Ecommerce sites need HTTPS when processing credit card and other payments for security purposes. But many are not full HTTPS sites, they are a mix of HTTP and HTTPS. Is this an issue? Google thinks so. What would it take to make a full site HTTPS then?
First why HTTPS? Hypertext Transfer Protocol Secure (HTTPS) is a communication protocol that protects the confidential information of visitors.
Three layers of protection are used to protect things like personal data or transactional data. By using Transport Layer Security protocol (TLS) data is encrypted, gains data integrity and is then authenticated. These steps ensures the user is protected, and lets them know they can safely buy from you.
HTTPS is important but what are the risks of moving your whole site?
First and foremost, this migration is not a quick and easy thing, it can take many months depending on your site size and the challenges you face.
Secondly, consider why you want to migrate. Is it for security reasons? For your customers? To improve your Google ranking? Though Google is a reason to consider migrating, the impact is not high enough to migrate for this reason alone. Google rankings are only one component used for ranking. You should not expect a major SEO advantage for moving to HTTPS in the short term.
Common pitfalls are: expired certificates, certificate registered to incorrect website name, missing Server Name Indication (SNI) support, blocked crawler, indexing issues, old protocol versions, mixed security elements, different content on HTTP and HTTPS, HTTP status code errors on HTTPS, and more.
When migrating, there will be temporary SEO changes. A decrease in search performance is likely to happen, but performance will bounce back in time. The severity of this decrase depends on how much work is done during migration for SEO. This SEO checklist created by Aleyda Solis acts a great guide for a HTTP -> HTTPS migration.
Mixed content can be a challenge. If a page loads over HTTPS, all its assets need to do the same. When an image is HTTP on an HTTPS page, it is considered to be mixed content, which should be avoided for a successful rollout. Things like manual reviews, ads, and mobile are often culprits leading to mixed content. The more data a site has to process, the more likely it is to generate mixed content. When Wired.com migrated to HTTPS they saw that 77% of their mixed content issues were from Webkit (an iOS and Safari browser engine) because it did not yet support the “upgrade-insecure-requests” and was not able to treat HTTP assets as requested HTTPS assets (bug resolved in June 2016, expected to be part of the fall update).
Switching everything to HTTPS is important. Mixed content is one thing but third-party scripts need to be HTTPS as well. According to Gary Illyes from Google, If you do not have your tracking or ad scripts as HTTPS, you many get “blocked by browsers”.
But what is more important is that you monitor your site before, during and after the change to HTTPS. It is key to measure how the change affects your site by watching for errors, mixed content, and monitoring site performence.
Use Google Analytics and Search Console to monitor traffic, view errors, track search impressions and site traffic, and monitor eCommerce performance.
Use other tools to monitor your site for things like ranking, bugs, and other important metrics.
Migrating a site is a challenge, and is a big decision. HTTP to HTTPS is primarily for security – both your security as a company and the security of your customers. It is important to do it right the first time. We can help ensure a seamless migration from HTTP to HTTPS, contact us to learn more.
By Bethny Card
As a Digital Marketing Specialist, Bethny is a strong SEO resource for Thinkwrap and our clients. She holds an advanced diploma in Advertising, and brings with her over five years’ experience working in the digital marketing field across Canada and abroad. Her dedication to her career and thirst for knowledge contribute to her role helping customers achieve omnichannel growth maximum ROI.