HTTPS: How urgent is the transition?
“This site is not secure” – Internet users will get this error message more frequently in the future. With the release of “Chrome 68”, the popular Google browser will point out the alleged vulnerability of websites that are not accessible via HTTPS. How dangerous is this innovation for websites that continue to use the usual HTTP? How urgent is a transition to HTTPS with regard to SEO aspects? And how does adaptation work? The amount of effort involved is reasonable – and it pays off.
What is HTTPS?
In simple terms, HTTPS is what is in front of the URL in the address bar of the browser. When you enter a domain, the abbreviation “https://” will immediately be placed in front of the domain. Sometimes the “s” is missing, and only “http://” is displayed.
HTTP stands for the protocol used to communicate on the Internet. HTTPS is HTTP with added security: The transmitted data are encrypted.
- HTTP = Hypertext Transfer Protocol
- SSL = Secure Socket Layer
- HTTPS = HTTP + SSL (Hypertext Transfer Protocol Secure)
Technically speaking, both of the computers involved in the communication via HTTPS create an encrypted key with which they transfer data. This is followed by the creation of a further public key and is based on a certificate that guarantees the authenticity of the issuer. The content of the information transferred is protected and cannot be accessed from outside. In this respect, HTTPS connections are more secure.
However, what most surfers do not know is HTTP’s range of vulnerability. Because simply calling up a website via HTTP is not hazardous. Security gaps only become relevant when data is transferred via a protocol that is not secure. As a result, websites without any text fields for addresses, passwords or credit card information are generally harmless and do not need a HTTPS connection.
Google wants to make the Internet more secure
Up to now, the Chrome browser displayed a small information symbol on the left next to the address bar for all non-certified pages. When you clicked on the symbol the following error message appeared: “The connection to this website is not secure”. This error message automatically appears for all websites that do not have a HTTP connection, even if the page does not request any user information.
Experienced Internet users generally ignore this error message. However, this warning might frighten the average Internet surfer who will, at worst, click on the back-button: Consequently one less visitor to the website and an increase in the bounce-rate. Google is an Internet authority with a large amount of credibility. A security warning displayed by Google can therefore lead to overreactions in some surfers even if the warning message is uncalled-for.
With the release of Chrome 68 it takes a turn for the worse: The security warning appears exactly between the information symbol and the Internet address, even when the user does not click on the symbol. The warning remains in the address bar for the entire visit. This ought to raise red flags for any Webmaster who values a serious presentation of its services on the Web.
HTTPS and SEO
HTTPS still plays a subordinate role as an official evaluation factor for Google. However, what no Webmaster should underestimate are the psychological aspects that play an important role in particular with inexperienced Internet users. In the long term, this factor can have negative effects. Because the more often users click on the back-button of their browser as a result of ever more conspicuous warning messages, the higher the bounce rate of a site – and this is definitely an important ranking criterion.
Statistics show that Internet users increasingly attach importance to security. The number of call-ups for pages with HTTPS is growing; the number of HTTP pages is diminishing. Even if calling-up a harmless page really cannot cause any damage, being placed in the “fraudulent corner” of the Web cannot be argued away; and there is no doubt that other browsers will follow Chrome’s example. The warning message is especially negative for the first important impression a website makes. One must take action to prevent this from happening.
Acquiring the SSL certificate with little effort
One must first check whether there is any need for action. Many Webmasters do not know that their website already uses HTTPS. It is quite simple to check: Simply enter the full address of the website in the address bar of the browser, i.e., with “https://” before the domain. If the page appears, then everything is fine. If not, the browser will display a warning message.
SSL certificates are already included as additional services in the offers made by numerous hosting providers. Free certificates can also be acquired through providers including Let’s Encrypt. After configuring the certificate on the server one only needs to set the onward transfers. These ensure that the user automatically accesses a HTTPS version when they call up a HTTP version. In a subsequent test run these forms and downloads are tested once more for functionality. If everything goes as planned, the website is displayed as secure in the browser.
With the release of Chrome 68, the new Google browser, Webmasters with SEO ambitions will not be able to shirk away from changing their Internet pages to HTTPS. The effort involved is quite small. For those who prefer to be on the safe side, the solution is to spend time on SSL certificates as a way to gain more security and reduce high bounce rates.