Migrating to HTTPS: The Risks To Be Expected, The Benefits To Be Expected
Migrating to HTTPS: the risks to be expected, the benefits to be expected. Google is pushing websites to adopt a more secure protocol on all of their pages. Mr. Kamran, an SEO expert at Digital Age, shares his technical advice for a successful operation.
It's a fact, Google is trying to force websites to switch to HTTPS. Its engine promises an SEO bonus for pages in HTTPS and its browser has started to generate new alerts when certain pages do not use encryption. But migrating to this secure protocol can be complex. What are the problems that await the sites? Advantages ? Are the consequences in SEO always beneficial? Do some sites need to hurry more than others? JDN asked these questions to three SEO consultants, all technical experts.
An SEO Boost, Really?
Google announced in August 2014 that HTTPS pages would benefit from a small SEO bonus. Have SEO professionals been able to observe the promised bonus? "You should not expect to have much better SEO performance by opting for HTTPS", warns Madeline Pinthon, SEO consultant at iProspect. "There is no systematic progression for sites passed to HTTPS. When we observe one, it is barely visible. And if there are more and more HTTPS results on the first page, it's because more and more sites have switched to HTTPS, "she argues.
The Résonéo agency was able to carry out several migrations to HTTPS, "and we have never seen anything transcendent in terms of SEO progress", says Aymeric Bouillat,
Serge Esteves, SEO / Inbound consultant, within his company CreaPulse, evokes a "slight boost", which he considers as "significant". And according to this specialist, "it is quite possible that this boost will be more important in the future". There is also what he calls an indirect SEO impact. When a user sees on Chrome that he arrived on a site that is not secure enough, he can go back to Google's results to find another better secure one. "Google will take this signal of dissatisfaction into account. And this will have a negative consequence on the position of the insecure page in the results," says the CreaPulse consultant.
Google Favors HTTPS For Indexing
Google also announced it , and this is clearly observable in its results: its indexing now favors HTTPS. This means, he explained, that if the same content can be accessed with an HTTP URL and an HTTPS URL, he will "usually" choose to index the HTTPS URL.
"Google tries to crawl sites by HTTPS by default, which can have significant consequences," observed Aymeric Bouillat. "For example, one of our customers had a site accessible in HTTPS, but external resources ( CSS , JS ,…) were called in HTTP. The secure site took the place of the non-secure site on request of the brand name in SERPs . But since non-HTTPS resources were not loaded, it was a blank page with black-on-white text, without any stylesheets, that was indexed. "
Benefits To Look Beyond SEO
Consultants' opinions therefore do not invite to motivate a migration exclusively for SEO. There are other reasons, however, that could lead to launching, not to mention that developments (for Progressive Web Apps for example) may also require the secure protocol. Obviously, among these reasons, safety immediately comes to the mind of Serge Esteves, but also the brand image.
Indeed, what should we think of a site that will generate security alerts on the browser? "The little green padlock that appears when pages are in HTTPS will always be more reassuring for the user. Especially if it is an e-commerce site," he noted. Moreover, for this specialist, switching to HTTPS should be "obvious for merchant sites". They even have "an interest in hurrying to migrate to HTTPS, because they will be precisely the first to be marked as insecure on Chrome", thinks the consultant. As for the other sites, "they must also prepare for it" because in the end "all non-HTTPS pages will generate alerts on Chrome".
Technical Concerns To Avoid
Switching pages to HTTPS corresponds to a site migration. So "like any migration, it should not take place at critical moments. For example, an e-commerce site should not decide to change the protocol during the sales period," recalls Madeline Pinthon. " The technical problem most often encountered during migrations", noted for his part the specialist Aymeric Bouillat, "it is that of redirect chains, and the fact of making Google discover irrelevant intermediate URLs . For example , an old 301 redirectmust redirect directly to the correct URL in HTTPS, and not to the old URL in HTTP, then the correct URL in HTTPS. So be careful to update your existing redirects. At the same time, we will not forget that the presence of a canonical URL in HTTPS facilitates the digestion of migration by Google. "
Duplicate URL Issues
As long as all the redirects are taken into account, there is a period during which Google will deal with duplicate URLs: a first URL in HTTP not re-crawled, and a second URL in HTTPS with the same content. "For sites with a large volume of URLs, this can cause a temporary drop in traffic: up to 15 to 20% for several days," warns the consultant of Résonéo. "This is why I generally recommend not to immediately include the XML sitemap of the secure site in the Search Console , in order to allow Google to directly discover secure URLs via 301 redirects, and not via the site's crawl in HTTPS or its sitemap, in order to minimize this temporary duplication. "
The Prices To Pay
Regarding the costs of migrating to HTTPS, these vary in particular according to the different types of certificates, recalls Madeline Pinthon: "Not all sites need an EV (Extended Validation) type certificate. A DV ( Free Domain Validation) may suffice. In any case, you must verify the validity of the certificate so as not to be blocked by a browser or firewall. "
In addition, switching to HTTPS is often accused of slowing down sites. What Madeline Pinthon confirms because " HTTPS requires additional negotiations between the client and the server, and this can penalize the speed of the site. But performance can be greatly improved with HTTP2 or SPDY, protocols that can be implemented place after migrating to HTTPS… "
Last important point, if it is necessary to pass to SSL , it obviously should not be done too hastily. "Migrations made in an emergency may be more harmful than a" not secure "mention in the URL bar," recalls Aymeric Bouillat. "And sometimes there is much better to do to improve your SEO than going to HTTPS. For example, to think that going to a site in JS , difficult to crawl to HTTPS would bring any gain would be to put a bandage on a wooden leg."