Secure Sockets Layers (SSL) is the standard security protocol technology to provide security over internet communications for any website that has text input fields users interact with. You may have seen the messages from Google stating that with the recently released Chrome version 62, all sites, even those that don’t have any kind of text input fields, will require an SSL certificate to avoid a “Not Secure” warning to appear in the address bar. eCommerce sites are especially text input field heavy and most eCommerce Technical Marketers are looking at how to move to SSL and avoid the Google penalty. Forcing HTTP pages to HTTPS is a good place to start.
Next work with your 3rd parties to get updated tracking code. From our experience, getting all the 3rd party snippets converted will require the most effort. Pay especially close attention here because if you make the switch before confirming your analytics, ad networks and A/B testing partners support HTTPS, you will definitely have issues.
Next consider the SEO implications. As with any major URL changes, there will likely be a dip in rank for hopefully only a short period of time. Google recommends the following:
- Redirect to HTTPS pages by server-side 301 HTTP redirects (mod rewrite is common)
- Update your robots.txt to allow your HTTPS pages to be crawled
- Confirm that all sitemap files include secure links
- Determine what kind of certificate you require - a single, multi-domain, or wildcard certificate
- Generate a Certificate Signing Request (CSR) on your webserver using 2048-bit key certificates
- Make sure your SSL certificate is always current
- Use relative URLs for resources that reside on the same secure domain
- Check that your website returns the correct HTTP status code
- Get and configure the required TLS certificates on your server
From there, take a look at your CDN Provider to ensure they support SSL. Most, if not all providers, support HTTPS but some have additional charges for this service. If the pricing seems out of line, you may want to explore less costly services from other providers as this functionality is becoming more and more part of a standard cost-effective offering.
Finally, consider this transition to SSL an opportunity to also move to the HTTP2 Protocol. Historically, encryption has always added to overhead and slowed site speed down. Worse yet, eCommerce sites are notoriously resource intensive but HTTP2 adds multiplexing to the mix to address those concerns. Multiplexing is a method where multiple HTTP requests can be sent and responses can be received asynchronously via a single TCP connection. This approach provides reduced latency, faster web performance and reduced OpEx and CapEx in running IT and network resources, resulting in better performance all around. Every web page but in particular eCommerce pages, can have 100’s of assets (Java script, CSS, images) that have to be downloaded. As you can imagine, being able to download all of these page elements in parallel, instead of one at a time, will definitely improve page speed.
SSL and HTTP2 are here to stay and the security and capabilities that come with them are going to provide significant benefits to shoppers and developers alike. Now is the time to make the transition. Just make sure you define your plan and that you’ve done a thorough inventory of your pages and your links, worked with your CDN provider to deliver secure pages and thoroughly tested your site to ensure your transition is a success.