HTTPS (the secure version of HTTP, the protocol which sends data between a browser and a website) is older than most people realise. It’s been around for two decades, though the number of websites using it on all their pages has been relatively low, until the last couple of years. You’ve probably noticed that many major websites now incorporate HTTPS as standard.
Why did it only become popular recently? People’s concern about the security of their personal data was certainly part of it, though the principal catalyst was arguably Google’s announcement in 2014 that HTTPS would start to become a ranking factor in search, as Google made a push for ‘HTTPS everywhere’. Even though it’s a lightweight factor, companies realised at this point that they might need to move to HTTPS to maintain their traffic levels from Google search.
What are the benefits of HTTPS for your website?
If your website uses HTTPS, you’ll benefit from the following:
1. Search rankings boost
This was mentioned above – and interestingly, though it was a key motivator for many companies to make the change to HTTPS, recent studies such as this one by Moz, show that to date, it makes very little difference in organic search rankings. The most we can probably say is that if two sites are in most other ways equal, HTTPS could confer the bonus points needed to have one site rank above the other. That said, Google is likely to upweight this in the future, so it’s prudent to have it in place now, before any algorithm change comes along.
2. Better referral insights
If you have an HTTP website, you may have noticed that visits from an HTTPS site are rendered as ‘Direct’ in Google Analytics, and have their referral data stripped out. This is because that visitor has passed from an encrypted connection to an unencrypted connection, and so to preserve the security the data has to be removed.
There are two workarounds to this. The best is to have an HTTPS website yourself, because then you will see all referral data in your analytics platform, irrespective of whether that visit has come from an HTTP or HTTPS source.
If that’s not feasible, the next best option is to ensure that any links to your site from ad campaigns, PR activity, affiliates, etc are tagged with utm parameters, as these elements won’t be removed for visits from an HTTPs site. The easiest tool to use is URL Builder, which allows you to set variables for source, medium and campaign, meaning that you can identify each link and assess the performance of traffic from it in Google Analytics. The link will look something like this:
Once the utm parameters are defined, if you go to Google Analytics and check in All Traffic > Referrals, and use a secondary dimension such as Source/Medium, you can then segment your traffic by where it came from, and so get round the loss of referral data.
3. Boosted security
An HTTPS website adds security in a number of ways:
- It makes ‘man in the middle’ attacks far less likely;
- It encrypts all communication, protecting browsing history, passwords, financial details, etc;
- It verifies that the website is the correct one the server is intended to be passing data with.
4. Greater level of customer trust and sales
Finally, as public awareness of the above factors grow, customers will be increasingly reticent to purchase or leave sensitive details on an HTTP site. On checkout pages, HTTPS has been standard for a long time – but the likelihood is that websites will want to demonstrate that the customer journey is secure throughout.
What are the challenges of HTTPS for your website?
The main one is actual implementation and the potential for errors to creep in during that process. Before we look at that, let’s clear up a couple of areas that used to be challenging but are now are far less so:
- Cost. You will need to obtain an SSL certificate as part of the transition to HTTPS. This certificate contains a key needed to begin a secure session between that website and your browser (it’s called an SSL handshake, and ensures a unique secured connection). Costs are coming down all the time, and new providers such as Let’s Encrypt even offer free certificates.
- Site speed. Since HTTPS requires more ‘handshakes’ between servers to establish a secure connection, it was often cited as a factor in slow page load. Nowadays, protocols like SPDY, and HTTP/2 (the second iteration of HTTP, based on SPDY), mean there’s very little tangible difference.
As mentioned, the biggest challenge lies with implementation errors that could cause your website to become much less visible via Google Search. The business of migrating from HTTP to HTTPS is not especially easy, and should probably be handled by a developer and/or SEO specialist – take a look at this checklist to see what’s involved. The migration needs to ensure:
- That the security certificate is validated and configured correctly;
- That old HTTP URLs are redirected via a 301 to the equivalent HTTPS URL;
- That Google can crawl the new HTTPS URLs;
- That any hard-coded URLs are updated to HTTPS and thus do not break;
- That an HTTPS XML sitemap is submitted;
- That all site variants for your website are verified In Google Search Console (eg http://mywebsite.com; http://www.mywebsite.com; https://mywebsite.com; https://www.mywebsite.com).
Overall, the advantages of an HTTPS website can be considered as outweighing the complexity of set-up. Customer trust, data integrity and the prospect of better search visibility make it something that should be considered by any small business when they next look to update their website.
Were these tips useful? Are you considering the switch to HTTPS, or are you unsure how to use UTM parameters to get better referral data if you’re still on HTTP? Please share your thoughts or leave questions in the comments below.