How to Use Google's New HTTPS Report to Boost Your Rankings
.jpg)
Google has recently announced that they will be adding a new HTTPS report to Search Console. This report will let you know how many pages of your site are served over HTTPS and if any SSL errors occurred on these pages. The report is not yet available in the latest version of Search Console but Google has said it will be available soon. In the meantime, it is expected to roll out in early December 2017, so there's no time like the present to get ready to use it! This guide will tell you everything you need to know about using this new report as soon as it's available.
What is an HTTPS report?
HTTPS stands for Hypertext Transfer Protocol Secure, and it provides a secure connection for all web traffic sent between your site and users. In the past, before HTTPS became the default protocol for browsers, some older browsers and insecure networks would request connections over HTTP, which is less secure. With many modern browsers defaulting to use only encrypted sites by enforcing the use of SSL certificates in their search bars, sites that rely on HTTP connections instead of HTTPS will likely be left behind. So what is an HTTPS report? It's a report in your Search Console account that can be used to determine whether or not your site has an SSL certificate installed, as well as how it affects search engine ranking. The report also helps you evaluate whether you should buy an SSL certificate or move to https:// pages. If you have one, then you'll want to get the reports with data from last month and compare them with this month. For example, if more than 50% of your URLs now use HTTPS instead of HTTP, then you'll want to make sure that there are no errors present in your setup-in other words, no mixed content issues-and take appropriate steps if needed. If fewer than 50% are using HTTPS after adding support for it last month, consider implementing HTTPS on any new pages or posts created going forward. That way you won't have this problem again next year when this becomes part of Google's page rank algorithm update! There are several things you can do to implement HTTPS across your website without having any mixed content issues:
1) Replace redirects from HTTP pages to HTTPS with permanent redirects
2) Add full subdomains for each domain (e.g., www and non-www)
3) Update internal links across the site to point at HTTPS versions of those pages. Remember: don't force existing users who access the old versions via a HTTP referer (e.g., hyperlinks outside of your domain), but rather show those visitors alternative versions automatically where possible
4) Get rid of old files on disk like images, scripts, stylesheets, etc...that aren't encrypted or being served over TLS/SSLSSL.
The Anatomy of an HTTPS Inspection
When a user loads your website, they will either be served the encrypted version of your website or an error message. A reason for this may be due to outdated plugins or other code that needs updating. The new report in Google Search Console lets you know if the search engine is not able to access encrypted pages on your site, and thus cannot index them for crawling or ranking purposes. You can use this report as a checklist for securing your web properties by confirming that all of the sub-domains are set up with HTTPS encryption as well. If any of the sub-domains are not setup with SSL encryption, this tool can help identify which ones need updated and which ones should be removed altogether. Just go to the Security Issues tab, then click Encryption Issues under Severity and you'll see a list of any problematic URLs that require fixing. Once those have been fixed, submit another request through Search Console to rescan your site for more accurate data.
In order to get full visibility into the performance of your website across different browsers and devices, it's important to track HTTPS errors across both desktop and mobile versions of websites. We recommend checking these boxes so that you're notified when something goes wrong: Security issues, Insecure Content, Missing HSTS Policy, Insecure Redirects, and Failed Logins. These alerts allow you to quickly scan your website for potential problems. For example, one recent alert we received was about an insecure redirect on our blog page. Upon investigation, we found that the redirecting URL had previously contained some personal information about one of our staff members and had now been changed to remove that info. It was a simple fix! Had we not set up monitoring for HTTP 404 status codes, this could have gone unnoticed and caused serious security concerns.Wh ichever type of content you manage, from articles to videos to images, it's important to ensure that users are accessing your content over a secure connection. According to a study conducted by Comodo and cited in the Nielson Netratings 2014 Global Media Report, only 58% of viewers watched video clips on YouTube over a secure connection. That means nearly half were watching over an unencrypted connection. Without proper encryption between their browser and YouTube's servers, there is no way for users' traffic - including passwords and sensitive information - to remain private or protected from hackers or eavesdroppers. By turning on HTTPS, you are ensuring that your visitors are safe and your rankings won't suffer.
