What is it?
HTTPS pages typically use one of two secure protocols to encrypt communications – SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
As the names suggest, the ‘private’ key should be kept strictly protected and should only be accessible the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.
In laymen’s terms, what is communicated over the internet between the webserver and your device (PC, Smart phone, tablet) is encrypted. See image below.
Types of SSL
- Standard
- Extended
Consumer Benefits
- Consumer confidence, server authentication allows users to have some confidence that they are talking to the true application server. Without this guarantee, there can be no guarantee of confidentiality or integrity.
- Data confidentiality means that eavesdroppers cannot understand the content of the communications between the user’s browser and the web server, because the data is encrypted.
- Data integrity means that a network attacker cannot damage or alter the content of the communications between the user’s browser and the web server, because they are validated with a cryptographic message authentication code.
Technical benefits
- Adds Referrer Data – The referrer data from traffic passing from a secure HTTPS site to an unsecured HTTP site is routinely stripped away, only showing up in your analytics reports as ‘Direct’. However, if you add an SSL certificate to your site, you will be able to access referrer data on all of your incoming traffic, whether it comes from an HTTPS site or an HTTP site. That is, from everyone except Google.
- SEO boost, Matt Cutts of Google mentioned that HTTPS sites will see a boost in ranking over non HTTPS sites. SSL deters spammers from setting up secure sites and Google will
Cost / Risk
1. Technical
- CDN. The CDN needs to support the SSL too.
- Mixed content. All of your internal links should start to use https, not just to pages, but for images, JavaScript, CSS, etc. This means going through your theme with a fine comb and cleaning all of those up.
Risk: Low
Solution: Ensure that the site content is properly addressed. - Speed. HTTPS requires a little more overhead on all transferred data to your visitors. This can result in slower loading speeds.
Risk: Low
Solution: Reduction in speed is negligible - Content Security policy. Should be implemented to prevent cross-site scripting (XSS) and related attacks.
- Cookies. If a site uses HTTPS, you should also set the scope and secure attributes on any cookie to prevent it from being sent to a non-HTTPS page.
2. Marketing Risk
- Social shares will be lost.
Solution: 301 redirect plus editing the Social Attribute button - SEO traffic lost, even with 301.
2-6 weeks impact even with 301
Check back next week as we share the different marketing tactics that will be affected and some of the solutions that we recommend putting in place.