Switching from HTTP to HTTPS is a delicate operation, but it can no longer be postponed today. SEMrush photographs the most common mistakes, which can have a devastating impact in terms of SEO and visibility on the search engine. Switching from HTTP to HTTPS has become an increasingly pressing need for all websites.
HTTPS is not simply a plus in optimization practices, but it is an essential factor that Google recommends considering; a “must” for all those who manage a business relying on the Internet.
In this post, SEMrush sheds light on the most common mistakes when switching to HTTPS, a delicate operation that cannot be postponed anymore. By transforming a site’s old HTTP pages into HTTPS pages, you will not only earn some points in the eyes of Google by optimizing your search results ranking (SERP), but you will also improve your reputation in the eyes of visitors.
All the main web browsers have begun to indicate with the indication Not safe those websites which, although containing login forms (with the insertion of a username and password), still use the HTTP protocol, therefore without resorting to a digital certificate valid and ultimately to any form of encryption: Secure site on Chrome and Firefox, what does.
The use of HTTPS, however, is not only a positioning factor but also a tool to guarantee that the information exchanged between client and server (and vice versa) cannot be intercepted by third parties (think of authentication credentials, credit cards, personal data, etc.).
What Are The Most Common Mistakes When Switching From HTTP To HTTPS?
SEMrush informs us that it has reviewed over 100,000 websites, and only 45% support HTTPS.
Always use HTTPS for pages that require usernames and passwords—maximum attention to any mixed content. Also, according to SEMrush, 9% of websites analyzed require passwords to be entered on unsecured pages (HTTP), and 50% of websites analyzed have mixed content problems.
When loading an HTTPS page, the webmaster must make sure that all the elements that compose it and that are called through tags present in the page itself use references, in turn, to HTTPS addresses. Otherwise, the browser will evaluate the page as potentially unsafe, and the Safe indication will disappear from the address bar.
Therefore, each page must verify that the contents (including images, tags for displaying advertising, references to third-party services, …) are constantly retrieved using an HTTPS URL.
When switching to HTTPS, replace the references to HTTP pages and do not use different versions for pages served via HTTPS. One of the most serious but, at the same time, most common errors is to keep both the HTTP version and the HTTPS version of the site active.
SEMrush found that the HTTP home page does not match the HTTPS version in 8% of the websites analyzed (excluding those that support HSTS).
“This can cause several problems, including competing pages, lost traffic, and poor SERP rankings ,” SEMrush specialists note. “Also, 5.5% of HTTPS sites have HTTP URLs in their sitemap.xml “. We add that the correct way to manage the transition from HTTP to HTTPS is to perform a permanent redirect (301) from the old pages to the new ones by creating an updated sitemap with all the new ones’ URLs. If you have not used relative links, you will need to update (perhaps by acting directly at the database level) all the references to the HTTP pages.
Keep An Eye On The Validity And Expiration Date Of The Digital Certificate
Regarding the SSL/TLS certificate used to establish a secure connection between server and browser, SEMrush found that 2% of websites analyzed have expired SSL certificates, and 6% use SSL/TLS certificates registered to a domain name incorrectly. In the article, we explained what a digital certificate is.
There are different digital certificates, but they must be issued by an internationally recognized authority and trusted by all web browsers. Anyone who does not want to spend a penny to acquire a valid digital certificate can contact Let’s Encrypt and then install it on their web server:
- Get a free HTTPS certificate (SSL/TLS) for IIS on Windows Server
- How to enable HTTPS on your Linux server
Some providers, such as Aruba, allow you to activate the digital certificate even on hosted services without intervening on the server-side configuration: Obtain a free HTTPS certificate (SSL/TLS) for IIS on Windows Server. From the domain name’s administration panel, it is possible to activate an automatic redirect from HTTP to HTTPS.
Finally, SEMrush verified that 86% of the websites analyzed do not support HSTS ( HTTP Strict Transport Security ). This technology allows the web server to declare that browsers and any other type of client should communicate with it exclusively through connections secure on HTTPS protocol (helpful to protect against session hijacking). “Since this technology is quite new and browsers started supporting it not too long ago, it’s not a big surprise ,” commented the SEMrush experts.