Successfully reported this slideshow.

On The Road To HTTPS Everywhere / BrightonSEO 2017

6

Share

Sep. 15, 2017
6 likes 8,729 views
Upcoming SlideShare
What to Upload to SlideShare
What to Upload to SlideShare
Loading in …3
×
1 of 58
1 of 58

On The Road To HTTPS Everywhere / BrightonSEO 2017

Sep. 15, 2017
6 likes 8,729 views

6

Share

Technology

Find out HTTPS benefits beyond what is generally known and HTTPS usage today. Learn more about TLS, type of TLS Certificates, HSTS and best way to implement HSTS. Step by step HTTPS migration. Discover how some HTTP headers, configuration and check tools can help you during HTTPS migrations.

Find out HTTPS benefits beyond what is generally known and HTTPS usage today. Learn more about TLS, type of TLS Certificates, HSTS and best way to implement HSTS. Step by step HTTPS migration. Discover how some HTTP headers, configuration and check tools can help you during HTTPS migrations.

Technology
License: CC Attribution License

Recommended

More Related Content

Featured

AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
Shorter ER Wait Times
Knowledge@Wharton
Asia's Artificial Intelligence Agenda. MIT Technology Review
Alexander Jarvis
Martin Luther King's Pearl Of Wisdom!
SurveyCrest
Teaching Students with Emojis, Emoticons, & Textspeak
Shelly Sanchez Terrell
Inaugural Addresses
Booz Allen Hamilton
How to think like a startup
Loic Le Meur
32 Ways a Digital Marketing Consultant Can Help Grow Your Business
Barry Feldman
How to Fix the Internet
LinkedIn Editors' Picks
5 major events that shaped 2016
Kotak Securities

Related Books

Free with a 14 day trial from Scribd

See all
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Understanding Media: The Extensions of Man Marshall McLuhan
(4/5)
Free
The Art of War Sun Tsu
(3/5)
Free
Uncommon Carriers John McPhee
(3.5/5)
Free
The Victorian Internet: The Remarkable Story of the Telegraph and the Nineteenth Century's On-line Pioneers Tom Standage
(3.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
The Wires of War: Technology and the Global Struggle for Power Jacob Helberg
(4/5)
Free
System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich
(4.5/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

