Securing your site with HTTPS

Have a website? Want your users to have a private and secure connection when accessing your site? With HTTPS (Hypertext Transfer Protocol Secure), one can confidently ensure that your users’ and sites’ connection is adequately protected. Keep reading to learn more about what HTTPS is and how you can implement this protocol. 

HTTPS or Hypertext Transfer Protocol Secure allows for data to be sent via a Transport Layer Security Protocol. As mentioned in Google’s Search Central site, this Transport Layer Security Protocol has 3 layers:

1. Encryption makes sure that a user’s activities and data are not tracked across multiple pages 
2. Data integrity makes sure that any data transferred when accessing a site is not modified or corrupted
3. Authentication makes sure that the user who is requesting access to the site is intending to communicate with the website

Now in order to implement this protocol, there are several practices one must consider:

• Security Certificates: In order to enable HTTPS, one must first obtain a certificate issued by a Certificate Authority that verifies your web address. Choose a 2048-bit key for your certificate, make sure that you get your certificate from a trustworthy authority, and decide what kind of certificate (single, multi-domain, or wildcard) your site would need.
• Permanent server redirects: Server side redirects help ensure that your users are always directed to the site’s current and updated page on Google Search. The implementation of this depends on your host and server environment, as well as what scripting language the backend uses. To learn more about server redirects and how to implement them click here. 
• HSTS (HTTP Strict Transport Security): HSTS allows the browser to request HTTPS pages automatically and provides secure URLs in the search results. In order to implement this protocol, you must develop your pages without it and then enable it on a web server that supports it by slowly increasing the HSTS max-age. 

Securing your site with HTTPS or TLS in general can be quite challenging. Therefore it is important to make sure that your certificates are always up to date, avoid blocking your site from crawling using the robots.txt file, stick to only embedding HTTPS content, and checking that your site returns the correct HTTP status codes (such as 200 for OK and 404 / 410 for nonexistent pages). For more information on how to solve common HTTPS issues or migrate from HTTP to HTTPs, check out Google developer’s page on the topic here.