Call Us

Close

Say Hello

Please fill in the form below and one of our specialists will be in touch with you, alternatively contact us on:

    Whooosh!

    Your message has been sent successfully.

    We have received your enquiry and if it’s something we can help with, we’ll get back in touch with you as soon as possible.

    4 mins

    HTTPS (Hypertext Transfer Protocol Secure)

    01 February 2023

    highlight 4

    Hypertext Transfer Protocol Secure (HTTPS) is an internet communication protocol that protects the privacy of user data between their browser and the website they’re using.

    A secure alternative to HTTP, this protocol is often used to protect confidential transactions such as online shopping orders and online banking. Because of this, HTTPS is widely used by e-commerce sites and sites containing sensitive material. It is an important ranking factor in Google search, and the search engine prioritises websites that use this more secure protocol.

    An example of an HTTPS URL is: https://www.yourdomain.co.uk/payment

    How does HTTPS work?

    HTTPS secures connections using a TLS protocol that prevents eavesdroppers from accessing private information. TLS (Transport Layer Security) provides secure internet communication by encrypting private information and authenticating the security of a server, ensuring there are no imposters diverting confidential information.

    You’ll often see TLS referred to as SSL (Secure Sockets Layer). SSL is the predecessor of TLS, but been more or less phased out in favour of TLS. SSL uses MACs, whereas TLS uses HMACs. SSL supports older algorithms with known security vulnerabilities and is therefore more susceptible to corruption/hacking etc. TLS uses advanced encryption algorithms and is more secure, hence why it’s the option of choice.

    When accessing a web page with HTTPS connection, the website will send its TLS certificate to your browser. This certificate contains a public key necessary to begin the secure session. Your browser and the website then establish a uniquely secure connection between yourself and the website.

    Many browsers including Chrome, Firefox and Safari will display a padlock icon in the address bar when a HTTPS connection is in effect.

    The SEO benefits of HTTPS

    Aside from providing a secure online experience for website visitors, there are several SEO benefits to adopting HTTPS:

    Boosts your rankings

    Google heavily recommends that all websites use HTTPS connections as opposed to standard HTTP. In 2014, the search engine giant announced that its algorithm would now consider HTTPS as a positive ranking signal.

    Improves the accuracy of referrer data

    When traffic passes from a secure HTTPS site to a non-secure HTTP site, referral data is lost and instead appears in your Analytics report as direct traffic. This is problematic in that it leaves you with inaccurate traffic data.

    When the traffic passes to a secure HTTPS site, regardless of whether the original site is secure or non-secure, referral information is retained and will appear in Analytics accurately.

    The challenges of HTTPS

    For all of the benefits of moving to HTTPS, it’s also important to consider the potential implications involved:

    Page speed

    As HTTPS requires more communication between servers, page loading speed can be slowed down. This is problematic for UX, and is also a Google rankings factor. There are plenty of steps that your site developers can take to mitigate against this risk.

    Ranking fluctuations when migrating the site

    Google treats a migration from HTTP to HTTPS as a site move with a URL change. Consequently, you may experience fluctuations in rankings while Google re-crawls and re-indexes the site.

    Is HTTPS for me?

    In terms of security, any website that accepts payments or requires users to enter confidential information should be using HTTPS. However, if you have a small website where the most information you obtain is email addresses for mailing lists, HTTPS is best practice, but not always necessary. But, from an SEO point of view, because it is a known ranking factor, we would generally recommend making the switch.

    How to migrate from http:// to https://

    Step 1: Obtain an SSL Certificate

    To enable HTTPS on your website, you’ll need an SSL (Secure Sockets Layer) certificate. SSL certificates are issued by trusted certification authorities and ensure that the data transmitted between the user and the server remains secure. SSL certificates can be obtained from reputable providers or through your hosting provider. Choose the appropriate SSL certificate based on your website’s requirements.

    Step 2: Backup Your Website

    Before making the transition, it’s often a good idea to create a complete backup of your website. This backup will serve as a safety net in case anything goes wrong during the migration process. Backing up your website files and databases ensures that you can easily revert to the previous state if needed.

    Step 3: Update Internal Links and Resources

    To ensure a seamless transition to HTTPS, all internal links and resources on your website need to be updated to reflect the new protocol. This includes images, CSS files, JavaScript files, and any other references to external content. Manual updates can be time-consuming, especially for larger websites.

    However, automated tools or scripts can assist in this process and ensure that all references are modified correctly. Platforms such as WordPress will often have plugins that make this easy and seamless. You should make a map of all pages on your site, using tools such as Screaming Frog, to ensure that you don’t miss any pages.

    Step 4: Update External Links and Redirects

    Essentially, you want to treat this as a form of site migration. In addition to internal links, you must also update any external links pointing to your website, to retain the flow of link juice. This means updating includes links from other websites, social media profiles, and online directories. Reach out to relevant website owners and inform them of your migration, requesting that they update their links accordingly.

    Additionally, configure 301 redirects from the HTTP version of your website to the HTTPS version. This will automatically redirect visitors and search engines to the secure version of your site, preserving SEO rankings and user experience. Again, you’ll have wanted to crawl your website using a tool such as Screaming Frog to ensure that you are 301 redirecting every page that was http:// to its new, corresponding https:// version. Make sure that you start by ensuring that all priority pages have the redirect in place and work your way from there. Talk to your SEO agency about this one as it can be tricky.

    Step 5: Update Google Analytics and Webmaster Tools

    If you use Google Analytics 4 (GA4) or other webmaster tools, update your website URL to reflect the new HTTPS protocol. This will ensure that your website’s GA4 and search console data continue to be tracked accurately. Additionally, submit the updated sitemap to search engines to expedite the indexing process.

    Step 6: Test and Validate

    After completing the migration steps, it is crucial to thoroughly test and validate your website’s new HTTPS configuration. Utilise online tools or browser extensions to check for any mixed content warnings, which may occur if your website still serves some resources over HTTP. Fix any issues promptly to maintain a secure browsing experience for your visitors.