Why you should move to HTTPS and what mistakes to avoid along the way. In her speech at Pubcon, Olga covers: - HTTPs adoption rates in various industries and countries - the importance of this to Google - mistakes companies make when migrating their website.

1. @olgandrienko #pubcon
THE STATE OF
HTTPS IN SEARCH
Presented by: Olga Andrienko
Head of Global Marketing at SEMrush

2. @olgandrienko #pubcon
When HTTPS adoption started to increase

3. @olgandrienko #pubcon
Of the 218,000 sites looked at, only 630 (0.3%) switched
to HTTPS by September 21st, 2014.
Source: StoneTemple.com

4. @olgandrienko #pubcon
“Beginning in January 2017 (Chrome 56), we’ll mark
HTTP pages that collect passwords or credit cards as
non-secure.” – Google Security Blog (Sept 8th, 2016)

5. @olgandrienko #pubcon
HTTP page is
now marked
”Not secure”:
if the page has password or
credit card fields
when users enter data on an
HTTP page
on all HTTP pages visited
in Incognito mode

6. @olgandrienko #pubcon
How it will eventually look like if you stick to HTTP

7. @olgandrienko #pubcon
JimStewart
StewArtMedia
“Now users don'treally know
the difference butthey will
once thechrome warnings turn
red.”

8. @olgandrienko #pubcon
HTTPS Benefits
User trust
Security and privacy
Small ranking boost
Referral data in GA

9. @olgandrienko #pubcon
HOW FAR ARE WE
WITH ADOPTING HTTPS?
Ranking correlations, industry data
and most common mistakes

10. @olgandrienko #pubcon
Website security & rankings (HTTPS)
65% of
domains in
TOP-3 for high
volume
keywords are
already secure

11. @olgandrienko #pubcon
It’s significantly harder to compete for
high volume keywords without https
now. In less competitive niches moving
to https is a great way to stand out
positively.

12. @olgandrienko #pubcon
Page loads over HTTPS in Chrome by platform (%)
Source: https://www.blog.google/topics/safety-security/say-yes-https-chrome-secures-web-one-site-time
Over 75% of
Chrome traffic on
both ChromeOS
and Mac is now
protected, up
from 60% on Mac
and 67% on
Chrome OS a
year ago

13. @olgandrienko #pubcon
HTTPS Adoption in TOP-10 and TOP-20 for Google US, UK, DE and FR (datafromSEMrush
Sensor,22Oct2017)
60%for US 65%for UK 63%for Germany 62%for France

14. @olgandrienko #pubcon
HTTPS
usage in the
world
Japan: from 31% in the last
year to 55% now
Brazil: from 50% in the last
year to 66% now
71 of the top 100 sites on the
web use HTTPS by default, up
from 37 a year ago

15. @olgandrienko #pubcon
HTTPS vs HTTP Usage in the Top 100,000 Domains
HTTPS usage
among TOP
100K domains
has increased
from 7.6% in
2014 to 31.5% in
2017

16. @olgandrienko #pubcon
TOP HTTPS usage
amongFortune
500 Companies
(by sector)
Business Services
Finance
Telecommunications
Technology
73%
70%
58%
57%
55%Wholesalers
Transportation
55%
Moredata: http://bit.ly/fortune500-https

17. @olgandrienko #pubcon
More data on industries: http://bit.ly/fortune500-https

18. @olgandrienko #pubcon
TOP 10 HTTPS Implementation Mistakes

19. @olgandrienko #pubcon
SEMrush HTTPS Study of 100,000 websites
100,000 websites
were analyzed,
45% out of them
support HTTPS

20. @olgandrienko #pubcon
9%
Non-secure pages with password
inputs
Any page that collects passwords should be encrypted!

21. @olgandrienko #pubcon
50%
Issues with Mixed content
Some elements on the site are not secured with HTTPS
(such as images, links, IFrames, scripts, etc).

22. @olgandrienko #pubcon
Mix of secure and unsecured content
Result: content is blocked by the browsers and there are security issues when viewing the page

23. @olgandrienko #pubcon
6%
Incorrect domain name for SSL
certificate
Web browsers will block users from visiting your website by
showing them a name mismatch error.

24. @olgandrienko #pubcon
2%
Expired SSL certificate
Warning message will be shown to users landing on your website,
which usually stops them from going further.

25. @olgandrienko #pubcon
3.6%
Old security protocol version
Running SSL or old TLS protocol (version 1.0) is a security risk.
Implement the newest protocol versions.

26. @olgandrienko #pubcon
More HTTPS
errors
NoHSTSsupport
No redirects or canonicalsto HTTPS
URLs
HTTPURLsin sitemap for
HTTPS
NoSNI support
86%
8%
5.5%
0.56%

27. @olgandrienko #pubcon
50%
Internal links on HTTPS leading to
HTTP
If any link on website points to the old HTTP version of website,
search engines can become confused as to which version of
the page they should rank.

28. @olgandrienko #pubcon
Check every tracking code – in GA and GTM!

29. @olgandrienko #pubcon
IS THERE A RANKING BOOST?
Source: bit.ly/https-rankings

30. @olgandrienko #pubcon
FiliWiese SearchBrothers “That’s a clear yes, onall accounts. HTTPS
if anything demonstrates to users that a
site is trustworthy. Googledoes seem to
prefer secure sites, whenever possible.”

31. @olgandrienko #pubcon
Bastian Grimm
Peak AceAG
“I haven’t seen criticalevidence of HTTPS
increasingrankings. However, not being on
HTTPSisan issue. My personal take is that
Google willflag insecure URLs in SERPs, which
willresult in a massivedecline in your SERP
CTR.”

32. @olgandrienko #pubcon
Website Migration
Case by Guy
Levine
(28daysaftervs28days
prior)
Search Impressions
Average Position
Clicks
CTR
116,771 (+21,626)
35.1 (+3.4)
2,097 (+246)
1.8% (-0.15%)
64/100 (-2)Mobile Speed
Desktop Speed 81/100 (0)

33. @olgandrienko #pubcon
Tools for
HTTPS
migration

34. @olgandrienko #pubcon
Get the slides via bit.ly/https-pubcon
Olga Andrienko
Head of Global Marketing at SEMrush
Twitter & Facebook: @olgandrienko
o.andrienko@semrush.com