Back when I wrote the article, “Why Everyone Should Be Moving To HTTP/2,” it was meant to bring awareness to an awesome protocol upgrade that I thought was an easy win to make a website faster.
Since then, I have spoken to hundreds of business owners and SEOs about upgrading, performed dozens of upgrades and troubleshot dozens more. I have realized that there is still one big hurdle for both business owners and SEOs: HTTPS. The gotcha moment with HTTP/2 is that most browsers only support this new protocol over a secure connection, which means you have to migrate your website to HTTPS.
It shouldn’t come as a shock to anyone that Google and many others want the web to be more secure. Google had their HTTPS everywhere campaign, they announced HTTPS as a ranking signal, and they have started indexing secure pages over unsecured pages. They even have their own guide, “Securing Your Website With HTTPS,” which I encourage everyone to read, along with this article.
Yet with all of this push towards a more secure web, the fact remains: Less than 0.1% of websites are secure.
It seems like everyone is trying to make it as easy as possible to switch by removing barriers to entry, such as cost. Let’s Encrypt offers free certificates (Sidenote: I am very amused that Google Chrome has the only nofollow on their paid sponsorship link after being called out.) Many website hosts and CDNs are also offering free security certificates to encourage people to make the switch, but many people still aren’t moving.
Why move to HTTPS?
Google identifies several reasons to switch to HTTPS in their website migration guide:
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.
Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
There are other benefits, though, including the Google ranking boost previously mentioned.
Making the switch to HTTPS also helps with the loss of referral data that happens when the referral value in the header is dropped when switching from a secure website to an unsecured website. Analytics programs attribute traffic without the referral value as direct, which accounts for a large portion of what is called “dark traffic.”
The switch also prevents a lot of bad things, such as when AT&T was injecting ads into their hotspots. They would not have been able to inject these ads on a website with HTTPS.
Comments