It’s easy to accept that the world of online business moves fast. Business owners defer judgement to digital agencies and digital agencies defer judgement to developers. Things can get lost in-between and one such example is HTTPS.
After working in the SEO industry for over 12 years, there are some tasks – while being relatively simple – that are continuously overlooked. Whether it’s the pace of industry or ill-defined roles and scope that are responsible for these oversights, it’s time to talk about HTTPS.
Simply put HTTP is Hypertext Transfer Protocol and HTTPS is Hypertext Transfer Protocol Secure. It’s a new (but old) introduction of how sites are set up to improve the security and privacy of users. Without it anybody can see what websites you visit, when your request is made, and where this request goes. While this might not seem particularly valuable for your industry (“Who cares if I visited a clothing website?”), its value applies to other institutions (e.g. banks) and to individuals at large.
As such, the use of HTTPS standards is about total privacy and is not only restricted to certain aspects of life.
For your website to have access to HTTPS connections, your site must possess an SSL (Secure Socket Layer) certificate for your domain name. This requires registering your domain to a certificate authority or certification authority (CA) which are entities that issue digital certificates.
These digital certificates then certify the ownership of a public key by the named subject of the certificate. They use a technology called asynchronous encryption that allows you to request websites privately.
Over recent years, it is now considered best practice to make use of SSL certificates and HTTPS due to the demand for privacy from users. Yet many developers and digital agencies still fail to address these standards.
Secure connections for users was first considered a factor in 2014 when the search engine giant Google announced HTTPS as a ranking signal. 5 years later, we now see a larger number of sites that implement HTTPS to gain greater visibility and a greater likelihood of appearing within top 10 listings. Now, a majority of sites use HTTPS.
Another error can occur during the implementation of an SSL certificate enabling HTTPS. This is called mixed content. This happens when initial HTML is loaded over a secure HTTPS connection, but other resources (such as images, videos, stylesheets, scripts) are loaded over an insecure HTTP connection.
It’s called mixed content because both HTTP and HTTPS content are being loaded and displayed on the same page. Modern browsers display warnings about this type of content to indicate that a page contains insecure resources. This sort of incorrect implementation can affect organic performance.
In conclusion, even in the fast paced online world, there is some critical technical implementation that must be required to maintain the competitive advantage. Don’t let this go under the radar!