On The Road To HTTPS Everywhere / BrightonSEO 2017

  1. 1. Aysun Akarsu SEARCHDATALOGY On the road to HTTPS Everywhere @aysunakarsu https://www.searchdatalogy.com/blog/brightonseo/
  2. 2. @aysunakarsu @searchdatalogy #brightonseo 1 HTTPS HyperText Transfer Protocol Secure
  3. 3. @aysunakarsu @searchdatalogy #brightonseo Transport Layer Security Secure Sockets Layer (SSL) Transport Layer Security (TLS)
  4. 4. @aysunakarsu @searchdatalogy #brightonseo Transport Layer Security Authentication Encryption Integrity
  5. 5. @aysunakarsu @searchdatalogy #brightonseo 2 Benefits
  6. 6. @aysunakarsu @searchdatalogy #brightonseo Your content & design Users Experience HTTPS ensures on your site What intruders may provide
  7. 7. @aysunakarsu @searchdatalogy #brightonseo HTTPS protects SecurityPrivacy USERS
  8. 8. @aysunakarsu @searchdatalogy #brightonseo HTTP/2 requires HTTPS
  9. 9. @aysunakarsu @searchdatalogy #brightonseo Brotli requires HTTPS
  10. 10. @aysunakarsu @searchdatalogy #brightonseo Not all but some AMP require HTTPS
  11. 11. @aysunakarsu @searchdatalogy #brightonseo HTTPS enables on the web
  12. 12. @aysunakarsu @searchdatalogy #brightonseo Service Workers require HTTPS
  13. 13. @aysunakarsu @searchdatalogy #brightonseo HTTPS enables Referrer data (from HTTPS sites)
  14. 14. @aysunakarsu @searchdatalogy #brightonseo Google’s mission 3
  15. 15. @aysunakarsu @searchdatalogy #brightonseo “We're committed to making the web a safer place not only for Google users, but for all users. HTTPS makes it difficult for Internet Service Providers, governments and others to watch what you're doing online.” Google
  16. 16. @aysunakarsu @searchdatalogy #brightonseo Motivating HTTPS migration By SEO
  17. 17. @aysunakarsu @searchdatalogy #brightonseo Motivating HTTPS migration By Chrome 1. HTTP2 2. Marking HTTP sites
  18. 18. @aysunakarsu @searchdatalogy #brightonseo Migration dates Top sites
  19. 19. @aysunakarsu @searchdatalogy #brightonseo Among top sites Google was one of the First in Moving to HTTPS Last in Bringing HSTS
  20. 20. @aysunakarsu @searchdatalogy #brightonseo HTTPS on top 100 non Google sites
  21. 21. @aysunakarsu @searchdatalogy #brightonseo Percentage of Web pages loaded by Firefox using HTTPS
  22. 22. @aysunakarsu @searchdatalogy #brightonseo 4 TLS certificates
  23. 23. @aysunakarsu @searchdatalogy #brightonseo Type of TLS certificates Domain Validation Organization Validation Extended Validation By validation level
  24. 24. @aysunakarsu @searchdatalogy #brightonseo Type of TLS certificates By secured domains Single Name https://www.firstsite.com Wildcard https://www.firstsite.com https://blog.firstsite.com https://shop.firstsite.com Multi-domain https://www.firstsite.com https://www.secondsite.com https://www.thirdsite.com
  25. 25. @aysunakarsu @searchdatalogy #brightonseo 5 HSTS HTTP Strict Transport Security
  26. 26. @aysunakarsu @searchdatalogy #brightonseo HSTS Strict-Transport-Security: max-age=31536000; includeSubDomains; preload In seconds Optional (Recommended) Optional
  27. 27. @aysunakarsu @searchdatalogy #brightonseo HSTS chrome://net-internals/#hsts
  28. 28. @aysunakarsu @searchdatalogy #brightonseo HSTS https://chromium.googlesource.com/chromium/src/+/ master/net/http/transport_security_state_static.json { "name": "wikipedia.org", "include_subdomains": true, "mode": "force-https" }, { "name": "www.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" }, { "name": "facebook.com", "mode": "force-https", "pins": "facebook" }, { "name": "twitter.com", "mode": "force-https", "pins": "twitterCom" }, { "name": "www.twitter.com", "include_subdomains": true, "mode": "force-https", "pins": "twitterCom" }, Chrome HSTS preload list
  29. 29. @aysunakarsu @searchdatalogy #brightonseo 6 Before
  30. 30. @aysunakarsu @searchdatalogy #brightonseo Choose well your IT infrastructure
  31. 31. https://istlsfastyet.com/
  32. 32. https://istlsfastyet.com/
  33. 33. @aysunakarsu @searchdatalogy #brightonseo If using SNI Check web servers & browsers support
  34. 34. @aysunakarsu @searchdatalogy #brightonseo Consider HTTP2 https://www.nginx.com/blog/supporting-http2-google-chrome-users/
  35. 35. @aysunakarsu @searchdatalogy #brightonseo Plan only HTTPS migration https://www.seroundtable.com/google-url-structures-https-23084.html
  36. 36. @aysunakarsu @searchdatalogy #brightonseo HTTPS No access to users & bots
  37. 37. @aysunakarsu @searchdatalogy #brightonseo Get (staging) TLS certificate
  38. 38. @aysunakarsu @searchdatalogy #brightonseo Configure (staging) https://mozilla.github.io/server-side-tls/ssl-config-generator/
  39. 39. @aysunakarsu @searchdatalogy #brightonseo Prevent & report Content-Security-Policy: upgrade-insecure-requests; Content-Security-Policy-Report-Only: default-src https:; report-uri /csp-logs Mixed content
  40. 40. @aysunakarsu @searchdatalogy #brightonseo Preserve referrer Referrer-Policy: origin-when-cross-origin Referrer-Policy: origin Referrer-Policy
  41. 41. @aysunakarsu @searchdatalogy #brightonseo Collect data Staging Production Crawl sites Web server logs Analytics tools E.g. Google Analytics Google search console External Links E.g. Majestic
  42. 42. @aysunakarsu @searchdatalogy #brightonseo Analyze data (staging) Urls of the links, web assets on the page Url of the page Scheme (protocol) Tags Canonical Hreflang Meta HTTP Headers Status code Content On each page check
  43. 43. @aysunakarsu @searchdatalogy #brightonseo Analyze data (production) Pages Error Low quality content Orphan Crawl waste
  44. 44. @aysunakarsu @searchdatalogy #brightonseo Prepare Migration section planning (If moving in sections) URL list Mapping Monitoring Update HTTP HTTPS Sitemaps
  45. 45. @aysunakarsu @searchdatalogy #brightonseo SSLLabs https://www.ssllabs.com/ssltest/analyze.html?d=www.searchdatalogy.com
  46. 46. @aysunakarsu @searchdatalogy #brightonseo Mozilla TLS observatory https://observatory.mozilla.org/
  47. 47. @aysunakarsu @searchdatalogy #brightonseo Register (destination site) Google Search Console https://example.com https://www.example.com https://m.example.com (If mobile on the origin) https://fr.example.com (If subdomains on the origin) https://www.example.com/fr/ (If directories on the origin)
  48. 48. @aysunakarsu @searchdatalogy #brightonseo Configure (destination site) Analytics tools E.g. Google Analytics Google search console Urls parameters Geotargeting Disavow Preferred domain Submit sitemaps Replicate origin’s configuration
  49. 49. @aysunakarsu @searchdatalogy #brightonseo 7 Ready ?
  50. 50. @aysunakarsu @searchdatalogy #brightonseo Give users & bots access to HTTPS
  51. 51. @aysunakarsu @searchdatalogy #brightonseo Implement redirects HTTPSHTTP
  52. 52. @aysunakarsu @searchdatalogy #brightonseo Collect & analyze data Web server logs Crawl Production site Analytics tools E.g. Google Analytics
  53. 53. @aysunakarsu @searchdatalogy #brightonseo Update urls Owned media Profile links E.g. Facebook, Twitter, Linkedin Partner sites Ad campaigns
  54. 54. @aysunakarsu @searchdatalogy #brightonseo 8 After
  55. 55. @aysunakarsu @searchdatalogy #brightonseo Collect / monitor / analyze data Sitemaps Production site Crawl Web server logs Analytics tools E.g. Google Analytics Google search console External Links E.g. Majestic
  56. 56. @aysunakarsu @searchdatalogy #brightonseo Implement HSTS Start HSTS max-age=300;includeSubDomains Increase max-age progressively max-age=604800; includeSubDomains max-age=2592000; includeSubDomains Chrome HSTS preload list max-age=63072000; includeSubDomains; preload
  57. 57. @aysunakarsu @searchdatalogy #brightonseo “Protecting less sensitive sites strengthens the protections of more sensitive sites.” https://https.cio.gov/ “The good we secure for ourselves is precarious and uncertain until it is secured for all of us and incorporated into our common life.” Jane Addams
  58. 58. Thank you!

×