Moving to Secure HyperText Transfer Protocol? What needs to be reviewed?
Google’s move to HTTPS
On August 06, 2014, Google disclosed HTTPS (Hyper Text Transfer Protocol Secure) is a ranking factor in SEO, rather unconventionally. Ever since, SEOs have started to wonder if moving to HTTPS is the right way to go mainly for SEO reasons. For now, this is a small factor, but Google may strengthen its weight in future. As of now, the value of HTTPS in SEO is this – if 2 pages are exactly the same from all SEO ranking factors while Page A is on HTTP while page B is on HTTPS, page B will rank higher because it’s closer to Google’s mission of “secure internet”.
HTTPS should be for security not for SEO
Given the reason above, HTTPS should be done with website security not purely for SEO. A true HTTPS eCommerce website looks lot more trustworthy to a customer than partially secure websites, which is the traditional norm.
Decided to move to HTTPS from HTTP?
Before a business makes a decision to move from HTTP to HTTPS, its pros and cons needs to be analyzed and a check-list items need to be analyzed preferably in your staging environment before moving the production server urls to HTTPS.
One of the biggest issue of HTTPS is additional increase on Page Load Time due to the added secure layer. If your website already has issues with slow pages, HTTPS will only make it worse. Additional cost and technical expertise to implement and maintain the secure license should also be considered. Once these issues were mitigated, we’re ready to move forward to take your digital marketing from HTTP to HTTPS and the list starts below:
- Technical: Redirect to HTTPS pages by server-side 301 HTTP redirects
- Paid: PPC/PLA: Update destination urls with HTTPS instead of HTTP
- Organic: Update XML Sitemaps, BrightEdge, and others
- Affiliate: Partners would need to update their destination urls
- Social: Update existing links
- MCM: Update urls everywhere from http to https in printed catalogs, brochures
- Analytics: Impact of redirects from http to https and more … This is a separate discussion on analytics on its own.
On SEO Side
- Update the robots.txt file, XML sitemaps
- Don’t block your HTTPS site from crawling using robots.txt
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Change your website’s address in GWMT settings, Bing Webmaster Tools, other SEO and Paid Tools. Register both HTTPS and HTTP.
- All internal links should point to the new HTTPS URLs.
- Ensure that all rel=canonical tags point to the HTTPS version of the URL.
- Apply 301 Permanent redirects to point all HTTP URLs to HTTPS.
On Technical Side
- Implement HTTP Strict Transport Security (HSTS). This response header tells user agents to only access HTTPS pages even when directed to an HTTP page. This eliminates redirects, speeds up response time, and provides extra security.
- Use SSL 2048-bit key certificate
- Handle it like any other migration or server upgrades as snafu can take place anytime.
- Certificate look-up: http://www.ssltools.com/certificate_lookup/
- SSL test: https://www.ssllabs.com/ssltest/
- “cmd” and “tracert” for old-schooler on Windows
Once this long list of tasks have check-marks against it, you ready ready to earn your secure batch throughout your website. Now, you can brag about it for your customers, how secure your site it.
Consider getting a “trust factor” to prove you’re a Secure Site with HTTPS. Congratulations!