Have you switched your website to HTTPS? If not, be prepared to have Google label your website as “Not Secure” when people view it in the Chrome web browser. A few months back, Google had warned website owners that beginning October 2017, web pages with forms or search boxes that run over HTTP will be marked as ‘not secure’ in Chrome. The “Not secure” warning will be shown in two additional situations as well: when users enter data on an HTTP page; and on all HTTP pages visited in Incognito mode. HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data transferred between the user’s computer and the site. When it comes to medical website development, this initiative can help to reassure patients that their confidential health and personal information is safe and will not be compromised.
Users expect a secure and private online experience when using a website. Google encourages website owners to adopt HTTPS in order to protect their users’ connection to their website, regardless of the content on the site.
Google’s warning is part of a long-term plan to mark all pages served over HTTP as “not secure”. The simple solution to avoid the warning is to migrate to HTTPS. Make sure to collect user input data only on pages served using HTTPS. As early as 2014 itself, Google had announced HTTPS as a ranking signal. As part of its long-term plan to mark all HTTP sites as non-secure, beginning in January 2017 (Chrome 56), Google had warned to mark HTTP pages that collect passwords or credit cards as non-secure.
According to Google, its HTTPS Everywhere initiative is aimed at promoting a safe and secure web by compelling webmasters to ensure that every web page is secure. Security of this kind is vital because:
- All visitor web traffic will be encrypted, which makes it difficult for hackers and miscreants to determine which pages the visitors are viewing and what data is being transferred.
- HTTPS makes it difficult for miscreants to impersonate or “spoof” websites or trick visitors into revealing their personal/confidential information.
This switch comes with other SEO improvements as well. If done properly, switching to HTTPS can:
- Help your website with its SEO rankings
- Provide better website security
- Encourage Googlebot to re-crawl most of your URLs
- Renew and improve SEO signals in the Google index
Google’s Fili Wiese recommends moving your website to HTTPS, only after completing an SEO audit and performing the recommendations of the audit and testing your infrastructure for HTTPS and HTTP/2.
- Audit your embedded and iframed content, inventory, existing plugins, and the functionality of your website. Check and verify that tracking related to your marketing automation scripts, CRM integrations, EMR integrations and so on works perfectly.
- Ensure that your sitemap entries point to HTTPS versions of your content. If this is not so, it could cause issues regarding how your content is indexed by search engines, and how it currently ranks. Also, proactively submit your new/updated sitemaps and RSS feeds to the search engines once you have switched to HTTPS and secured all pages of your site.
- Check your canonical URLs. When you switch over to HTTPS and make all the web pages secure, your canonical URLs must also be updated to point to the HTTPS version of the page.
- Add an HTTPS version of your site in Google Search Console, because Google considers HTTP and HTTPS versions of the website as two different sites.
- Find out the experience with old browsers. You need to find out how many visitors access your website using web browsers that are no longer supported by their developers. You have to understand the experience they will have when your web pages are made secure. Sometimes, older browsers may have issues with websites using the latest technologies for protection.
- Monitor your organic search performance in major search engines. Find out whether there has been any increase in 404 errors, and ensure that your most popular off-site backlinks continue to work and redirect users to the HTTPS version of your pages.
Certain best practices to consider while implementing HTTPS are:
- Getting your certificate from a reliable certificate authority (CA) that offers technical support
- Redirecting users as well as search engines to the HTTPS page with server-side 301 HTTP redirects
- Verifying that your HTTPS pages can be crawled and indexed by Google
- Using a web server that supports HTTP Strict Transport Security (HSTS) and enabling HSTS
- Making sure that the content on your HTTP site and your HTTPS is the same
If you are into a medical business, make sure to migrate your website from HTTP to HTTPS, preferably with the assistance of a professional healthcare digital marketing agency.