logo-small

10 HTTPS Implementation Mistakes - SEMrush Study

58
Wow-Score
The Wow-Score shows how engaging a blog post is. It is calculated based on the correlation between users’ active reading time, their scrolling speed and the article’s length.
Learn more

10 HTTPS Implementation Mistakes - SEMrush Study

This post is in English
Elena Terenteva
This post is in English
10 HTTPS Implementation Mistakes - SEMrush Study

Moving your website to HTTPS is a not a nice SEO bonus or prerogative of a big business, but it is a must for all kinds of websites. The volume of encrypted traffic is growing year after year and, according to Firefox telemetry, on January 29, 2017, half of all Internet traffic was secure, and that is a big deal.

The significance of this tipping point really can’t be overstated.

Ross Schulman, co-director of the New America Foundation’s cybersecurity initiative (Source).

If your website is still on the ‘dark side,’ you should reconsider your perception of encrypted traffic. In our previous article we talked about HTTPS’ influence and importance: it’s a ranking signal, it’s a trust signal increasing  users’ credibility, and finally, it’s a guaranteed way to protect your website data from certain types of attacks.

Today we are going to talk about mistakes that can occur during HTTPS implementation and ways to fix and avoid them, so if you have already moved your website to HTTPS or are just thinking about it, this article will help you to avoid some of the most common pitfalls.

HTTPS Implementation mistakes

HTTPS Implementation with SEMrush

Is your website secure?

Please specify a valid domain, e.g., www.example.com

All statistical data for this article was obtained during research conducted using the SEMrush Site Audit tool. We collected anonymous data on 100,000 websites in order to find out the frequency of  HTTPS Implementation mistakes. First of all, we should say that only 45% of the websites we analyzed support HTTPS and all data on the frequency of HTTS-related errors was collected during the analysis of those secure domains.

About the SEMrush HTTPS Implementation Report

All the mistakes we've been discussing can be detected by the SEMrush HTTPS Implementation report — a new report available via the SEMrush Site Audit tool. We want to add couple words about the technical realization of this report and the way it can detect you all HTTPS pitfalls.

When detecting errors related to an expired SSL certificate, the SEMrush HTTPS Implementation report doesn't just show you the certificate's expired status, but the date it expired. Moreover, it can help prevent this problem by sending a notification about an upcoming certificate expiration.

certificate's expired status

If a certificate is registered to an incorrect domain name, the report will show the subdomain the certificate is issued for, which will help to quickly discover the problem.

Tanking about server-related issues: report, will provide full information about exact subdomain, which need an upgrade of security protocol (specifying the current version) or implementation of HSTS and SNI support.

Server related mistakes

Speaking of website-architecture-related issues, one the most interesting checks in the report about mixed content detected on a page. The report will find any type of the detected HTTP element, which we extract from tag element. It means that report is available to find and specify literally any insecure element. Considering how time-consuming can me mixed content exploration, this report will definitely become a great helper.

Mixed content

There is also a severity level mark for all errors, which will help you set priorities and work with the most dangerous issues first, then move on to the less important ones.

SEMrush Site Audit

So we can say that these newest implementations, plus the high crawling speed, the 50 additional on-page and technical SEO checks and the friendly interface make the SEMrush Site Audit tool one of the most powerful website auditors available on the market and definitely the best one among SEO suites.

So what do you think? Share your thought about our new report and let us know what HTTPS errors have given you the most trouble as well as how you overcame them.

HTTPS Implementation with SEMrush

Is your website secure?

Please specify a valid domain, e.g., www.example.com

Elena Terenteva, Product Marketing Manager at SEMrush. Elena has eight years public relations and journalism experience, working as a broadcasting journalist, PR/Content manager for IT and finance companies.
Bookworm, poker player, good swimmer.
Share this post
or

Comments

2000 symbols remain
Hi Elena, I have two sites. I want to move these to SSL sites (https) but am concerned it will effect ranking short and long term if it is not done correctly. Do you know of any company which provides this service to a high standard? Its currently on a wordpress platform both sites.
Elena Terenteva
Sunny Sahdev
Hi Sunny! I hope to see dozens of comments from agencies and international SEO consultants here :) Will not recommend anyone publicly - drop me a line on my email
Can you explain more about the importance of HSTS?
We have https implemented across the whole site, but our server does not currently support HSTS.
There is no way a user can visit an unsecure http URL, (everything is set to redirect) or access an http resource.

What extra benefit does HSTS offer in this case?
Elena Terenteva
Nathan Amery
Hi Nathan! The HSTS protocol informs web browsers that they can communicate with servers only through secured HTTPS connections. Let’s say user typed in the address bar name of your website like http://example.com, but HSTS instruct browser to use HTTPS version. HSTS is a protection from downgrade attacks and cookie hijacking. This is a way to secure users from a man-in-the-middle attack.
Marc Hammerschmidt
Thank you about this great article. I wonder what your perspective is on e.g. facebook likes or other social signals?
Facebook likes are sticked to URL, that means http and https make a big difference. Should you send facebook the new https url and loose all previous likes. Or better keep the likes for the old url, because google is keeping this still as ranking signal?
Elena Terenteva
Marc Hammerschmidt
Hi Marc! It can be fixed by HSTS implementation or 301 redirects. Any links to HTTP URLs, including ones from social media, won't be a problem.
Warpul
I use SSL to for my e commerce website and i hope it can help my site more secure
Nirmal Kumar
I too experienced a lot of issues, when I moved my website to Https. Few problems were solved, when I installed the plugin easy Https redirection​.

But, still I lost all my social media shares. ?
Love the article and implementation of infographs and images - catches my interest as well as flow is smooth. Great work
Elena Terenteva
Krishna Teja
Glad to hear, Krishna! Thank you!
Indeed a great article. SSL certificate is essential for any website, and one can buy ssl certificate for free by visiting this url : https://mysslonline.com
Elena Terenteva
Kim John
Thank you, Kim!
очень познавательно и наглядно
Elena Terenteva
nolik
Большое спасибо! Кажется это первый русскоязычный комментарий на нашем блоге :)
Dima Nosenko
Thanks for the useful information.
Elena Terenteva
Dima Nosenko
You are very welcome!
nanank laksono
awesome
Elena Terenteva
nanank laksono
Thank you!
Jhasketan Garud
Hi Elena,
This was one of the most needed article, since "https" implementation has become crucial now. Almost every professional blogger is implementing "https" but lack of knowledge is causing https errors which is adversely affecting the brand and traffic. Thanks a lot of this guide.
Elena Terenteva
Jhasketan Garud
Thanks a lot, Jhasketan! I do hope that this article and our new report will help to deal with HTTPS implementation.
Have a Suggestion?