URL is the one I want to have indexed, you can ignore the other one. Thanks!"
For example, let's say a search engine crawler finds these two links on a website.
- http://example.com/blog-post
- https://example.com/blog-post
The only difference between these two URLs is that one is using the HTTPS protocol and the other is not. Each one of these pages are the same line for line but this doesn't matter to the crawler, it sees two separate pages and two unique URLs. Even though the pages are the same in every aspect the crawler indexes these two pages separately as duplicate content and this will more than likely hurt your odds for ranking high in Google or Bing.
However, the next week you have decided to include the rel="canonical" tag on your website and that you want to use the HTTPS protocol as your preferred URL. By including the <link rel="canonical" href="https://example.com/blog-post" /> you have told search engines that you are aware of duplicate content issue and that this is the only page they should index and send traffic to.
Quick Note on 301 Redirects
If you have the option to 301 redirect all of your web traffic via your .htaccess file, or any other method, you might want consider that option as well. This can be a bit more challenging depending on your situation and capabilities.
However, the attractive side with the 301 is that you are forcing all traffic to your desired URL. In our case it would be telling all traffic hitting the domain http://example.com to be redirected automatically to https://example.com. This will prevent Google, or any crawler or web visitor, to only have access to your desired content. This will eliminate any sort of confusion when it comes to indexing and essentially eliminates duplicate content issues.
Summary
There you have it: the pros and cons to SSL and HTTPS. If you have any questions, comments, concerns, put them down below, I'd love to hear from you guys and gals. I can always improve these. That's it, Brendan Gilbert, have an A1 day.
PS - If you need help implementing HTTPS protocol for your website we can help. Click the button below to talk with one of our experts and get a free website consultation.
About Brendan Gilbert
As a Digital Communications professional, Brendan enjoys helping companies increase their customer base and enjoys tracking the results with industry leading tools. When it comes to life, he enjoys walking his Husky Steele, fishing with his old man, and camping with his wife.
More posts by Brendan Gilbert