BrightonSEO Sep 2015 - HTTPS | Mark Thomas

Anna Morrison
Anna MorrisonDigital Marketing
Google are pushing HTTPS hard.
Why? And, when should you act?
Mark Thomas | @SearchMath
Why push
June 26th 2014
“Individually, the meta data you can gather from
unencrypted sites can seem benign, when you put
it all together it uncovers a lot about my intent and
can actually compromise privacy.” Ilya Grigorik
August 2014
“Making the
internet safer more
Maile Ohye SMX Advanced 2015
HTTPS benefits:
• Authenticates the site
• Grants data integrity for the client
• Gives encryption which is good for the user
“For new and particularly powerful web platform
features, browser vendors prefer to make the
feature available only to secure origins by default.”
August 2014
“Making the
internet safer more
“Over time, we
may decide to
strengthen it.”
“It’s only a very
lightweight signal”
Where are we?
HTTPS & Mobile updates had a
lot to live up to
Growing trend
towards HTTPS
Jan March April May June July August
% Alexa Top 100K Websites on HTTPS (2015), DeepCrawl
Jan March April May June July August
% Alexa Top 100K Websites HTTPS/HTTP, DeepCrawl
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
Why are people experiencing
so many problems?
• Speed - HTTPS runs slower than HTTP
• All resources (JS, CSS, images) need to be on HTTPS.
• Internal links, Sitemaps, canonical tags, robots.txt file and analytics
tracking codes need to be updated to refer to HTTPS version.
• 302 redirects not a clear enough signal that the site has moved to
HTTPS. Google specifically state that 301 redirects should be used.
• Avoid redirect chains – avoid latency
• HSTS not enabled in addition to HTTPS
• Might incur issues with third-party resources (e.g. ad networks)
• Analytics and backlink data could be affected.
• Social shares also need to be migrated/managed to retain social proof
(only Facebook, Google +1 and LinkedIn shares transfer automatically,
although this can still take weeks/months).
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
Verify all site variants in Search Console!
Managing HTTPS migration
When should you migrate?
New Websites: Definitely build on HTTPS
Existing Websites: Migrate to HTTPS when you’re
next planning a domain migration
Build the infrastructure to support
HTTPS during a site
redevelopment for a later URL
Google’s position
+12 Months
BrightonSEO Sep 2015 - HTTPS | Mark Thomas
A more conciliatory tone
“Maybe it makes sense to wait half a year or so until all of
the ad networks I rely on to keep the site running are
ready to handle HTTPS properly.”
August 28th 2015
Where next?
HTTP/2 > HTTP/1.1
What is HTTP/2?
HTTP/2 (originally named HTTP/2.0) is the second major
version of the HTTP network protocol used by the World
Wide Web. It is based on SPDY.
HTTP 1 was designed for webpages with few external
assets. Browsers typically downloaded assets
sequentially, but this wasn’t a problem on lighter pages.
Now most webpages have 50+ resources, which is
difficult for HTTP 1 to handle.
HTTP/2 downloads many resources at the same time,
prioritizes them and supports compressed HTTP headers.
The proposed changes do not require any changes to how existing
web applications work, but new applications can take advantage of
new features for increased speed.
HTTP/2 allows the server to "push" content, that is, to respond with
data for more queries than the client requested.
HTTP/2 enables a more efficient use of network resources and a
reduced perception of latency by introducing header field
compression and allowing multiple concurrent exchanges on the
same connection. It also introduces unsolicited push of
representations from servers to clients.
This specification is an alternative to, but does not obsolete, the
HTTP/1.1 message syntax. HTTP's existing semantics remain
Googlebot did not (as of June 2nd 2015) support HTTP/2
+20% to
Popular sites
using HTTP/2
And finally, the punch line…
“Although the standard itself does not require
usage of encryption, most client implementations
(Firefox, Chrome) have stated that they will only
support HTTP/2 over TLS, which makes
encryption de facto mandatory.”
Thank you
Slides available:
1 of 39

More Related Content

What's hot(20)

HTTPs    Strict Transport Security HTTPs    Strict Transport Security
HTTPs Strict Transport Security
Gol D Roger944 views
vlavrynovych - WebSockets Presentationvlavrynovych - WebSockets Presentation
vlavrynovych - WebSockets Presentation
Volodymyr Lavrynovych1.2K views
Study of httpStudy of http
Study of http
Dhairya Joshi457 views
Active Https Cookie StealingActive Https Cookie Stealing
Active Https Cookie Stealing
SecurityTube.Net3.8K views
Introduction to WebSocketsIntroduction to WebSockets
Introduction to WebSockets
Gunnar Hillert8.8K views
WebSocket protocolWebSocket protocol
WebSocket protocol
Kensaku Komatsu3.7K views
HTML5 WebSocket IntroductionHTML5 WebSocket Introduction
HTML5 WebSocket Introduction
Marcelo Jabali9.3K views
Websockets at tossugWebsockets at tossug
Websockets at tossug
clkao3.5K views
spacecharge1.2K views
V2 peter-lubbers-sf-jug-websocketV2 peter-lubbers-sf-jug-websocket
V2 peter-lubbers-sf-jug-websocket
brent bucci2.1K views
The Evil Friend in Your BrowserThe Evil Friend in Your Browser
The Evil Friend in Your Browser
Achim D. Brucker549 views
Hacking Web Performance 2019Hacking Web Performance 2019
Hacking Web Performance 2019
Maximiliano Firtman1.1K views
Real time webReal time web
Real time web
Dingding Ye2.1K views

