HTTP vs HTTPS: Why should I switch to HTTPS?

A common question for website owners is, “what is the difference between HTTP and HTTPS and how does it impact my website?” As a leading creative & digital agency, we understand the benefits of HTTPS from a security and trust perspective to SEO and data integrity.

This guide will answer common questions about HTTPS and how you can benefit from using it for your website.

What does HTTPS mean?

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP. It is the protocol over which data is sent between your web browser and the website to which you are connected. If a website is hosted on HTTPS and has a valid SSL certificate, all communications between your browser and the website are encrypted.

HTTPS is commonly used to protect confidential online transactions such as online banking or online purchases but it also has other benefits; meaning more and more websites are making the transition.

To use HTTPS, you will also need a valid SSL (Secure Sockets Layer) certificate for your website.

HTTPS Checker

There are multiple ways to check if a website is secure and has a valid SSL Certificate.

One way is to input the domain into an SSL checker. In most cases, the URL in your browser will also show either HTTPS if the site is secure, or a padlock symbol.

HTTPS can be shown in many ways across different browsers. Generally, you will see a green “secure” sign or padlock next to the URL in the address bar as seen below.

What are the benefits of HTTPS

1. Encryption – With the data exchange between your browser and the website being encrypted, no-one can track activities across multiple pages or steal your information
2. Data Integrity – This prevents data from being corrupted or modified during transfer without being detected
3. Authentication – This validates that users are communicating with the intended website. Not only does this build user trust, but it also prevents intruder attacks, which is beneficial to any business
4. SEO and Google Rankings – In 2014 Google announced that websites on HTTPS could receive a ranking boost. Since then we are seeing HTTPS sites taking precedence on Google organic search results
5. Better Google Analytics Referral Data – If a website which is secure refers traffic to your site which is not secure, Google Analytics will not correctly track this data. It can compromise the integrity of your data and cause the referrals to be shown as direct traffic. Having your site on HTTPS however, will ensure you know which secure sites are also referring traffic to your domain.

How to change from HTTP to HTTPS

There are no negative impacts of changing your website from HTTP to HTTPS providing the transition is done correctly and seamlessly. For more information on executing, view Google’s guide on site moves and for Google’s guide on best practice when securing your site with HTTPS.

Follow these steps for how to change to HTTPS:

1. Buy an SSL Certificate – Free SSL certificates can be obtained via Let’s Encrypt. There are 3 primary types to choose from:

• Domain validation – Single domain or subdomain, no paperwork (just email validation), cheap, issued within minutes
• Business/organisation validation – Single domain or subdomain, requires business verification which provides higher level of security/trust, issued within 1-3 days
• Extended validation – Single domain or subdomain, requires business verification which provides higher level of security/trust, issued within 2-7 days. Company name in green in address bar

2. Install your SSL Certificate (more information on installation can be found here)

3. Update all hard-coded links to HTTPS

4. Update custom JS, Ajax libraries to HTTPS – Check domain for non-secure content using this online tool

5. Add 301 Redirects to new HTTPS URLs – Ensure this is done correctly to keep SEO benefits. Providing these are done correctly it will ensure that majority of existing SEO link equity is passed through

6. Update robots.txt file

7. Install SSL Certificate on CDN

8. Update origin URL on CDN

9. Enable HTTP/2 support on CDN

10. Update all hard-coded CDN links to HTTPS

11. Create new Google Search Console Profile, create and submit new sitemap

12. Update and resubmit your disavow file if you have one

13. Update Google Analytics profile URLs by navigating to the following locations:

• Admin -> Property Settings -> Default URL.
• Admin -> View Settings -> Website’s URL.

Where can I get help with making my website secure and on HTTPS?

If the process seems overwhelming and too difficult for you to execute, have no fear, we are here to help. Contact Torpedo with any website, digital or creative needs and leave the rest to us.