Today is Google’s HTTPS Day – is your site secure?

ExoClick has been advising its global network of publishers to switch their URLs from HTTP to HTTPS for a while now, because as of today, Google Chrome will show a ‘Not Secure’ message next to the URL in the browser bar if the publisher site attempts to collect data, such as password requests or credit card information. However, it is expected that in the near future Google will penalise all sites that don’t migrate to HTTPS.

As of December 2016, Google’s market share is 56.45%, according to, so it makes sense to switch to HTTPS. Adding HTTPS is an easy process and requires you to buy an SSL certificate. SSL certificates are small data files which bind a key to a specific organization’s details. When installed the certificate activates the HTTPS protocol, allowing secure connections between a web browser and server.

So what do you get if you go HTTPS?

Security and protection

Every time you PayPal someone, or send a Gmail, or log into Facebook, the ‘S’ adds a layer of encryption to protect your information. Whereas HTTP allows hackers to intercept and read data that goes through a network, for example if you are on public wifi and visit an http site anyone can see every bit of information that you entered while on that site, such as personal details you might have been asked to provide like passwords, full name, address, date of birth, mobile number, the searches you have carried out, etc. So it makes sense that by switching to HTTPS the added encryption ensures that your site is protected and so are your users.

WordPress and Blog login protection

If you are running over an HTTP connection your username and password are sent in clear text over the internet. There are many free tools out there that hackers can use to capture WordPress logins over unsecured connections. So by running on HTTPS you are protecting your login credentials.

The green padlock

By adding an SSL certificate and showing the green padlock in the users browser which instantly adds the credibility of “SSL trust.” It is important to let your visitors know you are secure and that their information will be protected.

Better SEO rankings

Google now penalises sites that don’t have HTTPS

Increased revenues

According to a European survey from GlobalSign, 77% of website visitors are concerned about their data being intercepted or misused online. With consumers having trust issues about making online purchases and if your site flashes a ‘Not Secure’ message, this only compounds this issue, but an HTTPS site is endorsed as ‘Secure’ by Google, giving a consumer much more confidence in making a purchase. So if you offer ecommerce on your site, switching to HTTPS could actually help to increase your revenues.

Protected ad zones

All of ExoClick’s ad zones are automatically generated with HTTPS tags to ensure a fully secured user browsing experience.

Better referral data

HTTP referral data is blocked in Google Analytics. So for example, if your website is still on HTTP and it gets featured in posts or links to other sites that are running over HTTPS, the referrer data is completely lost and the traffic you get from those sites could end up under direct traffic which is not helpful to you. But if someone is going from HTTPS to HTTPS the referrer is still passed.

How to switch to HTTPS

These are the steps you need to migrate your site from HTTP to HTTPS:

  • Buy an SSL Certificate – there are many providers out there such as or
  • Install your SSL Certificate
  • Update all Hard-coded Links to HTTPS
  • Update Custom JS, AJAX Libraries to HTTPS
  • Add 301 Redirects to New HTTPS URLs
  • Update your robots.txt File
  • Install SSL Certificate on CDN
  • Update Origin URL on CDN
  • Enable HTTP/2 Support on CDN
  • Update all Hard-coded CDN Links to HTTPS
  • SEO: Google Search Console, Sitemaps, Fetch
  • SEO: Resubmit Your Disavow File
  • Update Your Google Analytics Profile URL
  • Miscellaneous Updates

Click this link for a detailed explaination of each of the above points.

And finally, if you are an advertiser, make sure you only select websites that use the HTTPS protocol when targeting campaigns.

Giles Hirst