10 common mistakes in implementing HTTPS! [Infographie] [Exclusive Guide]
what are common mistakes made by webmasters when implementing HTTPS? This study of SEMrush on over 100,000 sites presents, in a computer graphics, 10 most frequently found HTTPS errors.
on the 100,000 sites analyzed, 45% of the sites were in HTTPS . Here are 10 common mistakes and advice from SEMrush to correct:
- 1- 9% of pages that require a password to the user are not secure HTTPS
- 2- 50% of the HTTPS sites have problems with mixed content (scripts, images, stream, iframes without HTTPS…)
- 3- 50% of the HTTPS sites are still internal links in HTTP
- 4- 5.5% HTTPS sites still have URLs in HTTP in their sitemap
- 5- 8% HTTPS sites don’t make redirects 301 http to HTTPS or do not put in place of canonical
- 6- 2% of the analyzed HTTPS sites do not have an SSL certificate updated
- 7- 6% of the analyzed sites have an SSL certificate that is recorded with an incorrect domain name
- 8- 3.6% of analyzed HTTPS sites have an older version of Security Protocol
- 9- 0.56% of the HTTPS sites do and do not support SNI (Server Name Indication)
- 10- 86% of the analyzed sites do not support the HSTS (HTTP Strict Transport Security) that tells browsers that they cannot communicate with servers via HTTPS connections
the following article comes from a CP sent by SEMrush to LEPTIDIGITAL:
only 45% of the sites are supported by the HTTPS
HTTPS is not a simple matter of SEO or a bonus for businesses , this is a element that Google recommends and a must for all activities that claim to be online.
despite the conclusion of the telemetry Firefox that, on 29 January 2017, only half the internet traffic was secure, there is still a lot of mistakes which may prove fatal for the life of a site. To support this assertion, SEMrush conducted research on the frequency of the HTTPS implementation errors and found the 10 most common mistakes.
“why HTTPS?” First of all, because you give more security to the users of your site. You think providing them with a secure connection, they enjoy it and they make you more confidence. So you will have more credibility. In addition, is a trend this year, even Gary Illyes of Google said in a conference a few months ago that Google makes HTTPS the focus this year and it was not for the first time. As Google for written on my blog Webmaster, HTTPS is a positive signal for ranking. So we can say that HTTPS is a ‘small ranking factor’ and the use of HTTPS may well influence your ranking. In addition, if use you HTTPS, you offer a better user experience to your audience. It is very important, because from January 2017 Google marks pages where you enter the private info, for example, the password or the number of the credit card, as not secure if they are not in HTTPS version. Users see this warning and, of course, they do not trust and leave this page. This is! The traffic falls, the bounce rate increases, your site loses the positions, no good… “, – Natalia Zhukova, head of marketing at SEMrush.”
below, you will find data on 100,000 anonymous web sites that use this security protocol and evidence that the resolution of errors found on these sites may be correlated to a better positioning on Google . The first conclusion that can be drawn, and the most important, is that only 45% analyzed sites supported HTTPS . All data on the frequency of the HTTPS-related errors were collected during the analysis of these secure areas.
pages with a password entry
SEMrush for analysed all of the 100,000 sites (including those that are not HTTPS) taking into account the requirements of Google that any page that collects passwords must be encrypted. SEMrush for determined that 9% of the analyzed sites still have pages with a password entry .
the HTTPS errors related to architecture
mixed content problem
50% of the analyzed sites have a problem with mixed content , which means that the browsers are warning users about unsafe content loading, which can have a bad influence on the user experience and reduce the confidence given to your site.
one errors that may occur when you move a site in HTTPS, it’s that on a HTTPS site internal links point to pages HTTP . According to the recent study of SEMrush, 50% sites are affected by this problem .
, 8% of the analysed 100,000 sites (except those that support the HSTS, because this error does not harm them) have a home page HTTP that does not correspond to the HTTPS version . This can cause problems, as pages entering into competition with each other, a loss of traffic and poor positioning on search engines. In addition, a detected error on 5.5% of sites is that the HTTP URLs are in the sitemap.xml to the HTTPS site.
the HTTPS errors related to the security certificate
SSL certificate (Secure Socket Layer) is used to establish a connection between a server and a browser, and to prevent the data of a site to be stolen.
during my search, SEMrush found that 2% of the analyzed sites have a SSL certificate expired and 6% of sites have an SSL certificate that is recorded with an incorrect domain name.
in this analysis, it was important to determine the proportion of sites that do not support server HSTS have (HTTP Strict Transport Security). The conclusion of the study is that 86% analyzed sites do not support the HSTS . This technology is new and the browsers began to adopt there are few.
in addition to server problems, the study of SEMrush helped detect that 3.6% of the analyzed sites appear with the old version of the Security Protocol . In contrast, errors related to the NIS have been discovered on only 0.56% of the sites .