Update 7/27/18: Google launched Chrome 68 this week and will now indicate sites without encrypted connections as “Not Secure” in the browser’s URL bar.
Even if you aren’t serving up secure information for your users, HTTPS will help prevent hackers from manipulating communications between your web pages and your users’ browsers.
A hacker can use any unprotected resource that travels between your web pages and your users. This includes HTML, scripts, cookies and images. These intrusions can happen anywhere along the network, from a compromised ISP, Wi-Fi hotspot or the user’s own machine.
HTTPS Impact on SEO?
Google has announced that HTTPS is a ranking factor in search results. For now, it’s only a small factor, impacting fewer than 1% of queries and less important than high quality content.
If your visitors are coming from a HTTPS website and your site is HTTP, you’re losing referrer data. Switch to HTTPS and you won’t suffer from HTTPS referral loss.
HTTPS is just one of the many factors you should include on your rankings improvement checklist.
HTTPS, What is It?
HTTPS is used for Hypertext Transfer Protocol (HTTP) communication and the “S” stands for “secure”.
When you add HTTPS your users will get three key layers of security:
- A guarantee that your users are communicating with the website that they intended, preventing “man-in-the-middle” attacks.
- The exchanged data is encrypted. This ensures that calls between your users and your website won’t be intercepted and information is not stolen. Without it, someone running a Wi-Fi access point could see private information like credit cards being used to purchase something online.
- Data integrity will ensure that the data, like credit card numbers and browsing history, won’t be altered or damaged during transmission.
A HTTPS Checklist
Make sure you do these things as part of your switchover to HTTPS:
- Enable HTTPS for your website and purchase a 2048-bit key certificate, as recommended by Google. We purchase most of ours through RapidSSL, but there are many other vendors to choose from.
- Clean up any old redirects. If you have any redirects for non-www to www or vice versa, make sure those are updated to point to https www so save on excessive redirect chains.
- All rel=canonical tags in the <head> portion of your website page templates should point to their correct HTTPS URLs. Update any hreflang or rel=alternate tags too.
- If you have a content delivery network (CDN), make sure that it supports SSL. We’ve used MaxCDN for some of our clients and it works well.
- If you have anything being served over HTTP instead of HTTPS, you’ll get flagged with a mixed-content warning.
- Crawl your website using a tool like Moz to make sure all your pages are returning a status code of 200 and are coming thru via HTTPS.
- Tell Google you’ve moved to HTTPS. Google sees an HTTPS migration as a site move with a URL change. Add the new HTTPS site to your Google Search Console.