Successfully reported this slideshow.

BrightonSEO Sep 2015 - HTTPS | Mark Thomas

9

Share

Upcoming SlideShare
HTTPS and YOU
HTTPS and YOU
Loading in …3
×
1 of 39
1 of 39

BrightonSEO Sep 2015 - HTTPS | Mark Thomas

9

Share

Download to read offline

This presentation is going to focus on HTTPS, the challenges people are facing when migrating and why you should be planning your migration.

This presentation is going to focus on HTTPS, the challenges people are facing when migrating and why you should be planning your migration.

More Related Content

BrightonSEO Sep 2015 - HTTPS | Mark Thomas

  1. 1. HTTPS Google are pushing HTTPS hard. Why? And, when should you act? Mark Thomas | @SearchMath
  2. 2. Why push HTTPS?
  3. 3. https://www.google.com/events/io/schedule/session/84d2d68d-a2bc-e311-b297-00155d5066d7 June 26th 2014
  4. 4. “Individually, the meta data you can gather from unencrypted sites can seem benign, when you put it all together it uncovers a lot about my intent and can actually compromise privacy.” Ilya Grigorik
  5. 5. August 2014 “Making the internet safer more broadly”
  6. 6. Maile Ohye SMX Advanced 2015 HTTPS benefits: • Authenticates the site • Grants data integrity for the client • Gives encryption which is good for the user “For new and particularly powerful web platform features, browser vendors prefer to make the feature available only to secure origins by default.” Sounds interesting!!!!
  7. 7. August 2014 “Making the internet safer more broadly” “Over time, we may decide to strengthen it.” “It’s only a very lightweight signal”
  8. 8. Where are we?
  9. 9. HTTPS & Mobile updates had a lot to live up to
  10. 10. Growing trend towards HTTPS 5% 6% 7% 8% 9% 10% Jan March April May June July August % Alexa Top 100K Websites on HTTPS (2015), DeepCrawl 0% 20% 40% 60% 80% 100% Jan March April May June July August % Alexa Top 100K Websites HTTPS/HTTP, DeepCrawl HTTPS HTTP Opportunity
  11. 11. http://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
  12. 12. http://searchengineland.com/google-makes-penalty-mistakes-buffer-story-203591
  13. 13. Why are people experiencing so many problems?
  14. 14. • Speed - HTTPS runs slower than HTTP • All resources (JS, CSS, images) need to be on HTTPS. • Internal links, Sitemaps, canonical tags, robots.txt file and analytics tracking codes need to be updated to refer to HTTPS version. • 302 redirects not a clear enough signal that the site has moved to HTTPS. Google specifically state that 301 redirects should be used. • Avoid redirect chains – avoid latency • HSTS not enabled in addition to HTTPS • Might incur issues with third-party resources (e.g. ad networks) • Analytics and backlink data could be affected. • Social shares also need to be migrated/managed to retain social proof (only Facebook, Google +1 and LinkedIn shares transfer automatically, although this can still take weeks/months).
  15. 15. Verify all site variants in Search Console!
  16. 16. Managing HTTPS migration
  17. 17. When should you migrate? New Websites: Definitely build on HTTPS Existing Websites: Migrate to HTTPS when you’re next planning a domain migration Or, Build the infrastructure to support HTTPS during a site redevelopment for a later URL migration
  18. 18. Google’s position +12 Months
  19. 19. Dealbreaker
  20. 20. A more conciliatory tone
  21. 21. https://www.youtube.com/watch?v=ekvnE4YMeyM#t=23m08s “Maybe it makes sense to wait half a year or so until all of the ad networks I rely on to keep the site running are ready to handle HTTPS properly.” August 28th 2015
  22. 22. http://www.slideshare.net/randfish/onsite-seo-in-2015-an- elegant-weapon-for-a-more-civilized-marketer
  23. 23. Where next?
  24. 24. HTTP/2 > HTTP/1.1
  25. 25. http://www.slideshare.net/rngirard/smx-advanced-2015-seattle-seo-highlights
  26. 26. What is HTTP/2? HTTP/2 (originally named HTTP/2.0) is the second major version of the HTTP network protocol used by the World Wide Web. It is based on SPDY. HTTP 1 was designed for webpages with few external assets. Browsers typically downloaded assets sequentially, but this wasn’t a problem on lighter pages. Now most webpages have 50+ resources, which is difficult for HTTP 1 to handle. HTTP/2 downloads many resources at the same time, prioritizes them and supports compressed HTTP headers. https://http2.github.io/
  27. 27. The proposed changes do not require any changes to how existing web applications work, but new applications can take advantage of new features for increased speed. HTTP/2 allows the server to "push" content, that is, to respond with data for more queries than the client requested. HTTP/2 enables a more efficient use of network resources and a reduced perception of latency by introducing header field compression and allowing multiple concurrent exchanges on the same connection. It also introduces unsolicited push of representations from servers to clients. This specification is an alternative to, but does not obsolete, the HTTP/1.1 message syntax. HTTP's existing semantics remain unchanged. Googlebot did not (as of June 2nd 2015) support HTTP/2 https://http2.github.io/
  28. 28. https://tools.ietf.org/html/rfc7540
  29. 29. https://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2/ HTTP/2 +20% to 30% Quicker HTTP/1.1
  30. 30. http://w3techs.com/technologies/details/ce-http2/all/all Popular sites using HTTP/2 Google.com Youtube.com Twitter.com Google.co.in Google.co.jp Google.de T.co Google.co.uk Google.fr Google.com.br
  31. 31. And finally, the punch line…
  32. 32. HTTP/2 and HTTPS “Although the standard itself does not require usage of encryption, most client implementations (Firefox, Chrome) have stated that they will only support HTTP/2 over TLS, which makes encryption de facto mandatory.” https://en.wikipedia.org/wiki/HTTP/2
  33. 33. Thank you Slides available: @SearchMATH

