4. #SMX #24A3 @patrickstox
HTTPS Everywhere
https://www.youtube.com/watch?v=cBhZ6S0PFCY
HTTPS as a Ranking Signal
https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html
HTTPS by Default
https://webmasters.googleblog.com/2015/12/indexing-https-pages-by-default.html
6. #SMX #24A3 @patrickstox
Securing Your Website With HTTPS
https://support.google.com/webmasters/answer/6073543
Google Wrote A Guide To Help
7. #SMX #24A3 @patrickstox
HTTP to HTTPS: An SEO’s guide to securing a website
http://searchengineland.com/http-https-seos-guide-securing-website-246940
I Also Wrote A Guide To Help
11. #SMX #24A3 @patrickstox
Top Ranking Sites Are Adopting
@methode is Google Webmaster Trends Analyst Gary Illyes
Dr. Pete Meyers of Moz ran a test and showed over 30% of first
page results were secure in June 2016.
https://moz.com/blog/https-tops-30-how-google-is-winning-the-long-war
13. #SMX #24A3 @patrickstox
Authentication
This is who I’m supposed to be talking to
Data Integrity
Who is messing with my stuff
Encryption
Who is listening
What Does TLS Offer?
14. #SMX #24A3 @patrickstox
When going from HTTPS > HTTP, referral data is dropped. HTTPS
> HTTPS, HTTP > HTTP, and HTTP > HTTPS DO pass the value.
This accounts for a lot of what people call “Dark Traffic” and “Dark
Social”. Switching to HTTPS fixes some of these attribution errors.
Without this referral data, the traffic looks like it’s direct traffic.
Referral Data
HTTP HTTPS
HTTP Yes Yes
HTTPS No Yes
15. #SMX #24A3 @patrickstox
Read any of the guides out there. They make it sound so easy
because it can be.
Moving To HTTPS Is A Website Migration
16. #SMX #24A3 @patrickstox
Let’s Encrypt
https://letsencrypt.org/
Hosts are offering them
CDNs are offering them
Free Certificates
18. #SMX #24A3 @patrickstox
Single Connection. Only one connection to the server is used to
load a website, and that connection remains open as long as the
website is open. This reduces the number of round trips needed to
set up multiple TCP connections.
Multiplexing. Multiple requests are allowed at the same time, on
the same connection. Previously, with HTTP/1.1, each transfer
would have to wait for other transfers to complete.
Server Push. Additional resources can be sent to a client for future
use.
HTTP/2 – So Much Goodness
19. #SMX #24A3 @patrickstox
Prioritization. Requests are assigned dependency levels that the
server can use to deliver higher priority resources faster.
Binary. Makes HTTP/2 easier for a server to parse, more compact
and less error-prone. No additional time is wasted translating
information from text to binary, which is the computer’s native
language.
Header Compression. HTTP/2 uses HPACK compressions, which
reduces overhead. Many headers were sent with the same values in
every request in HTTP/1.1. CloudFlare saw a 30% reduction in size.
HTTP/2 – Even More Goodness
21. #SMX #24A3 @patrickstox
• For every 100ms decrease in homepage load speed, Mobify's customer base saw a
1.11% lift in session based conversion, amounting to an average annual revenue
increase of $376,789
• For every 100ms decrease in checkout page load speed, Mobify's customers saw a
1.55% life in session based conversion, amounting to an average annual revenue
increase of $526,147
• Shoppers browse more on faster mobile websites
• An increase of one pageview per user results in a 5.17% lift in user based conversion, i.e.
for each additional page viewed per user, Mobify saw their average customer's annual
revenue increase by: $398,484
Mobify’s Mobile Test
23. #SMX #24A3 @patrickstox
What if you’re a website who makes money by sending people from
your website to another website? Affiliates, Directories, Niche
Magazines.
You need that referral data to prove your value!
Referral Data – Didn’t We Say This Was Good?
24. #SMX #24A3 @patrickstox
Hard Mode
Load balancers, CDNs, legacy infrastructure, legacy software,
multiple CMS systems, routing, APIs
Moving to HTTPS, a new CMS, bringing in outside domains, new
taxonomy, new content, killing old content, redirects, redirects,
and more redirects
Moving To HTTPS Is A Website Migration
25. #SMX #24A3 @patrickstox
There’s a difference between getting it done and getting it done
correctly.
There’s some hard choices that people aren’t willing to make like
changing providers, upgrading systems, or just killing off things.
Is It Harder For Bigger Companies?
29. #SMX #24A3 @patrickstox
They looked at accessibility via HTTP and HTTPS, redirects, and
status codes.
• 1 in 10 websites had what they considered a flawless HTTPS setup.
• 60% of the websites tested have no HTTPS whatsoever (increasing to over 65% when
taking into account websites with errors in SSL setup).
• Almost 1 in 4 domains were missing a canonical HTTPS version.
• Almost 1 in 4 domains were using 302 (temporary) redirects instead of 301
(permanent) redirects.
• Even Google can’t be bothered to use permanent redirects and uses temporary
redirects (HTTP status code 302) instead.
LinksSpy Analyzed 10,000 Top Domains
32. #SMX #24A3 @patrickstox
Injection
Happens all the time with hotel chains, airlines
and ISPs.
AT&T Injecting Ads
http://webpolicy.org/2015/08/25/att-hotspots-now-with-
advertising-injection/
Comcast blocking VPN Traffic
https://blog.wjd.io/comcast-blocks-vpn-traffic
Comcast again Injecting Ads ------------
34. #SMX #24A3 @patrickstox
Think what could happen when a country controls the data.
i.e. The Great Firewall
Injection Is Scary Enough, Censorship Is Terrifying
35. #SMX #24A3 @patrickstox
Did you know GitHub was DDoS attacked. The attackers hijacked
HTTP connections and rewrote the Baidu tracking code with
malicious JS that attacked two GitHub projects that focused on
Chinese anti-censorship.
http://www.infoworld.com/article/2903533/security/github-still-recovering-from-massive-
ddos-attacks.html
Or How About Attacks?
36. #SMX #24A3 @patrickstox
Many Apps Send Data Over HTTP
They ask for so many permissions and then they do something like
this. It’s one of the most terrifying things I’ve seen in my life.
37. #SMX #24A3 @patrickstox
But more than likely your data was already stolen in one of the
many data breaches:
https://haveibeenpwned.com/
Sending Your Data Openly is Scary