From January 2017, as part of a drive to implement higher levels of security across the web, Google will commence a long-term plan to mark any site running on a HTTP connection, as opposed to HTTPS, as not-secure. So what does this mean for your website and should you migrate to HTTPS now?
The first phase of Google's roadmap will see it clearly labelling websites that collect passwords or credit card information through a non HTTPS connection as 'not-secure' within its Chrome browser.
While this should have little effect on your website in the short-term, over time this could have a negative effect on a user’s experience as well as raising doubts in their mind as to the level of trust they can extend to your brand. Negative implications for brand reputation are likely to deepen as Google extends HTTP warnings beyond collection of passwords or credit card details.
For now, what users will receive is a visual 'not-secure' alert in their address bar. Although subtle to begin with, this will become more obvious in subsequent Chrome releases. Eventually, Google plans to label all HTTP pages as not-secure, and change the HTTP security indicator to the red triangle that it uses for broken HTTPS. More detail can be found on Google's Security Blog.
Google is also using security through the setup of HTTPS as a ranking signal in search engines, which while in the words of Google is only a ‘very lightweight signal’ they may over time decide to strength it. Using HTTPS across your website is generally viewed by Google as a positive factor and may provide a ranking boost.
So does this mean you should migrate to HTTPS right away?
According to Google, a substantial portion of web traffic has transitioned to HTTPS so far, and HTTPS usage is consistently increasing. More than half of Chrome desktop page loads are now served over HTTPS. In addition, since the time Google released its HTTPS report in February 2016, 12 more of the top 100 websites have changed their serving default from HTTP to HTTPS. It's clear that in the long-term, HTTPS is the way the web is going.
However, this doesn't automatically mean that it's the right time to migrate your site to HTTPS. Challenges involved in site migration have inhibited HTTPS adoption for several years and although it is now easier to migrate than ever before, there are still potential pitfalls to be aware of, such as a potential negative impact on SEO performance and ranking, as well as ad performance and revenue during large site migrations. However, checks and balances can be implemented to safeguard performance throughout the migration process.
Migrating for security reasons makes a lot of sense but be prepared to follow, what for large websites can be a lengthy process, to ensure full site compliance. It is also crucial to ensure that your servers can deal with the change. HTTPS encrypts all the communications between your browser and the web server which requires additional steps to HTTP. This can lengthen the time it takes for data to be sent and received, so you need to ensure that your servers can handle these additional steps without undue lag. After all, site speed currently impacts ranking far more significantly than HTTPS.
Nevertheless, much work has been done around improving how HTTPS works at the server level and most current technology should be more than capable of processing the extra workload.
In Google's view the additional benefits to setting up HTTPS can outweigh any potential negative impact. These include the best performance the web offers and powerful features that benefit site conversions, including both new features such as service workers for offline support, web push notifications, and existing features such as credit card autofill and the HTML5 geolocation API that are too powerful to be used over non-secure HTTP.
For a comparison of HTTP and HTTPS page load times head to http://www.httpvshttps.com
Google’s advice is to act now before further changes are rolled out. Our advice would be to consider your options carefully and think about what you need to do to prepare for a migration to HTTPS somewhere down the line.
To help understand how Google’s change in policy could affect you and to put plans in place now to avoid any possible negative impacts, contact Netcel on 01727 736020 to talk through your options