Editor's Notes

  • This talk is going to focus on HTTPS, the challenges people are facing when migrating and why you should be planning your migration.
  • Web Search & Chrome Team
  • Security benefits are clear – public WIFI is inherently risky
  • August 2014 – Lightweight Signal but May Strengthen
    Common sense approach – to allow webmasters time to migrate
  • Common sense approach – to allow webmasters time to migrate
    Other benefit as highlighted by Moz confirms when traffic passes to an HTTPS site, the secure referral information is preserved rather than stripped away and shown up as “direct” https://moz.com/blog/seo-tips-https-ssl
  • I’m afraid I’m not going to sensationalise this issue – as tempting as it has been for several commentators. We’re going to take a look at what Google actually had to say, where people are struggling at present, and some pointers to help you make this as painless as possible.
  • Built with indicates a figure around 6% - slightly different methodology to DeepCrawl but safe to assume somewhere between 6%-9%: http://trends.builtwith.com/ssl/SSL-by-Default
  • As with any site migration, prepare for a drop in rankings/traffic in the short-term -
  • Did they forget to move their disavow file when they migrated? I can only conclude that a penalty of this magnitude must have been a Penguin related incident.

    When you’ve got your disavow file uploaded and you are moving to a new domain, your disavow file is not automatically moved to HTTPS. Therefore, if you don’t upload your disavow file to the HTTPS version of Google Webmaster Tools, it is not taken into consideration and you risk being hit with a Manual Penalty or by Google Penguin.
  • Here’s a quick selection of issues. It is technically demanding - lots of moving parts.
  • I’m not sure this was even possible last August.
  • It's also just a lot of work, and very the best you can hope for is to see no change.
  • Let’s return to the story, where are we now?
  • Guilting people into a change 12 months on from a controlled announcement.
  • You have to take into account that the ad-networks can’t serve everything completely.
  • HTTP 1 is showing it’s age. Many of us spent countless hours attempting to optimising images and so forth. This will represent a step change – fit for purpose.
  • SPDY was designed by Google – approved by Facebook
  • SPDY was designed by Google – approved by Facebook
  • Has now been passed as an RFC.
  • Enable HTTP/2 – making the page load times much better but not just for the user but also on the server. Fewer handshakes, fewer sockets, fewer buffers = less memory and workload – decreasing ops costs
  • HTTP/2 is supported by the most current releases of Firefox and Chrome.
  • Currently no browser supports HTTP/2 unencrypted.
  • ×