Starting in January 2017, Chrome, Google’s web browser, will explicitly label all HTTP (Hypertext Transfer Protocol) websites that transmit credit card information or passwords as non-secure in the site’s address bar. To avoid being labeled as non-secure, Google recommends that websites migrate to HTTPS (Hypertext Transport Protocol Secure).
The primary concern with HTTP websites is that they do not use any encryption methods, which opens the possibility of other parties being able to manipulate the website during a transaction and gather private user data. As countless cyber breaches continue to take place every day, Google’s push for websites to migrate to HTTPS is intended to protect consumers from identity theft, and is particularly relevant for ecommerce sites.
HTTPS is essentially HTTP with an added layer of security. It uses a Secure Socket Layer or Transport Layer Security to transport important information. The following are three key layers of protection that HTTPS provides:
- Encryption: Prevents “eavesdropping” and stealing
- Data integrity: Protects user data from modification or corruption
- Authentication: Protects site legitimacy and preserves user trust
The migration to HTTPS is important for ecommerce websites as it will increase overall customer experience, protect important user information and preserve business legitimacy. Considering Google’s user-based algorithm for rankings, the shift isn’t surprising. If users are able to choose between a secure or a not secure site experience, they'll always choose the secure, HTTPS website. Due to Google’s algorithm, those HTTPS websites will receive higher-ranking benefits.
SEO will also play an important role in the migration. While the amount a site’s SEO will improve due to a proper migration is still uncertain, the repercussions for not making the switch is irrefutable. To preserve SEO value, it’s important to crawl your site to make sure that you didn’t miss any links during the migration and that nothing is broken. It’s also important to update all links, including redirects and redirect chains.
Marking HTTP sites as non-secure will be a multi-phase process, starting with HTTP sites that transmit passwords, credit cards or other sensitive customer information. Google plans to extend the HTTP warnings to Incognito mode in following Chrome updates and will eventually add a prominent red triangle in the address bar of all HTTP pages.
For ecommerce websites in particular, switching over to HTTPS correctly is critical. Google views the migration from HTTP to HTTPS as a site move with a URL change and recommends the following steps to switching to HTTPS:
- Prepare and test the new site thoroughly.
- Assemble URL mapping from the current URLs to their corresponding new format.
- Configure the server to redirect from the old URLs to the new ones.
- Monitor the traffic on both the old and new URLs.
The purpose behind Google’s push to make all sites HTTPS-compliant is to increase security across the Internet. From an ecommerce business perspective, transitioning to HTTPS will act as a safeguard against potential threats, protecting customer information and preserving revenue. The shift is also a strong signifier of business legitimacy and may give hesitant customers the peace of mind needed to make an online purchase with the knowledge that their information is protected. During a time when cyber security breaches are at an all-time high, HTTPS migration is business-critical for ecommerce businesses of all stages of maturity.
Our partner Mobify recently collaborated with Google on a webinar: HTTPS Everywhere: Why Your Entire Ecommerce Website Needs to be Secure. Watch the webinar and learn more about this important, upcoming change.