One of the most common questions that we get here at Click Consult surrounds security and the migration of websites from HTTP to HTTPS. With that in mind we thought it best to look at how you can make the switch, the benefits of doing so and the pitfalls of neglecting this approach
What is the difference between HTTP and HTTPS?
HTTP (Hypertext Transfer Protocol) is the set of rules for transferring files (text, graphic images, sound, video, and other multimedia files) on the world wide web. As soon as a web user opens their web browser, the user is indirectly making use of HTTP.
The ‘S’ at the end of HTTPS simply stands for ‘Secure’ and means that all communications between your browser and the website are encrypted. Using HTTPS, the computers agree on a ‘code’ between them, and then they scramble the messages using that “code” so that no one in between can read them. The ‘code’ is used on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth. This keeps a businesses information safe from potential hackers meaning a website that runs on HTTPS can benefit in many ways from both a user and SEO perspective.
Once everyone knew how to exchange information, intercepting on the internet was not difficult. So knowledgeable administrators agreed upon a procedure to protect the information they exchanged. The protection relies on SSL Certificate to encrypt the online data. Encryption means that the sender and recipient agree upon a “code” and translate their documents into random-looking character strings.
The procedure for encrypting information and then exchanging it is called HyperText Transfer Protocol Secure (HTTPS).
With HTTPS if anyone in between the sender and the recipient could open the message, they still could not understand it. Only the sender and the recipient, who know the ‘code,’ can decipher the message.
Humans could encode their own documents, but computers do it faster and more efficiently. To do this, the computer at each end uses a document called an ‘SSL Certificate’ containing character strings that are the keys to their secret ‘codes.’
SSL certificates contain the computer owner’s ‘public key.’ The owner then shares the public key with anyone who needs it. Other users need the public key to encrypt messages to the owner. The owner sends those users the SSL certificate, which contains the public key. The owner does not share the private key with anyone.
It is especially recommended that sites migrate to HTTPS where they have any type of form or checkout process that transmits sensitive information.
This handy resource will provide you the information you need in order to prepare for the switch from HTTP to HTTPS and give valuable insights as to the importance of doing so. This document includes:
- What is the difference between HTTP and HTTPS?
- Why switch to HTTPS?
- Crawling your website
- Updating canonical tags
- Updating sitemaps
- A technical glossary
Why switch to HTTPS?
There are a lot of important reasons to consider making the switch to HTTPS from a user, security, data and SEO perspective. If you weren’t sold by the importance of HTTPS at the start of this eBook then read on… businesses switch because it’s SAFER!
From a user and security perspective:
- HTTPS secures any data transmitted from your browser to the website’s servers. This includes your name, address, contact details, passwords and any credit card details that you enter on the website.
- HTTPS shows the padlock icon indicating that the site is secured and this gives users’ peace of mind that their data is safe from 3rd party viewing.
- From January 2017, Google started showing HTTP websites and pages that collect any passwords or credit card details as non-secure. This is part of their plan to eventually show all HTTPS websites as not secure.
- Data integrity over HTTPS is maintained so data cannot be modified or corrupted without being detected.
- Authentication prevents man-in-the-middle attacks so only you can see the data.
From an SEO perspective:
- On 6th August 2014, Google announced that they would use HTTPS as a ranking signal in their search algorithms.
- On 16th December 2015, Google said they were going to start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. They would also begin to prioritise HTTPS pages in the search results.
- There is also a prerequisite for push notifications in the run up to switching to HTTP/2 which relates to site/page speed.
From a data perspective:
Making the switch to HTTPS helps with the loss of referral data that happens when switching from a secure website to an unsecured website. This happens during the switch as the referral header is dropped. This causes analytics programs to attribute traffic without the referral value as direct instead, which accounts for a large portion of what is called “dark” or non-traceable traffic.