Viewers also liked(20)

On-Page SEO for MobileOn-Page SEO for Mobile
On-Page SEO for Mobile
Raven Tools56.6K views
Large Site SEO Architecture - #BrightonSEO 2015Large Site SEO Architecture - #BrightonSEO 2015
Large Site SEO Architecture - #BrightonSEO 2015
Tomas Vaitulevicius21.1K views
Http Vs Https . Http Vs Https .
Http Vs Https .
simplyharshad34.2K views
Beverley Brown Content QualityBeverley Brown Content Quality
Beverley Brown Content Quality
BeverleyAnneBrown12.7K views
Getting Client Buy-inGetting Client Buy-in
Getting Client Buy-in
Liam Hughes12.4K views

Similar to BrightonSEO Sep 2015 - HTTPS | Mark Thomas (20)

Recently uploaded(20)

noraelstela164 views
JaysonGarabilesEspej6 views
Building Real-Time Travel AlertsBuilding Real-Time Travel Alerts
Building Real-Time Travel Alerts
Timothy Spann88 views
Survey on Factuality in LLM's.pptxSurvey on Factuality in LLM's.pptx
Survey on Factuality in LLM's.pptx
NeethaSherra15 views
HiNedHaJar7 views
Journey of Generative AIJourney of Generative AI
Journey of Generative AI
thomasjvarghese4917 views
Federico Karagulian5 views
stuartmcphersonflipm286 views
Microsoft Fabric.pptxMicrosoft Fabric.pptx
Microsoft Fabric.pptx
Shruti Chaurasia17 views
Data structure and algorithm. Data structure and algorithm.
Data structure and algorithm.
Abdul salam 12 views
Introduction to Microsoft Fabric.pdfIntroduction to Microsoft Fabric.pdf
Introduction to Microsoft Fabric.pdf
ishaniuudeshika19 views
How Leaders See Data? (Level 1)How Leaders See Data? (Level 1)
How Leaders See Data? (Level 1)
Narendra Narendra10 views

BrightonSEO Sep 2015 - HTTPS | Mark Thomas

Editor's Notes

  1. This talk is going to focus on HTTPS, the challenges people are facing when migrating and why you should be planning your migration.
  2. Web Search & Chrome Team
  3. Security benefits are clear – public WIFI is inherently risky
  4. August 2014 – Lightweight Signal but May Strengthen Common sense approach – to allow webmasters time to migrate
  5. Common sense approach – to allow webmasters time to migrate Other benefit as highlighted by Moz confirms when traffic passes to an HTTPS site, the secure referral information is preserved rather than stripped away and shown up as “direct”
  6. I’m afraid I’m not going to sensationalise this issue – as tempting as it has been for several commentators. We’re going to take a look at what Google actually had to say, where people are struggling at present, and some pointers to help you make this as painless as possible.
  7. Built with indicates a figure around 6% - slightly different methodology to DeepCrawl but safe to assume somewhere between 6%-9%:
  8. As with any site migration, prepare for a drop in rankings/traffic in the short-term -
  9. Did they forget to move their disavow file when they migrated? I can only conclude that a penalty of this magnitude must have been a Penguin related incident. When you’ve got your disavow file uploaded and you are moving to a new domain, your disavow file is not automatically moved to HTTPS. Therefore, if you don’t upload your disavow file to the HTTPS version of Google Webmaster Tools, it is not taken into consideration and you risk being hit with a Manual Penalty or by Google Penguin.
  10. Here’s a quick selection of issues. It is technically demanding - lots of moving parts.
  11. I’m not sure this was even possible last August.
  12. It's also just a lot of work, and very the best you can hope for is to see no change.
  13. Let’s return to the story, where are we now?
  14. Guilting people into a change 12 months on from a controlled announcement.
  15. You have to take into account that the ad-networks can’t serve everything completely.
  16. HTTP 1 is showing it’s age. Many of us spent countless hours attempting to optimising images and so forth. This will represent a step change – fit for purpose.
  17. SPDY was designed by Google – approved by Facebook
  18. SPDY was designed by Google – approved by Facebook
  19. Has now been passed as an RFC.
  20. Enable HTTP/2 – making the page load times much better but not just for the user but also on the server. Fewer handshakes, fewer sockets, fewer buffers = less memory and workload – decreasing ops costs
  21. HTTP/2 is supported by the most current releases of Firefox and Chrome.
  22. Currently no browser supports HTTP/2 unencrypted.