Website Development Using HTTPS

Using HTTPS for your Website Development? If you are not, you should be! Google is telling us not once, but twice that websites should be hosted using HTTPS...

#1 - For several years now Google has said to use HTTPS during website development and hosting of a site. Google's focus is on security, but the hints that HTTPS may be a ranking factor as well is a pretty clear indicator and has gotten many website developers to start using HTTPS.

Reports show that many of the top ranking sites are now using the HTTPS protocol. However, our own tracking has shown very little if any ranking boosts just for switching to HTTPS. I suspect that the reason why the top ranking sites are ranking higher is because their owners care about their rankings and are either hiring SEO experts or have dedicated the necessary time to learn the Search Engine Optimization talents needed to obtain those top rankings.

#2 - The Google Chrome Web Browser has increasingly over time warned users of insecure sites. The release of Chrome 62 scheduled for October was supposed to be showing a non-secure warning on any sites collecting information through forms and what I expected to see is indicated in the image below, but so far I've yet to see a massive change. I'm currently using Version 62.0.3202.75. The worst I've seen is a little circle with an i in that site visitors have to click on to see that the site isn't secure. I won't be surprised if Chrome switches to the more obvious warning shown below in the future.

Interestingly the Chromium Development Calendar while equipped with a certificate is not running the entire the content of the site through HTTPS (at least as of 11/03/17). More about this below.

When we first learned of this promised change in the Chrome browser behavior we quickly encouraged our clients to make the switch, and in many cases we have migrated sites from HTTP to HTTPS. Many of our pleas however fell on deaf ears. I think it will take some time before all of our client's realize that the tide has turned and the majority of sites are now being deployed securely and their sites will soon stick out for not encrypting the site using an SSL Certificate.

Website Development Using HTTPS

So what's involved in developing and hosting sites securely? Well it depends on whether the site is brand new or has been previously deployed using HTTP.

Using HTTPS on a brand new site is much simpler. From day one of testing, purchase an SSL Certificate and deploy it on the server so that all requests are handled securely. This means images, JavaScript, CSS calls, etc, all must be made using an HTTPS path. The example of the Chromium Calendar is a good example of what happens when every element isn't handled properly. Even on new sites though make sure that if someone types in the domain without the HTTPS protocol in front of it that you redirect that request to the correct HTTPS path.

When converting an existing site you have two additional issues...

#1 - You'll have links within the site pointing to HTTP paths. While in theory a redirect will fix this problem, it's sloppy practice to rely on that redirect. This means you'll need to go through all the content of the site and update any internal links, both from header or footer navigation and text or image links within the content. The latter content changes tends to be the most difficult.

#2 - You'll have inbound links from other website, including search engines that link to the site using HTTP. That's why it is critical to put redirects in place, redirecting traffic from http to https. A quick note, we found that URL's that had query's in them weren't redirecting with the query in tact, which of course didn't take the traffic to the correct place. Test thoroughly to ensure success on every page of the site.

A final note: Yes, I realize that at the time of this posting we are still delivering this website over HTTP rather than HTTPS. It's on my to do list, but our client's come first! :-)