October 04, 2016
Many site owners have not yet made the jump to HTTPS and HTTP/2, and if you are one of them, I dedicate this post to you. HTTPS secures the connection between a visitor’s browser and the web server, ensuring data is encrypted and protected from intermediary actions. HTTP/2 allows for multiplexing (requesting multiple files at the same time). This significantly improves both site performance and server efficiency. Let’s review the benefits of both of these in further detail.
Benefits of HTTPS
Google has been advocating for a few years to get site owners to migrate to HTTPS. They have run HTTPS Everywhere campaigns, and mentioned it is a ranking signal. Aside from the ranking boost HTTPS provides, Google identifies several important reasons for migration:
Data sent using HTTPS is secured via Transport Layer Security via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption. Encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages or steal their information.
- Data integrity. Data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication. Proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits. Example: AT&T injected ads into sites when people used their hotspots.
HTTPS also has the added benefit of avoiding referral data loss. When a visitor navigates from a secure to an unsecure site, the referral value in the header gets dropped. This results in traffic appearing as ‘direct’ instead of the appropriate referral source. This issue gets compounded with more websites going secure.
I hope by now you are convinced that you need to migrate to HTTPS, but if you’re still on the fence, I trust the next section (Benefits Of HTTP/2) will seal the deal.
Important Tip 1: HTTPS implementations often fail because of improper redirections. You need to be absolutely certain redirections are implemented correctly (avoid daisy chaining redirections) and completely. Mistakes in redirections could have significant impacts to your organic search rankings, which could take months to recover from.
Important Tip 2: Redirections, on aggregate, result in an initial drop off in search traffic. This generally returns/normalizes within a couple of weeks (assuming migration was done correctly). Cueblocks put together a fairly comprehensive checklist for a successful http to https migration.
Benefits Of HTTP/2
HTTP/2 is the first major upgrade to HTTP since 1999 (v.1.1). Let’s pause here for a second…1999. Your website is running off a protocol created in 1991 that has seen it’s last major update in 1999. The demands of websites are dramatically different today than they were in 1999.
Amazon in 1999
Amazon in 2016
HTTP/2 caters to the needs of applications today by offering significant advances in site speed and resource efficiency. The biggest difference between HTTP 1.1 and HTTP/2 is the ability to send several requests in rapid succession on the same TCP connection, eliminating the need for multiple connections between the client and the server. This dramatically increases page load speeds, especially under slower connections (i.e. mobile networks). Faster pages translate to happier visitors, and happier visitors convert more.
John Mueller (Google’s Search Trends Analyst) recommends that if you have a choice to go HTTP/2, go with it. HTTP/2 may not be a ranking signal (yet), however it optimizes site performance which can have an indirect impact to your SEO.
Today’s modern browsers support HTTP/2 however it must be over a secure connection. This is perfectly fine since we already covered why you need to migrate to HTTPS, and I’m confident you will be ordering your SSL certificate right after reading this.
Important Tip: If a visitor’s browser does not support HTTP/2, it will simply downgrade the connection to HTTP 1.1.
If you would like more comprehensive information about HTTP/2, here are two great resources:
HTTPS and HTTP/2 is something you should migrate to sooner rather than later.
A cautionary note for Sitecore users
HTTP/2 support is now available for Windows 10 and Windows Server 2016, however at this time, the latter is not supported by Sitecore. And unfortunately, your current Sitecore installation is likely to be on a Windows Server edition.
To continue, your IT department will block an operating system upgrade until Windows Server 2016 is supported by Sitecore. Why? Most organizations won't run production servers on a client operating system (i.e. Windows 10). If, however, you decide to forge ahead, there are four important considerations to take into account that you can read about here.
Should you have any questions, please feel free to reach out to us, and we can discuss options and any implications. Go forth and delight your audience with a secure and faster on-site experience.