Are you secure enough for Google?

Millions of pounds can ride on where a website is positioned in search results, so when Google announces changes to their ranking algorithms it's reason to sit up and take notice. A recent blog post from Google's security team, that the implementation of HTTPS on a site will start to influence its visibility in searches, has been widely received as a positive step. But what is HTTPS, and why should you care about it?

What is HTTPS?

At its most basic level, HTTPS is a way of encrypting the communication between your browser (e.g. Internet Explorer, Chrome, and Firefox) and the websites you visit.

When visiting a normal site, your browser sends requests for pages to the webserver in "plain text". This means that if there was someone spying on what gets sent between your computer and the servers which run the website you're looking at, they'd be able to read the information about which pages you request, and the content of the page that gets sent back.

Diagram showing web traffic without HTTPS encryption

This isn't normally much of an issue when browsing sites like BBC News and Wikipedia, as you're not sending personal information and the information on the websites is open to everyone. However, on sites where personal data is being transferred from your computer to a website (such as ecommerce payment pages, online email and social media networks) you definitely don't want your information being available for anyone to intercept and read!

This is where HTTPS comes in. It allows all communication between your browser and web servers to be encrypted, so that any third parties who happen to intercept the data see gibberish instead of personal information.

Diagram showing web traffic with HTTPS encryption

Why should I care?

Well; first of all, sites that implement HTTPS will now start to be ranked higher in Google's search results than those who don't. This is only a subtle change for now, affecting fewer than 1% of searches and with less impact than creating high quality content, but it's anticipated that this will have a greater impact in the future as Google pursues its goal of seeing HTTPS everywhere on the web.

Additionally, having a secure site also provides a level of reassurance to your visitors, building confidence that you take the protection of their information seriously. This increase in trust makes it more likely that visitors will interact with your site for longer, potentially leading to an increase in conversions.

There are other reasons, though. There have been numerous recent revelations about the extent to which the US and UK governments are intercepting web traffic; while they may only be interested in finding out about harmful activities, the nature of the technology used means that many innocent people's communications are caught in the net. By implementing HTTPS on more sites, even those that traditionally wouldn't have needed it, less information about people's browsing habits is available to those looking for it.

How do I tell whether a site is secure?

Most browsers highlight secure sites to users, making it obvious when you're browsing on a site protected by HTTPS.

There are actually two main types of HTTPS protection. The standard level just encrypts the information being sent to the protected website, and looks like this:

Display of standard HTTPS in browsers

There's also an enhanced type which, in addition to encrypting data, verifies that the site you're using is actually the site it says it is. This helps catch out malicious sites which look the same as the site you're interested in, but actually sends your personal information to an unsecure third party. This protection is usually a lot more effort to get, as you need to prove you are who you say you are and own the site in question, but once obtained it's a lot more prominent to your visitors:

Display of extended validation HTTPS certificate in browsers

How do I secure my website with HTTPS?

The exact steps depend on whether you're looking for a standard level of encryption, or the enhanced "Extended Validation" certification, but either way Mercurytide can guide you through the process and help you to make sure that your site and visitors are kept secure and safe. And don't forget, making your site secure will help increase its ranking in Google's search results!

Get in touch with our team of HTTPS experts


Enjoy what you're reading? Then you'll love our blog