HTTP vs. HTTPS - The case for properly implementing SSL and not just forcing it.
So lets go back in time a bit. Google announced they were going to give a ranking bonus for any site that used HTTPS and forced all occurrences of their URLs to it. It didn’t sound right to me at the time because Google usually doesn’t announce things so that for me should have been my first indication that something was odd about this.
As most of you know we own a hosting company as well as a digital marketing agency so it gives us a bit of a leg up on understanding how things are implemented and what their impacts may actually be. Things that sound good on paper sometime in reality are not. And this is one of those items I suppose. So I went to talk to my system admin his first reaction was how it was going to slow up the load time on a site unnecessarily and the have sites that get huge page views a day. So needless to say i had a very unhappy system admin.
I am glad he balked so hard at this because it allowed us to slow down, not just charge into a pool because i was thinking about how we wanted to implement and if the lift would be enough to off set the hardware costs for the busiest of customers and such. So a funny thing happened while i was thinking about this.
As you most of you know i do a lot of lecturing on SEO and in Houston, I have a pretty big following and my classes started having people who had websites that took huge dives in traffic. They came to the class to find out why. As I started to talk about encrypting the website (using SSL), hands starting going up saying that their sites started tanking after the switch to https, in other words, forcing all pages to be encrypted.
The biggest issue was the forcing of the HTTPS and 301 redirecting the main HTTP connection on Port 80 over the the encrypted port on 443. As most of you know Google had discretion as to whether or not they honor a 301. In our experience only 80 percent of the requests get honored and it is why if possible I don’t treat the 301 as a magic cure all for anything i want to do to a website. Rather, we advise making every effort to keep an existing URL in tact and not change it when making any platform type change to a website. This is a very long way to say we decided not to advocate forcing the use of the https switch.
Also what we found is that there was a loss on link juice. People naturally link to HTTP whether they realize it or not. When you say www.seo411.com your browser reads that link and sends it to the unencrypted version of the website, which is standard. Review your link profile and you will see that links are not to your encrypted site site, but rather your standard plain old standby http. So inevitably link profiles were disrupted for a site when a site is unnaturally forced into a HTTPS state.
Needless to say there was a lot of issues and the idea on Google’s part may not have been well thought though.
Well that was were my original post was to stop. I was again as with most things I do, was answering a question I received Friday and I said the the person, thanks for the blog post.
Google must of gained access to my correspondence and displeasure with the entire thing, because I just received an alert saying that they were going to start favoring sites that could be reached via HTTPS. They added a few conditions. They include things like your page has to be coded right; you have to have a valid certificate and a few other techie type things.
This move is at best puzzling. Maybe Google’s departments don’t talk to each other. But by forcing HTTPS on all web pages, it makes websites far slower because each file has to be encrypted prior to delivery. Things that make the web faster, they are slowing down by this move. The other thing that bothers me is that our busier sites will now require a high availability designation or need to be clustered depending on the platform. It’s a lot of extra horsepower and they are somewhat taking the decisions out of the site owners hands by priority indexing the HTTPS version of the site.
I don’t know if any one noticed but Amazon took off their forced HTTPS designation especially during this time of year. And as I tell customers who ask questions: What does Amazon do and that usually will give you the right answer for your question. I this case only the check out process is encrypted as it should be.
Overall, this is an improvement over the previous iteration of the HTTPS credit, but its still putting an big onious on the backs of IT departments to keep websites running quickly especially for mobile, yet encrypting them which intrinsically slow a website down regardless of the processing power.
On my Santa wish list. Being we now have privacy protected can we have our keywords back Mr. Santa Google.. pretty please?