22 May 2017

7 things you need to know about migrating to HTTPS

HTTPS continues to generate a lot of ink. A lot of information has been circulated on the subject: some are true, others less so. Here are a “top 7” of things to know about HTTPS:

Migrating to HTTPS won’t necessarily slow down your site

Certainly, a secure connection (HTTPS) can take longer than a clear connection (HTTP) and thus negatively impact the user experience.

But there are solutions to optimize HTTPS connections. In this regard, I invite you to read our article “ 4 key optimizations to speed up HTTPS ”.

Note: Establishing a TLS (formerly SSL) connection, called a “TLS handshake,” can require multiple round trips between the server and the browser. Fasterize has optimized its server configuration to require only one round trip to establish a TLS connection: an optimization that benefits all of our customers.

Certificates and their installation are not always overpriced

There are different ranges of SSL certificates, from simple certificates to Extended Validation certificates, which comply with the strictest validation process. Among the different existing certificates, you will find in particular:

1. - so-called “simple” certificates (single domain) which secure a single domain (suitable for sites that do not have subdomains of the type “subdomain.yoursite.com”)
  - “Multi-domain” certificates that secure multiple domains. The cost of this usually varies depending on the number of domains you want to secure.
  - “wildcard” certificates that secure all domains linked to a given domain (suitable for sites with multiple subdomains, for example *.mysite.com)

The arrival of Let’s Encrypt has made SSL certificates more accessible, both in terms of cost and ease of deployment.

Here is some help to help you choose the right certificate .

SEO gain is limited

Google announced in 2014 (yes, already!) that HTTPS sites would benefit from a minimal “SEO bonus”.

Reading “HTTPS as a ranking signal”: http://t.co/nEjcGhm8bJ
— Matt Cutts (@mattcutts) August 7, 2014

Since then, several studies have been conducted to determine the impact of HTTPS on SEO and they all agree to confirm the minimal aspect of the gain (such as the analysis of searchmetrics or the testimony of Madeline Pinthon, SEO consultant in the JDN . HTTPS is therefore not (for the moment) the great-new-SEO-saving-criterion-of-Google! It could even have the opposite effect in the case where the website is poorly configured. Technical and brand image benefits There are, however, other reasons that should finally convince you to switch to HTTPS. Branding Since the end of January 2017, HTTP sites have been singled out by Google Chrome and Firefox:

So obviously:

“the little green padlock that appears when pages are in HTTPS will always be more reassuring for the Internet user. Especially if it is an e-commerce site”

Aymeric Bouillat

SEO consultant at Résonéo

Technical innovations

Switching to HTTPS allows you to take advantage of the latest browser features (such as Brotli compression, HTTP/2, and service workers). This is particularly useful for progressive web apps.

Google Analytics “(not provided)” keywords remain “(not provided)”

We have all experienced the switch to “(not provided)” in Google Analytics (and the frustration that goes with it).

While we might have thought that by switching a site to HTTPS, the percentage of “(not provided)” would have decreased*, this is not the case. In fact, the referrer, which allows web analytics tools to indicate the source of a visit, is transmitted from an HTTPS page to an HTTPS page (but not from an HTTPS page to an HTTP page). However, Google has chosen to have Internet users pass through an intermediary page.

Thus, only traffic from an AdWords campaign contains this information. Sites that exclusively practice SEO will continue to make do with “(not provided)”.

AdSense ads may generate less revenue on HTTPS than on HTTP

Google has updated the AdSense ad code so that HTTPS sites can also serve SSL/TLS compliant ads.

But there’s a downside: HTTPS sites require all content on the page, including ads, to be secure. That’s why ads that don’t support SSL/TLS will no longer be able to compete on AdSense. This will reduce the pressure on the auction, which can lead to lower AdSense revenue.

HTTPS doesn’t protect you from all security issues

By migrating to HTTPS, you protect the connection between your browser and your server, which is already an important element. But this does not mean that you are protected from all security issues.
FREAK (2015) and DROWN (2016), vulnerabilities in the encryption of SSL/TLS connections, are proof of this. was also made public earlier this month.
So you must continue to be vigilant.

Although migrating to HTTPS is not (yet) mandatory, it is still strongly recommended by all web professionals, particularly for sites that exchange confidential data (bank cards, passwords, member areas, etc.).
HTTPS is in fact widely acclaimed by web players such as Let’s Encrypt , Google, Firefox and WordPress .

Want to migrate to HTTPS?

Check out the guide to migrate to HTTPS

Get a free diagnosis of your site's loading times!

Published by

Emilie Wilhelm

See the articles

Partagez !

Discover other articles…

Monthly UK Web Performance rankings – Most visited mobile sites

Monthly ranking of the most visited websites in the uk: travel, media, ecommerce. Based on Vitals Core Web, metrics that evaluate several aspects of your

…

1 Apr 2025

Benchmark

Webperformance

Customer Experience / UX

Ranking

Explore past rankings – The evolution of UK’s fastest mobile sites

We archive all webperf rankings to keep track of your positions.

1 Apr 2025

Retail Technology Show: Join us on April 2 & 3 in London

We’re thrilled to announce that Fasterize will be making its debut at the Retail Technology Show, held on April 2nd and 3rd at ExCeL London,

…

27 Mar 2025

Fasterize news