Google has long been an advocate for an initiative known as "HTTPS Everywhere". This is a push by the company to have all websites adopt HTTPS – a protocol for secure communication over the Internet. [[endteaser]] By doing so, this shift should help to prevent potential security breaches. Additionally, it provides site visitors with a more protected connection than the common HTTP protocol.
Last month, Google issued an update for its Chrome browser as part of this initiative. Starting with Version 50, only sites using HTTPS can retrieve a visitor's geographic location. Google’s decision was one more step to keep their users’ data secure, including information about where they are located. This update only affects desktop versions of Chrome for now. However, technology industry analysts expect mobile versions to follow suit with the "HTTPS Everywhere" push.
The move by Google to mandate HTTPS for its browser has been somewhat controversial. Nevertheless, one cannot ignore Google’s existing market share with the Chrome browser. Reports consistently show it is the most globally used browser by Internet users. This statistic also likely means that more websites will migrate to the HTTPS protocol over time. Google made a bold move in this direction this month, bringing heightened security to all Blogspot domain blogs.
While it is not essential that your site use HTTPS instead of HTTP, the benefits of doing so are steadily increasing. I personally think it is important to know as much as you can on the subject, so you can make an informed decision.
Background Information on the Protocol
By default, data sent between a browser and a server using the HTTP protocol is not encrypted. Hence, it is possible for a hacker to view the flow of information between a website and the browser. In certain cases, a hacker can use the vulnerability to execute a “man in the middle attack.” This is an attempt to gain sensitive information sent to the server. Hackers can also use this type of attack to change the content sent to the browser.
The HTTPS protocol alleviates this problem by encrypting the data traffic flow between the browser and the server. No one “listening” will be able to decipher the information because of the encryption.
Industries, such as banking and healthcare, were the first to add the HTTPS protocol. They need to deal with sensitive information – medical and financial records. Thus, sites in the travel industry did not initially require this level of security.
And as you’ve probably seen, more and more devices are now connected to the Internet. Consumer products like smart light bulbs and Wi-Fi-enabled appliances also use HTTP. These products in the "Internet of Things" category now require this connection to communicate. The need to secure all this information has also led to a widespread call for HTTPS adoption.
Future-Proofing Your Site for HTTP/2
The Internet Engineering Task Force (IEFT) last updated the HTTP protocol in 1999 (HTTP1.1). Since then, it has shown limitations in keeping up with the Web’s evolution. IEFT published the next version - HTTP/2 - in May of 2015. With it comes a multitude of performance, security and capability enhancements to existing sites.
A cornerstone of HTTP/2 is the use of secure domains via HTTPS. Non-secure domains will not be able to leverage this technology at all.
Simpleview’s developers are eager to offer support for HTTP/2. The ability to further improve load times and take advantage of these new features is extremely exciting to our team. By switching to a secure domain, your website will be ready for this change and all the other benefits it has to offer.
Enhancing Your SEO Return with HTTPS
In 2014, Google announced that moving to an HTTPS connection boosts a site's ranking. While the bump is minor compared to having high-quality site content, it’s still fairly relevant.
It is also important that Google will regularly reconfigure its ranking algorithms. They have said they may strengthen the relevance of HTTPS for ranking.
"But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
While this is only speculation, it has definite backing. The change to Chrome's settings could easily coincide with a ranking algorithm change.
How to Prepare for an HTTP to HTTPS Conversion
The first step to convert your site from HTTP to HTTPS is contacting your Web development team, such as Simpleview, and letting them know you are interested. Upon doing this, they will take important steps with your assistance, including:
- Getting you a new security certificate and applying it to your site.
- Ensuring there is no negative impact on your SEO efforts. Because of your site’s previous logic, they may need to update information in your robots.txt file to ensure certain URLs are not blocked. This also would include 301 redirects to point all HTTP URLs to HTTPS, as well as any canonical tags.
- Reviewing all of your third-party integrations to make sure they work with your heightened security. Examples that are common on tourism industry sites include embedded widgets from review sites, such as TripAdvisor, and widgets from booking engines.
It is certainly apparent that Google considers HTTPS to be a critical focus and fundamental to basic Internet security.
With that said, it is not imperative that you transition your website to this secure protocol today. Any site using HTTP will continue to work well in all modern browsers, including Chrome.
However, I do think tourism organizations should be preparing for a future where HTTPS becomes the standard, especially considering Google’s move to prevent non-secure sites from accessing their visitors’ location data.
In the meantime, please feel free to keep watching our blog for updates we might issue related to this developing trend.
Additional Resources on HTTPS
- HTTP vs. HTTPS - This is a speed test that shows how fast a website on an HTTP connection loads compared to one using HTTPS.
- Support Documentation from Google - As Google is leading the charge for “HTTPS Everywhere”, they have information about the protocol on their Support site. Helpful data about the added layers of protection can be found here.