Many organizations and SEOs are still fearful of moving to HTTPS, despite the many benefits of doing so. HTTP/2, a new web protocol is supported through a HTTPS connection only. What is HTTP/2? If you don’t already know, HTTP/2 is the latest update to the HTTP protocol by the Internet Engineering Task Force (IETF). HTTP/2 is the successor to HTTP/1.1, an Internet protocol that has been around since 1999.
If you haven’t already, there are plenty of reasons why your organization should move to HTTP/2, and some of them include tremendous speed, better user experience and most importantly HTTP/2 represents a key factor for better website ranking with Google. But this means that you will have to migrate your website to HTTPS, if you want your website to work on HTTP/2.
HTTP/2 is based on Google’s own protocol SPDY, which was deprecated in 2016. HTTP/2 is touted as the long-awaited refresh, as the web has changed dramatically since 1999. The web protocol is all set to improve efficiency, security and speed.
According to SearchEngineLand.com:
“Google had their HTTPS everywhere campaign, they announced HTTPS as a ranking signal, and they have started indexing secure pages over unsecured pages.”
With this we are seeing a lot of pressure for organizations to move their websites to HTTPS. However, the truth remains that less than 0.1 percent of websites are using the secure protocol.
Data sent using HTTPS is secured via Transport Layer Security Protocol (TLS). TLS provides three layers of protection and this is why Google insists that websites move to HTTPS:
- Encryption: Encrypting the exchanged data to protect it from eavesdropping.
- Data Integrity: Complete protection of data integrity during data transfer. This means that data cannot be modified or corrupted during transfer, intentionally or otherwise without being detected.
- Authentication: Builds user trust and confirms that only “authenticated” users communicate with the intended website.
“Making the switch to HTTPS also helps with the loss of referral data that happens when the referral value in the header is dropped when switching from a secure website to an unsecured website. Analytics programs attribute traffic without the referral value as direct, which accounts for a large portion of what is called “dark traffic.”
The switch also prevents several unwanted website attributes such as ads that are forced upon a website. No one can inject ads into a website using HTTPS.
Does HTTPS Guarantee Protection?
Although most people associate HTTPS with their website being totally protected; this is a mere illusion. HTTPS offers a secured connection. However, secured and protected mean two different things here and one would definitely need to look out for these factors:
- Downgrade attacks
- SSL/TLS vulnerabilities
- Website hacks
- Software vulnerabilities
- Brute force attacks
- DDOS attacks
- Heartbleed, Poodle, Logjam etc.
What Can Go Wrong?
Once you get around to moving to HTTPS, there are still some factors that can go wrong. Here they are:
- Duplicate content seen on both HTTP and HTTPS versions of the pages on a website
- Different versions of the same page showing on HTTP and HTTPS
- Prevention of site crawls
Common problems with HTTPS migrations are the result of improperly implemented site redirects. Again, HTTPS is here to stay. However, newer web protocols such as, HTTP/2, Google AMP and Google’s QUIC protocol require secure connections for web browsers to use them.
If you are concerned about SEO, you should definitely move to HTTPS. Follow our links to Search Engine Land for more info on making the move.