Even if you arenโt familiar with it, you probably recognize HTTPS โ Itโs that little string of letters you see at the beginning of most URLs these days. If youโre using an Internet browser like Chrome or Firefox, itโs probably accompanied by a padlock symbol or something similar.
It should look like this:
HTTPS stands for Hypertext Transfer Protocol Secure. Itโs an extension of the Hypertext Transfer Protocol (HTTP), which is the foundation for all data communication on the Internet.
In this article, weโll explore what HTTPS is, why it matters for SEO, and what you can do to enable it on your website.
Before we get into what HTTPS is and how you can enable it, letโs do a refresher on HTTP so you have some understanding of why itโs important.
Put simply, HTTP is a system for sending and receiving information (data) across the Internet. Communicating across the Internet is always an exchange of information between a web client, such as an Internet browser, and a web server.
A web server is a combination of software and hardware dedicated to serving client requests online โ you can think of it as a big computer that has files and software stored on it for the purpose of serving up websites to users.
When you arrived at this website, your Internet browser requested the web server that hosts the website to send data, which was then sent and rendered to you through your browser. All this requesting and responding occurs via the protocol for Internet communications: HTTP.
MDN Web Docs (Mozilla) uses a simple diagram to explain how this works:
Today, when your browser connects to a website, it can do so using either HTTP or HTTPS depending on whatโs enabled on the websiteโs server. But, if you connect via HTTP and not HTTPS, youโll probably get a notification that says your connection is โnot secure.โ
Thatโsโ because HTTP isnโt an encrypted protocol. Anyone monitoring your session can read your requests to the web server and its responses. If youโre sending sensitive information like a password or social security number through that connection, a bad actor could potentially pick it up and use it for malicious purposes.
This is why your browser might warn you when youโre using an insecure connection:
To make that connection secure, all data being sent to and from the web server needs to be encrypted. Thatโs where HTTPS comes in.
As we noted, the โSโ in โHTTPSโ stands for โsecureโ โ itโs the secure version of HTTP. This protocol uses Transport Layer Security (TLS), a cryptographic protocol, to keep communications between your browser and a web client private. Most HTTPS protocols used to use the Secure Sockets Layer (SSL) cryptographic protocol, which was the predecessor of TLS.
When your website is secured with HTTPS, if anyone is monitoring communications between the web server and client, theyโll only see useless encrypted data. This makes HTTPS a safe protocol to use when sending sensitive information over the Internet.
As you can imagine, most website owners want to have HTTPS enabled so that their users know they are safe in using their website. Allowing users to send data over an insecure connection could be catastrophic for some companies and their customers. Can you imagine what would happen if it turned out that a bankโs customers were doing all their online banking through an insecure website?
But HTTPS is also important for any other type of website. Even if you donโt accept login information or other sensitive data from your users, you should still enable HTTPS. Itโs the right thing to do for your users, and there are SEO benefits as well.
From a technical SEOOptimizing the server and website structure to improve search engine crawling and indexing. perspective, we just need to turn to Google to understand the importance of HTTPS.
In 2014, Google announced that it would be giving a ranking boost to websites that use HTTPS. In their own words, this would be โa very lightweight signalโ that would only give websites a relatively small benefit. They even said this signal carries โless weight than other signals such as high-quality content.โ
But, more importantly, Google shortly thereafter proposed that web browsers mark websites that donโt use HTTPS as โnot secure.โ Since then, most browsers have taken up this proposal, which is why you get prompted when you enter a website that doesnโt use HTTPS.
This can have a devastating effect on your traffic and your click-through-rates. Nobody wants to use a website that has been marked โnot secure,โ regardless of whether they plan to transmit any sensitive data. Furthermore, some browsers will block users from entering an insecure website before they can even see the content, prompting them to hit the โbackโ button just to stay safe.
There are other SEO benefits to using HTTPS, too.
For one, you can get more data about where your traffic is coming from. Traffic sent from a secure HTTPS site to an insecure HTTP site has its referralA user who visits a merchant's website through an affiliate's link. data stripped away, according to Moz. That means all that traffic is listed as โdirectโ traffic, so you canโt tell where it was referred from.
HTTPS is also a huge trust factor for Internet users and other webmasters. People will be more likely to share and link to a secure website than an insecure one.
To enable HTTPS, you need a valid SSL certificate. This is a small data file that binds a cryptographic key to your website, or even a string of domains under your ownership.
You used to have to purchase SSL certificates separately. But if you built your site using certain website building applications, such as Squarespace or Shopify, it probably generated an SSL certificate for you. You should already have HTTPS enabled.
Similarly, if your website hosting is managed remotely by a major hosting provider like Bluehost, GoDaddy, HostGator, DreamHost, etc. you may already have an SSL certificate as part of your hosting package. That means HTTPS should already be enabled.
If it isnโt but should be, you should contact your hosting provider. If you still have HTTP and you donโt have an SSL certificate as part of your website package, youโll have to buy one.
Getting an SSL Certificate is relatively easy. You may be able to buy one directly from your hosting provider if they havenโt issued you one already. For example, GoDaddy has a purchasing page dedicated solely to selling SSL certificates.
But you donโt have to go straight to your hosting provider, as their prices might be high. You can also buy a certificate from third-party sources known as Certificate Authorities (CA).
There are even some non-profit CAs that offerThe specific product or service being promoted by affiliates. SSL certificates for free. Sites like Letโs Encrypt, SSL For Free, and Cloudflare all offer free SSL certificate options.
Manually configuring an SSL certificate takes several steps, and it requires you to install the certificate on the origin server where your website โlives.โ
If you pay for managed hosting services, ask your hosting provider to configure your SSL certificate for you.
This is usually the best route if you donโt have the technical know-how to do this yourself or if you only have limited access to your server. Whatโs more, if you configure your certificate incorrectly, it could prevent users from finding your website.
If you decide to do this yourself, keep in mind that web hosting control panels and CA login dashboards vary. These are the basic steps youโll need to follow:
If youโd like to verify your certificate, just click on the security icon in your browser (the padlock):
Then, click on โCertificate,โ and you should see details about your SSL certificate, such as which CA it was issued by, who it was issued to, and for how long the certificate is valid.
Thatโs it. Youโre secure!
Remember, configuring a certificate incorrectly could make your website insecure, which defeats the purpose of enabling HTTPS in the first place. If you donโt know how to do this yourself, rely on a developer or your hosting provider to do it for you.
Bliss Drive can help, too. Contact us now to talk about how you can keep your website secure and improve your search rankingsThe position at which a website appears in the SERP. at the same time!
Enjoyed this article? Read next: Mobile SEO: A DIY Guide to Optimize for Smartphones in 2021