Advice: How to create a secure environment using HTTPS

Google’s Webmaster Central Blog announced that the search engine giant would start using HTTPS as a ranking signal. What does this mean? Basically Google is going to reward websites that offer users a browsing experience that is safe from the prying eyes of third parties.

Traditionally HTTPS is used on e-commerce websites and online banking sites, sites where users are required to enter a username and password to login to an account, or when credit card information is requested. HTTPS equals a safer browsing experience.

So what do you need to implement this on your website to make sure you create a secure environment for users and benefit from the new ranking:

1. Single, multiple domain, or wildcard certificate

Google is asking you to decide which you will use. A single certificate will work for many small to medium online businesses. If you have multiple subdomains then a wildcard (“wildcard” being the prefix to your domain name) certificate, which allows for an unlimited number of subdomains, makes the most sense. For example, if your site holidayhomes.com has regional subdomains of barcelona.holidayhomes.com and valencia.holidayhomes.com, etc then a wildcard certificate may be your gateway to HTTPS. Multiple domain certificates on the other hand are appropriate to businesses using different root or domain names for internet facing services, where you may use both an internal .org and an external .com. Chances are that multiple domains do not apply to you.

2. Switch to 2048-Bit key certificates

If your site uses anything lower than a 2048-bit certificate it becomes a candidate for hacker activity. Keep internet security for your site and its visitors by making this switch. Let your developer know.

3. Use relative URLs for resources residing on the same secure domain

Relative URLs simply take users on a commonsense path to other areas on your site using the base URL. Using relative URLs on the same secure domain lets Google see that your website is secure. Again, let your developer know.

4. Use protocol-relative URLs for all resources residing on other domains

Protocol relative URLs will prevent that IE error message which states “This Page Contains Both Secure and Non-Secure Items – Do You Want to Display the Non-Secure Items?” This error message displays when a resource is requested through HTTP on an HTTPS webpage. This commonly occurs when your other domains (subdomains, etc…) do not link directly to the HTTPS resource.

5. Abide by Google’s site move guidelines when switching from HTTP to HTTPS

When your developer makes the switch make sure that when they do, Google can index and serve your content under your site’s updated URL structure.

6. High-quality content is still the primary ranking factor

Adopting HTTPS is one of the factors to improved ranking, but don’t forget that providing users with high-quality content is still the key to better ranking on Google.

ExoClick introduced HTTPS ad formats on its platform back in March 2014 to create a secure ad browsing experience, click here for more info.

Giles Hirst