Moving your website to HTTPS is not a nice SEO bonus or prerogative of a big business, but it is a must for all kinds of websites. The volume of encrypted traffic is growing year after year and, according to Firefox telemetry, on January 29, 2017, half of all Internet traffic was secure, and that is a big deal.
The significance of this tipping point really can’t be overstated.
Ross Schulman, co-director of the New America Foundation’s cybersecurity initiative (Source).
If your website is still on the ‘dark side,’ you should reconsider your perception of encrypted traffic. In our previous article we talked about HTTPS’ influence and importance: it’s a ranking signal, it’s a trust signal increasing users’ credibility, and finally, it’s a guaranteed way to protect your website data from certain types of attacks.
Today we are going to talk about mistakes that can occur during HTTPS implementation and ways to fix and avoid them, so if you have already moved your website to HTTPS or are just thinking about it, this article will help you to avoid some of the most common pitfalls.
All statistical data for this article was obtained during research conducted using the SEMrush Site Audit tool. We collected anonymous data on 100,000 websites in order to find out the frequency of HTTPS implementation mistakes. First of all, we should say that only 45% of the websites we analyzed support HTTPS and all data on the frequency of HTTPS-related errors was collected during the analysis of those secure domains.
About the SEMrush HTTPS Implementation Report
All the mistakes we've been discussing can be detected by the SEMrush HTTPS Implementation report — a new report available via the SEMrush Site Audit tool. We want to add couple words about the technical realization of this report and the way it can help you detect all HTTPS pitfalls.
When detecting errors related to an expired SSL certificate, the SEMrush HTTPS Implementation report doesn't just show you the certificate's expired status, but the date it expired. Moreover, it can help prevent this problem by sending a notification about an upcoming certificate expiration.
If a certificate is registered to an incorrect domain name, the report will show the subdomain the certificate is issued for, which will help to quickly discover the problem.
Talking about server-related issues: report, will provide full information about exact subdomain, which need an upgrade of security protocol (specifying the current version) or implementation of HSTS and SNI support.
Speaking of website-architecture-related issues, one the most interesting checks in the report is about mixed content detected on a page. The report will find any type of detected HTTP element, which we extract from tag element. It means that report is available to find and specify literally any insecure element. Considering how time-consuming can me mixed content exploration, this report will definitely become a great helper.
There is also a severity level mark for all errors, which will help you set priorities and work with the most dangerous issues first, then move on to the less important ones.
So we can say that these newest implementations, plus the high crawling speed, the 50 additional on-page, and technical SEO checks and the friendly interface make the SEMrush Site Audit tool one of the most powerful website auditors available on the market and definitely the best one among SEO suites.
So what do you think? Share your thought about our new report and let us know what HTTPS errors have given you the most trouble as well as how you overcame them.