When transmitting sensitive data such as passwords, credit card information, or other important personal information over the Internet, caution is generally advised. With an insecure connection, data is transmitted unencrypted and can be read by all computers involved in the connection between the server and the client.
In order to offer a website via a secured SSL connection, i.e., HTTPS, an official SSL certificate must be issued. With the help of an SSL certificate, all data is encrypted, is only readable by the server and client, and is no longer as easily susceptible to external attacks. Additionally, the use of a secured connection can prevent phishing, as one can be sure that the data is sent to the correct server.
In a request from, for example, microsoft.com, at least 20 routers are involved in the connection, not counting access points like Wi-Fi hotspots. In unsecured and therefore unencrypted connections, each of these hops is a potential security risk.
Warnings in Google Chrome
Therefore, Google Chrome (version 56 and higher) has been marking websites as “not secure” since January 2017 that request form fields for passwords, etc., in an insecure environment, with a “Not secure” notice.
Warning in Google Search Console
Not only users are warned by Google, but also website operators: Users of the Google Search Console (formerly Google Webmaster Tools) are now receiving the following message:
As of January 2017, Chrome (version 56 and higher) marks pages that collect passwords or credit card information as “not secure,” unless the pages are served over HTTPS. The following URLs contain input fields for passwords or credit card information that trigger the new Chrome warning. By looking at the examples, you can see where the warnings are displayed and take appropriate measures to protect user data. This list is not exhaustive.
These new measures are likely just the first step. In the long term, Google will probably intensify its response to websites without SSL encryption.
The SSL certificate as an important ranking factor
A secure SSL connection has been considered an official ranking factor since August 2014, yet a large number of websites still do not have a certificate to this day. Based on our observations, an SSL connection has a positive impact on rankings across all industries. This is especially important in the financial sector, where a lack of encryption significantly affects positioning in organic search. This industry is particularly affected, as a large number of sensitive personal data is requested here.
SSL encryption and HTTP2
HTTP/2 will be the new transmission standard on the Internet in the future. HTTP/2 is the evolution of the conventional HTTP/1.1, established in the 1990s, the transmission protocol (Hyper Text Transfer Protocol) for content on the web, and can be regarded without exaggeration as one of the greatest achievements in web technology in the last 20 years.
The biggest advantage of HTTP/2 is clearly the increase in speed when loading web content. In the past, multiple connections between the server and client had to be opened, but with HTTP/2, all data can be transmitted over a single connection. Additionally, resources (images, JavaScript, CSS files) could only be transmitted one at a time in the past, often holding up the rendering of the entire page. This limitation is also eliminated in HTTP/2 through what is known as multiplexing. The push function increases speed even further. In the past, CSS and JavaScript codes were only loaded after being requested by the user from the server in addition to the regular source code, but now the server sends these files unsolicited and directly on the first call.
Although HTTP/2 is backward compatible, meaning it theoretically still supports delivery without SSL encryption, common browsers like Google Chrome, Mozilla Firefox, and Opera will not do this. Websites without the necessary SSL certificate that are loaded with the new protocol would then no longer be displayed.
Even though the new HTTP/2 standard has not yet been widely adopted by many hosts, this will be the case in the foreseeable future. Website operators should already take care of the transition and benefit from providing secure connections:
More security between you and your customers and consequently a positive impact on the conversion rate
Additional ranking bonus
Significantly higher speed after switching to HTTP/2
How you as an entrepreneur can solve the problem
For website operators, there are several reasons to adapt to this development as quickly as possible in order to remain trustworthy to users.
Use of HTTPS pages to collect confidential information
HTTPS connections enable an encrypted connection between the server and the client, thus increasing security when transmitting important, sensitive data. Therefore, website operators should prevent Chrome users from seeing a “not secure” message in the address bar when visiting their site. A secure connection is important not only from a data protection perspective but also positively impacts the conversion rate. However, if a potential customer sees a non-secure connection, they may be deterred and possibly look for alternatives with competitors.
Instead of just moving input fields for passwords and credit card information to secure, SSL-encrypted pages, it is advisable to encrypt the entire site directly. This way, not only is the transmission of important data encrypted, which means higher security for both you and your customers, but it also ensures a consistent user experience.
Do you want to make your website more secure in the future, but lack the technical implementation? No problem! The Rheinwunder team is happy to assist with setting up SSL encryption and transitioning your website from http:// to https://.
Rheinwunder Blog
In the blog: The latest trends in SEO, SEA, affiliate, and of course from the Rhine wonder
