Mark Thomas WINNER of “The Best Search Software Tool” for DeepCrawl.com at EU Search Awards, 2015

1. HTTPS
Google are pushing HTTPS
hard. Why? And, when
should you act?
Mark Thomas | @SearchMath | SEMDays

2. Why push
HTTPS?

3. https://www.google.com/events/io/schedule/session/84d2d68d-a2bc-e311-b297-00155d5066d7
June 26th 2014

4. “Individually, the meta data you can gather from
unencrypted sites can seem benign, when you put
it all together it uncovers a lot about my intent and
can actually compromise privacy.” Ilya Grigorik

5. August 2014
“Making the
internet safer more
broadly”

6. Maile Ohye SMX Advanced 2015
HTTPS benefits:
• Authenticates the site
• Grants data integrity for the client
• Gives encryption which is good for the user
“For new and particularly powerful web platform
features, browser vendors prefer to make the
feature available only to secure origins by default.”
Sounds
interesting!!!!

7. August 2014
“Making the
internet safer more
broadly”
“Over time, we
may decide to
strengthen it.”
“It’s only a very
lightweight signal”

8. https://moz.com/blog/seo-tips-https-ssl

9. Where are we?

10. HTTPS & Mobile updates had a
lot to live up to

11. Growing trend
towards HTTPS
5%
6%
7%
8%
9%
10%
Jan March April May June July August
% Alexa Top 100K Websites on HTTPS (2015), DeepCrawl
0%
20%
40%
60%
80%
100%
Jan March April May June July August
% Alexa Top 100K Websites HTTPS/HTTP, DeepCrawl
HTTPS HTTP
Opportunity

13. http://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/

18. http://searchengineland.com/google-makes-penalty-mistakes-buffer-story-203591

19. Why are people experiencing
so many problems?

20. • Speed - HTTPS runs slower than HTTP
• All resources (JS, CSS, images) need to be on
HTTPS.
• Internal links, Sitemaps, canonical tags, robots.txt
file and analytics tracking codes need to be updated
to refer to HTTPS version.
• 302 redirects not a clear enough signal that the site
has moved to HTTPS. Google specifically state that
301 redirects should be used.
• Avoid redirect chains – avoid latency

21. • HSTS not enabled in addition to HTTPS
• Might incur issues with third-party resources (e.g. ad
networks)
• Analytics and backlink data could be affected.
• Social shares also need to be migrated/managed to
retain social proof (only Facebook, Google +1 and
LinkedIn shares transfer automatically, although this
can still take weeks/months).

23. Verify all site variants in Search Console!

24. Managing HTTPS migration

25. When should you migrate?
New Websites: Definitely build on HTTPS
Existing Websites: Migrate to HTTPS when
you’re next planning a
domain migration
Or,
Build the infrastructure to
support HTTPS during a
site redevelopment for a
later URL migration

28. Google’s position
+12 Months

29. Dealbreaker

34. You can adjust some of the parameters to get different data.
y=p - Daily Pageviews
y=q - Search Visits %
y=r - Daily Reach
y=s - Time on Site
y=t - Global Rank
y=u - Pageviews per user
y=b - Bounce Rate
o=a to o=g - Graph style
r=6y - 6 years
r=6m - 6 months
r=6d - 6 days
http://traffic.alexa.com/graph?w=800&h=600&o=f&c=1&y
=p&b=ffffff&n=666666&r=2y&u=onthemarket.com&u=zoo
pla.co.uk&u=rightmove.co.uk

36. A more conciliatory tone

37. https://www.youtube.com/watch?v=ekvnE4YMeyM#t=23m08s
“Maybe it makes sense to wait half a year or so until all of
the ad networks I rely on to keep the site running are
ready to handle HTTPS properly.”
August 28th 2015

38. http://www.slideshare.net/randfish/onsite-seo-in-2015-an-
elegant-weapon-for-a-more-civilized-marketer

39. Where next?

40. HTTP/2 > HTTP/1.1

41. http://www.slideshare.net/rngirard/smx-advanced-2015-seattle-seo-highlights

42. HTTP/2 Goals
1. User perceivable improvement
in web site performance
2. Work with today’s internet
3. Remain compatible with
existing content

43. What is HTTP/2?
HTTP/2 (originally named HTTP/2.0) is the
second major version of the HTTP network
protocol used by the World Wide Web. It is
based on SPDY.
HTTP 1 was designed for webpages with
few external assets. Browsers typically
downloaded assets sequentially, but this
wasn’t a problem on lighter pages.
https://http2.github.io/

44. What is HTTP/2?
Now most webpages have 50+ resources,
which is difficult for HTTP 1 to handle.
HTTP/2 downloads many resources at the
same time, prioritizes them and supports
compressed HTTP headers.
https://http2.github.io/

46. The proposed changes do not require any
changes to how existing web applications
work, but new applications can take
advantage of new features for increased
speed.
HTTP/2 allows the server to "push" content,
that is, to respond with data for more queries
than the client requested.
https://http2.github.io/

47. HTTP/2 enables a more efficient use of network
resources and a reduced perception of latency by
introducing header field compression and allowing
multiple concurrent exchanges on the same
connection. It also introduces unsolicited push of
representations from servers to clients.
This specification is an alternative to, but does not
obsolete, the HTTP/1.1 message syntax. HTTP's
existing semantics remain unchanged.
Googlebot did not (as of June 2nd 2015) support
HTTP/2
https://http2.github.io/

48. https://tools.ietf.org/html/rfc7540

49. https://blog.httpwatch.com/2015/01/16/a-simple-performance-comparison-of-https-spdy-and-http2/
HTTP/2
+20% to
30%
Quicker
HTTP/1.1

50. http://w3techs.com/technologies/details/ce-http2/all/all
Popular sites
using HTTP/2
Google.com
Youtube.com
Twitter.com
Google.co.in
Google.co.jp
Google.de
T.co
Google.co.uk
Google.fr
Google.com.br

51. Browser support
 Chrome supports HTTP/2. Currently only HTTP/2 over TLS
is implemented
 Chrome for iOS supports HTTP/2
 Firefox supports HTTP/2 which has been enabled since
version 36. Experimental support for HTTP/2 was originally
added in version 34. Currently only HTTP/2 over TLS is
implemented
 Internet Explorer supports HTTP/2 in version 11, but only
for Windows 10. Currently only HTTP/2 over TLS is
implemented
 Microsoft Edge supports HTTP/2
 Opera supports HTTP/2
 Safari 9 supports HTTP/2

52. And finally, the punch line…

53. HTTP/2 and HTTPS
“Although the standard itself does not require
usage of encryption, most client implementations
(Firefox, Chrome) have stated that they will only
support HTTP/2 over TLS, which makes
encryption de facto mandatory.”
https://en.wikipedia.org/wiki/HTTP/2

54. Thank you
Slides available:
@SearchMATH