In addition to encrypting the traffic, implementing a 301 redirect ensures that the old address (the unencrypted version) still works while sending any visitors to the new secured address. This means that you don't lose SEO benefits or rank even though you've moved to a secured domain.
Don't let sloppy security cause irreparable damage to your business or your customers' safety. Implement a basic set of guidelines and monitor how these protections improve both your rankings and your customer experience.
What are the best practice tips for your site?
1. Install SSL Certificates on Your Site.
2. Audit the List of All Third-Party Resources.
3. Check the Page Load Time (HAT).
4. Verify Mobile Compatibility (CHTML).
5. Review HTTP Headers for Caching Control and Performance Factors for Pages on your Site (DHEXP).
6. Eliminate Unnecessary Redirects in the Header Connection Section of your Configuration File for Nginx, Apache, IIS and LiteSpeed Web Servers . 7. Remove unused files from your server directory (such as directories, images or other unneeded pages) to reduce the load time of your site.
8. Enable Gzip Compression on Your Server if You're not Already Doing So
9. Optimize Images by Optimizing File Size and Optimizing JPG Quality .
10. Reduce image resolution so that visitors with slow connections have a faster page load time
11. Evaluate the JavaScript Libraries You Are Using and Ditch Any Unused Ones
Why should you care about this new report?
Privacy and security is the new currency of the internet. More than half of all global online transactions now occur over secure, encrypted channels—a strong indicator that people are starting to demand more trust from their technology providers. It’s becoming a good time for an SEO-minded website owner to stop guessing and know if they have a secure website or not. In late September 2018, Google added a new report into its search console that shows you whether your site supports SSL (HTTPS) or not. If it doesn't, you're missing out on a major ranking signal that can help boost your traffic as well as protecting visitors to your site.
The latest HTTPS report helps webmasters understand which of their sites aren't following best practices by providing visibility into how many pages on their domain use HTTP vs. how many use HTTPS, which links point to HTTP vs. those pointing to HTTPS, which subdomains use HTTP vs. those using HTTPS and much more! If you're curious about whether or not one of your pages might be vulnerable because it has mixed content errors or improperly configured redirects leading away from the page - this is where you should go look first!
And last but not least - any red Mixed Content warnings in this view? Yep! You'll find these at the bottom of the warning, so scroll down and see what needs fixing before we make our way back up to see what other issues may exist. We recommend enabling Automatic Redirect Rules in your Search Console settings. You'll want to add specific rules that automatically convert any requests made with http:// to https:// within the same subdomain. We've created a basic rule below:
If http matches anywhere in request, replace http with https
Wherever http appears in request URL path, replace http with https. Then configure your server to enforce redirects and log the original URI of the request so that it can keep track of when requested URLs are successfully redirected.
Let's go ahead and take a look at another example from my company, Influencer Marketing Hub . Here I'm going to select Domain > Security Summary > Pages Using Unsecure Protocols and here you'll notice under Subdomain Home Page/Pages Without Secure Protocol/Unencrypted Response is set to Yes for both cases. When I click through I get two different views showing me both responses for this particular site. One uses HTTP while the other uses HTTPS protocol. Now that you have the ability to check, you'll also want to verify that your HTTPS connection is properly configured. There are a few things you should check, such as:
Are there any warnings in the row titled Mixed Content? These messages show that your site includes assets or scripts from a location where the page is delivered via HTTP. A few examples of what could cause these messages include images and scripts loaded from external sources, including analytics tracking codes and third party advertising code. This usually happens when developers forget to change them from HTTP to HTTPS after configuring them for their production environment. Such mistakes allow others to monitor user activity on your site, which is not ideal.
When should you start implementing these strategies?
