HTTPS and SEO: How to Cover your Assets and Avoid Common Pitfalls

Back in 2014, Google started to consider making the use of a secure connection (HTTPS) a parameter in their search algorithm. It began with just a 1% weight over all the other factors, but they pushed it further and further; and now, in 2018, every professional website must be served through a secure connection to avoid ranking penalties. HTTPS is the future and we should be willing to pay the price for it There are several good reasons to switch to HTTPS and not only for a big website with a lot of sensitive data. Think for example about the WordPress login page; If you aren’t on HTTPS, your username and password are sent in clear text over the internet. You don't need to be a professional hacker to sniff and capture WordPress login data; if you are on an insecure connection, there are a lot of tools around that can easily do the job. Moreover, running on HTTP prevents the use of some nice APIs like geolocalization or push notifications. Switching to HTTPS brings many advantages but it has also caused more than just a headache in the world of SEO. Technically speaking, the switch involves routing your site through a series of 301 redirects; this causes a certain loss of link equity which may lead to a ranking penalty. The referral data loss problem The major problem that the HTTPS switch brings on is the loss of referral data. When one site sends data to another, the HTTP header field referer lets us know the URL of the page that linked to the page the user is on, and this data allows us to see where the traffic is coming from. But when traffic flows from an HTTPS site to an HTTP site, no referral data is sent and the traffic is reported as direct: this helps fighting referral spam but can also be a major problem for accurate SEO. The Meta Referrer tag: a brilliant solution The referral problem is not an unsolvable one; a new meta tag called "referrer" helps us understand how the traffic flows on the web once again. The tag must be placed in the HEAD section (like all meta tags) and allows you to control how your referrer information is passed. As it often happens for recent specifications, an early version was implemented by major browser vendors and now there are two different supported syntaxes. The possible values are: No referrer (none) <meta name="referrer" content="no-referrer"> <meta name="referrer" content="none"> Never pass any referral data from your site. No referrer when downgrade (formerly "none-when-downgrade") <meta name="referrer" content="no-referrer-when-downgrade"> <meta name="referrer" content="none-when-downgrade"> Send referrer information to secure HTTPS sites, but not to HTTP sites. Same origin <meta name="referrer" content="same-origin"> Using this tag will allow URL requests within your website's domain, but it denies cross-domain requests. Origin <meta name="referrer" content="origin"> Using this tag will only send your site’s domain or subdomain, rather than the full URL. A link from https://www.scrivito.com/referrals.html will send https://www.scrivito.com Strict origin <meta name="referrer" content="strict-origin"> Will only send referral information from an HTTPS site to another HTTPS site. The referral data sent will include only your site’s domain or subdomain. Referrals to a non-HTTPS site will send no referral data. Origin when cross-origin <meta name="referrer" content="origin-when-crossorigin"> This tag will send the full URL of your referring page when linking within your site, but will only send the domain or subdomain when linking to external sites. Strict origin when cross-origin <meta name="referrer" content="strict-origin-when-crossorigin"> Using this tag will only send referral information from an HTTPS site to another HTTPS site. This tag will send the full URL of your referring page when linking within your site, but will only send the domain or subdomain when linking to external sites. Referrals to a non-HTTPS site will send no referral data. Unsafe URL <meta name="referrer" content="unsafe-url"> Always passes the URL string as a referrer. Note if you have any sensitive information contained in your URL, this isn't the safest option. By default, URL fragments, username, and password are automatically stripped off. Empty String <meta name="referrer" content=""> If the referrer tag is left empty for a specific page or link, links will use a referrer policy defined elsewhere. If there is no policy defined, links will default to "no-referrer-when-downgrade". A note on compatibility The options above look really cool but before fancying all the possible uses for them, we need to talk about compatibility. Good old Internet Explorer is totally cut off: support comes with Edge only and, as for nearly all other major browsers, it is still limited to the old specification. The full property list is supported only by the most recent versions of Chrome, Firefox and Opera. Once you decide to make the switch and you have everything working as needed, don't think that your troubles are over; there are still a lot of items to be checked. Absolute paths require the https:// prefix (even in external CSS files), IE 8 is very picky and will trigger intimidating pop-ups even for the slightest error. You need to check your old robots.txt, and your ads must be SSL compliant as well. Venturing into the world of HTTPS without proper knowledge can be dangerous; instead of boosting your traffic you may harm it, but switching to a secure connection is a step that must be undertaken now. Malicious attacks have seen an alarming increase in frequency and even small websites, if unsecured, can be an attractive and easy target, however - with just a few changes, your site and your data can be much safer and far less of a target.

More great blog posts from Alessandro Loverde

  • Tighten Your CMS Security

    A small investment early in the deployment phase can go a long way to creating a secure environment. Fine tuning permissions Every CMS allows administrators to set permissions for different users or groups and, for the sake of better security, one should check that editors can only do what they...

  • Image Optimization: A Comprehensive Roundup - pt.1

    In the beginning, the World Wide Web was all about optimization. Standard speed was around 3 kb per second, and hosting space larger than 5 MB was expensive. Then broadband became available for everyone, and web designers grew less and less obsessed with image optimization. Nowadays, younger web...

  • Video Tutorial: Building a React App - pt5: Working with External Data

    In the previous part of this tutorial we explored components: the distinctive React feature. We did no magic because we wanted to focus on the basic structure of components, but now the time has come to explore the advantages of generating code employing external data. Replacing hard-coded with...

