What is HTTPS?
HTTP (Hypertext Transfer Protocol) is the communication language (or in technical terms – the protocol) that underlies the communication of the web. When your browser contacts a web server, they speak HTTP to each other. It’s a little like international road sign standards (which is sadly not in use in the US), even though you don’t speak the country’s language you can understand the symbols on the signs on the road. HTTP is how mobile devices, different browsers like Internet Explorer and Chrome, and servers running on different operating systems can all understand each other.
HTTPS is HTTP on top on another protocol called SSL (secure sockets layer), so underneath this common language there is a layer that encrypts the messages that go back and forth on the web. This makes it more difficult for a malicious third party intercepting these messages to use the data for nefarious purposes.
If HTTPS adds more security why isn’t it in more widespread use across the web?
- Providing HTTPS is more expensive. The initial handshake for the TCP connection your browser makes to the web server is more complex for an SSL connection; putting it real simply – there is more back and forth that happens before the connection is established. And with a SSL connection, everything get encrypted; images, scripts etc. This adds overhead to the servers and the connection.
- From a server management side it’s a pain. If you are managing a large set of servers, obtaining and updating the certificates before they expire is a constant task. We’ve all seen the scary messages about expired certificates that the browser will show you if the server is not kept up to date.
- Some virtual hosting does not provide SSL capabilities
- Caching doesn’t work as well. Again this is a consideration for larger shops, but most large scale web operations use caching for performance reasons, which HTTPS doesn’t work well with.
So most sites use HTTPS when either you log in (to protect against your credentials from being snooped) and when you purchase something online to protect your credit card information, but use HTTP for pages that do not collect any personal information. Twitter is a good example. If you go to the site, you will see it switch to HTTPS when you log in.
HTTPS and SEO
So why would there be any SEO considerations on how HTTPS is used on a site? Well, I’ve seen a couple of problems.
- The transition back to HTTP from HTTPS is not clean. So let’s say you are browsing an online catalog and you decide to add an item to your shopping cart and then you start the checkout process which transitions you from HTTP to HTTPS. Then at the last moment, you decide to continue shopping and look at a few more items. In some sites, your browsing will stay under HTTPS. If Google is able to crawl the same path you just took, you might end up with the same page indexed both as a HTTP and HTTPS URL which creates duplicate content in the index that can harm the SEO performance of your site. For some shops this seems to be a difficult problem to solve. One approach is to use absolute links in the source (where the URL is completely spelled out) vs. relative links but I’m sure there are better solutions – which I would love to hear about!
- To avoid this, some shops put their entire site under HTTPS, setting up a 301 redirect so that all HTTP URLs are redirected to their HTTPS versions. Assuming there is no performance issues with this, this would seem like a good idea. While it’s is true that it should solve the duplicate content issue, it’s not a panacea. The problem comes in with the backlinks to your site. Especially if your site was not always using sitewide HTTPS, you’ll find many of your backlinks will use HTTP in the backlink URL rather than HTTPs. It’s just the default that many web users are used to using. Although 301 redirects are one of the best ways to signal Google what the target page should be, we do know that a little bit of link juice does leak out with a redirect. Sitewide this could add up.
Take some time and browse your site and make sure the HTTP/HTTPS transitions from the shopping experience to the browsing experience is clean. And if your site is completely under HTTPS you might want to take a look at your backlink profile and reconsider.