Since Google is using HTTPS as a ranking signal, any site that has not converted needs to start today if they want their site to rank in the future. We recommend upgrading first and foremost, then making sure all content on your site is secure. If you have e-commerce, it is imperative that you make sure your website transactions are made over HTTPS. One way you can guarantee the safety of transactions is by using a hosted payment solution such as PayPal. The security and verification process of PayPal protects both buyers and sellers in the event of fraud or theft while also giving added credibility for e-commerce sites as a trustworthy merchant. If you're thinking about adding an SSL certificate, there are plenty of free trials available so you can try before you buy! The two most popular options for hosting payments on e-commerce websites are Shopify Payments and PayPal. These are highly reputable providers with many features, but how do you know which one will work best for your company? To help answer this question, let's take a look at some specific considerations:
First off, Shopify Payments offers many different ways to integrate payment processing into your online store—including via credit card terminal—which makes it perfect for established businesses with brick-and-mortar locations who need to handle physical transactions.
Second, PayPal offers Payflow Link which is an advanced API specifically designed for mobile checkout processes. Unlike Shopify Payments, PayPal supports quick response (QR) codes and Apple Pay—ensuring that no matter what device a customer is on, they'll be able to complete the transaction seamlessly. But wait...there's more! Not only does PayPal offer competitive rates for international customers, but also helps streamline taxes through simple tax rules (i.e., Value Added Tax (VAT)) - something other providers cannot provide. And because PayPal gives merchants access to its powerful reporting capabilities, retailers can stay on top of sales trends throughout the year with ease. There are many factors to consider when choosing a provider; therefore we suggest you speak with our team to find out what would be best for your business based on your unique situation. What should I do now?: Make sure your site has upgraded to HTTPS before anything else.
When will this new report be available?
Google will be rolling out a new report starting April 18, 2019. It should show up in search console within the next few days. The report is designed to help you identify the status of your website’s security and offers ways for making it more secure. It also helps users identify sites that are experiencing connection errors because of a TLS protocol mismatch between the browser and server. The new report is significant because Google has announced that they will change their ranking algorithm and weight site’s with stronger SSL certificate higher than those without. They have not yet given a date on when this will happen but most believe it will be by December 2020.
Maintaining an SSL Certificate through Search Console is an easy way to ensure your rankings don't suffer in the future. To get started, navigate to Security Issues > Insecure connections or Mixed content blocking. You'll see a list of all pages which may have insecure connections or mixed content warnings. Clicking into each individual issue will give you tips on how to fix the problem as well as tell you what level (A-F) it is at based on severity. Once these issues are fixed, simply run another scan and let Google know by clicking 'Solve Issue'. If all goes well, these fixes should protect your site from future changes in Google's algorithm! And if you're still unsure about implementing HTTPS/SSL, look no further than your competitor:
Highlighting Site One above as an example, we can see that every single page they rank highly for has Secure Sockets Layer (SSL) installed. Clearly prioritizing security has helped them maintain their spot at the top of the results page. You've got nothing to lose and everything to gain - especially now that there's finally a report just for this very purpose! So start protecting your site today! Head over to your Search Console and make sure you're running regular scans. When a vulnerability is found, use the aforementioned reporting tool to fix it. When done, repeat the process until no vulnerabilities remain before rerunning your last scan again to submit your findings back to Google! Remember that maintaining an SSL Certificate through Search Console is an easy way to ensure your rankings don't suffer in the future so start taking care of this ASAP! With that said, it doesn't matter where you're at currently in terms of security. Whether your site already uses SSL or you haven't gotten around to installing one yet, checking for these potential problems is always a good idea. A lot of businesses neglect checking their domains against Censys due to its long set-up time and steep learning curve - but I'm here to say that adding Censys to your routine might just save your business' website in the long run! All things considered, if something is worth doing once then it's worth doing right every time. So invest some time into getting Censys set up and avoid any potential headaches down the line while boosting both visitor experience and online presence!
Additional Resources
Now that Google has released a report of their newest improvements, it is more important than ever to keep an eye on your site's security. We are excited to announce that our free, third-party tool SiteLock has now been made available for all customers through the Search Console, allowing you to monitor and fix any discrepancies before they lead to serious consequences. SiteLock is your first line of defense against hackers, malvertising attacks, and accidental exposure of confidential data. Here are some steps you can take today:
1) Sign up for SiteLock and install it on your website through the Search Console 2) Monitor real-time alerts from our plugin when it detects something out of the ordinary 3) Restore any confidential or sensitive information at the first sign of intrusion
.jpg)
Posts