  • Five Quick Tips Before You Start Your Next SaaS Project

    There are many web apps around, some good, some bad, some are kind of life-changing while others lay almost forgotten, but making a SaaS app is something definitely bigger; a good programmer and a talented designer are not enough. The concept of Software as a Service looks far ahead and...

  • Strategies for a Multilingual Website

    Having a website just in English may be okay for most businesses. In fact, even if you occasionally need to reach foreign visitors, you can expect that whoever is interested in your services has enough knowledge of English to clearly understand what you are offering. But if you sell something...

  • WordPress and SEO; Costly Missteps to Avoid

    WordPress is often a popular choice for a website builder and it is appreciated by many because it gives the users a lot of freedom regarding tools and plugins. Unfortunately, this approach is not good for your SEO because WordPress does not offer many SEO tools out of the box and, if you don't...

  • Video Tutorial: Building a React App - pt3: Code Components

    In the previous part of this tutorial we have converted an existing HTML page into a React app, but we have not seen much interactivity so far. In this new chapter we start exploring one of the most interesting React features, the components. Let's build something dynamic We are going to create...

  • Rising Stars and Falling Comets in the CSS Universe

    CSS is our friend; the relationship between it and web designers has been a bit turbulent over time, but near the end of the first decade of the new millennium, it settled down with mutual love and respect (in the meantime Internet Explorer has met its fate but nobody mourns the loss, right?)....

  • A Bit of SASS Magic: Automatic Text Color in CSS

    We already talked about SASS and how it can revolutionize your approach to writing CSS. We talked about variables and indenting; powerful features but easy to handle nevertheless. We mentioned that SASS has more advanced functions, and in this article we are going to explore a handy one. The SASS...

  • This Is How We Do It - The TROX Case Study

    TROX understands the art of handling air like no other company. It’s a dynamic firm and, through research and development, TROX became a global leader of innovation in ventilation systems. A business can be efficiently run only with efficient tools and TROX has chosen Scrivito to manage over 70...

  • How to Up Your UX Best Practices for Mobile Apps - pt2

    One central guideline for a designer is to have a clear understanding of the medium, the way users will interact with our design. It can be a television, a computer, a book, or any number of things: design is everywhere. A mobile phone is not just a small computer; it has its own unique features...

  • DOM Filtering with jQuery - What You Need to Know

    We have already given an introduction to the jQuery library, showing how useful it can be for web designers and developers: it simplifies the JavaScript syntax for lots of useful DOM-related tasks and it can dramatically speed up the routines to select DOM elements. Now it’s time to expand your...

  • How to Up Your UX Best Practices for Mobile Apps - pt1

    The concept of mobile apps has greatly evolved: with the first apps, developers tried to replicate the same experience of a desktop but, given the limited resources, the results were pretty different and, in some cases, disappointing. A more modern approach is to create mobile apps that offer the...

  • Video Tutorial: Building a React App - pt2: Installation

    In the first post of this video tutorial series, the basics of React.js were covered. Now it’s time to move a bit forward: we will install React.js and configure it. Eventually, the web page of the standard web application will show up in the browser. The installation process The very first step...

  • Obscure HTML 5 Features That May Make Your Day

    Stumbling into one of those popular, so called “cyber cafès” means that nowadays you will probably find tables occupied by hipster-like web designers, delighting themselves into glorifying the moment when they embraced SASS, React.js, jQuery, Node JS, Ember, Bootstrap, Angular and others. Well...

  • You Asked For It - Scrivito Features & Benefits

    The web is changing at a truly fast pace! New technologies break into the market more rapidly than before. The period of caution and skepticism grows shorter, as the IT world has finally understood the impact of being stuck for too long on technologies which are reliable but outdated. The time to...

  • Getting Sassy with SASS - Your First Steps

    CSS is great and there would be no web without it: if you have been involved enough to remember the state of the web in the late nineties, you will immediately get the point (probably, along with a couple of shivers). Unfortunately, CSS has its limitations and they are not easy ones; that’s why...

  • DOM Traversing with jQuery - What You Need to Know

    The Document Object Model (DOM) is an object-oriented representation of a web page which can be modified with a scripting language, like JavaScript: we can think of the DOM as a representation of an HTML page in a way JavaScript can understand. JQuery is a very popular JavaScript library that...

  • Tips & Guidelines for A Better Mobile UX - pt2

    Mobile websites are not just a trend; they meet the user’s demand for a better and more rational use of their time. If we are already out of the office and need to check if the product we want to buy is effectively in the store we are confidently heading to, it’s nice to be able to check this on...

  • Tips & Guidelines for A Better Mobile UX - pt1

    When the iPhone came out it started the mobile web revolution: for the first time, we could browse web pages on a mobile phone in a decent and usable way. As soon as people had started to do that, the limits of the resizing technology used became evident, accompanied by a high demand for a...

  • Five Quick Tips to Learn JavaScript Faster

    JavaScript has been around quite a while now and we can almost consider it part of the ”old wide web”. But the JavaScript we use now has evolved immensely since its first days. We could better say that what really evolved were the projects that had JavaScript as their core and that made the web...

  • Video Tutorial: Building a React App - pt1: Introduction

    Anybody interested in Javascript development has likely stumbled on MVC frameworks, a term that is pretty much going strong recently and defines a library built according to the “model - view - controller” design pattern. React.js is a Javascript library that acts as the “view” part of an MVC...

  • Traditional, Headless or Decoupled: The New State of CMSs

    Headless CMS is a term that has been on everybody’s lips recently, along with Content as a Service and Decoupled CMS. Actually, these three concepts are very closely related; you can’t talk about any of them without citing the others as well but, for a better insight on the topic, talking about...