HTTPS

Get our latest news about HTTPS and our other online marketing services. Call us at 1-888-262-6687 to inquire about your marketing needs.

Posts

When was the last time you thought about your website’s security?

If not recently, maybe now is the time. Both Chrome and Firefox are getting close to releasing the newest versions of their browsers that will noticeably mark your website as Not Secure to visitors.

In this article, we will explain Online Certificate Status Protocol (OCSP), how it works, and the importance of making the OCSP process as fast as possible on your secure HTTPS website.

What is Online Certificate Status Protocol (OSCP)?

The OSCP definition is pretty straight forward. It is a protocol for checking the status of an online certificate. In other words, OCSP is a set of steps taken to check the status of your SSL Certificate before your website is shown to the visitor. During this multi-step process the browser and your server will check/prove the identity of your website and then encrypt all information shared between the browser and the server so that hackers and phishers can’t intercept the data transfer.

How Does OSCP Work?

The Internet browser of your website visitor (like Chrome or Firefox) initiates what is called a handshake with your secured website, asking it to identify itself. Your secured website sends a copy of its SSL certificate, including the server’s public key.

The visitor’s browser checks the certificate root against a list of trusted CAs. It checks to make sure the certificate hasn’t expired, hasn’t been revoked, and that its common name is valid for the website to which the browser is connecting.

If the SSL Certificate is trusted by the browser, the browser produces and returns a symmetric session key using the public key it got from the server. The server decrypts the session key with the public key of its own on the server. The server then sends back the acknowledgement which has been encrypted by the session key.

The secure encrypted session begins.

how ocsp works

Can OCSP Affect My Website Speed?

With so many steps back and forth you may be wondering how long this takes, especially as we stress the importance of site speed for SEO. The process should only take milliseconds because during this time your site visitor has to wait. The faster the OCSP process is completed, the more quickly your site visitor will gain access to your site. Google likes websites that can be accessed quickly.

That is why we recommend choosing a trusted Certificate Authority and purchasing a high-quality SSL Certificate.

How Do OCSP Response Times Compare Between Certificate Authorities?

There are a lot of Certificate Authorities (CAs) that sell SSL Certificates at various price points, but don’t let price be your only consideration.

You need to know that the Online Certificate Status Protocol (OCSP) speed with the company you choose can affect your website speed, and overall site traffic and rank with Google.

In our experience, DigiCert has one of the quickest OCSP response times in the industry, 4 to 8 times faster than most Certificate Authorities. This provides your site visitors with quick responses to OCSP requests through their browser.

OCSP Response Times January 2016

Interested in learning more about SSL and putting OSCP into action on your website in order to provide your visitors with the most secure browsing experience possible?

Contact 1st on the List!

The Chrome 56 Update

Google has taken a very strong stance on website security over the last couple years and very soon its latest update will hit the web.

Set to release sometime late January 2017, the new Google Chrome 56 browser will label any HTTP website that collects passwords and credit card numbers as Not secure.

Have you complied with Google’s suggestion to make sure that your website is secure, whether or not your website collect sensitive information?

As time goes on, we are warned that Google will be even more strict and start labeling all insecure websites as Not Secure, even if they do not collect sensitive information.

Google will also begin giving even more favourable rankings to websites with SSL Certifications in place and HTTPS Everywhere active on all pages (and other areas) of a website. This is Google’s prerogative, and they are choosing to do so in an effort to make the Internet more secure for everyone.

How Do I Get Rid of the Not Secure Warning?

If you are a website owner, and your site is already deemed, or might be deemed, Not Secure by Google, you need to purchase an SSL Certificate through a Certificate Authority (CA) and have it installed on your website. This will turn your website URLs to HTTPS, meaning that your site pages are secure.

Google suggests, in their article titled Secure Your Site With HTTPS that you “ensure a high level of security by choosing a 2048-bit key.”

At 1st on the List, we have chosen to work with DigiCert because they satisfy the encryption standards that Google expects you to have for HTTPS Everywhere. We can help you install the 2048-bit key and implement the required site changes.

How Do I Start Implementing HTTPS?

The best way to begin implementing HTTPS is to give 1st on the List a call and chat with one of our SSL experts. They’ll need to know how many sites you have, how many subdomains each site might have, and some other details about your organization.

HTTPS Everywhere not only appeases Google, it will make your visitors happy because you invested the time and effort to prioritize their privacy and security needs. It can also help protect your organization from the liability of security breaches.

Call 1st on the List today about your SSL Certificate and discuss how HTTPS should be your next step toward creating a safer Internet for everyone.

At 1st on the List, we’ve been talking about the importance of HTTPS and SSL for a couple years. Here are some other articles we have written on this topic:

So what did we learn about SEO in 2016 that we can carry over into the New Year and improve our SERP positioning? We learned numbers! Lots of numbers!

I think that the most interesting statistics this year (and even from previous years) center around mobile, voice search on mobile, and voice search through present and future home devices. And they’ll probably all be applicable to a greater extent as the year unfolds.

In this article, we will take what we have learned from the past year and share what we think are the most important SEO predictions for 2017 and beyond.

1. Mobile Search Dominates Desktop

According to Search Engine Watch, we know that 93% of encounters online begin with a search, and from a Search Engine Land article, we learned that 65% of those searches worldwide are done through Google.

Impact has told us that 80% of users on the Internet own a smartphone, and Smart Insights indicates that the same percentage of smartphones (80%) are used to search online.

Marketing Land suggested that 56% of traffic received by the top 10,000 US websites in 24 categories came from mobile. However, if we read that actual webpage prologue by SimilarWeb that produced the report, we find that it reads the “…leading 10,000 most mobile sites in the US in 2015.”

The report itself, however, loses the most mobile reference entirely, so there is some uncertainty as to whether just mobile-friendly sites were included in the report, or mobile and desktop sites were the ones for which the stats were presented.

What does all of this mean for search in 2017? There will be some distinct changes and unique approaches developed to provide mobile-search-worthy content in 2017. SEO will not only have to address mobile’s consumption of quick, complete responses to specific questions (whether by voice or text), and produce more content pages optimized for mobile; it will also have to reflect the growing needs of the voice-only market created by home devices.

2. Voice Search Over Text Search

In a May of 2016 article, Search Engine Land cited Google indicating that 20% of mobile queries were voice searches. Now that Google has prioritized Mobile over Desktop, our takeaway should be that we can expect that number of voice queries from mobile to continue to increase significantly.

The anticipated high adoption rates of home devices such as Google Home, Amazon Echo, and Windows’ upcoming device, will all contribute to the growth of voice search.

As discussed in Voice Activated SEO Strategy for Google Home Device, Google is expected to ship nearly 3 million voice-activated speaker devices in 2017. According to Geek Wire, Amazon has already sold 5 million Echo units. That is at least 8 million reasons to focus more intently on voice searches.

The argument for voice-activated searches will direct the purposeful route of website content toward more specifically-tailored responses to voice searches from 2 very different devices. Those responses will need to be capable of serving their two new online masters (mobile and home assistant) while maintaining desktop traffic. Do any other SEO writers feel like a sideshow juggler already?

Even though both user groups could be searching for similar content, determining user intention based on separate schemes for each style of device will become extremely important, depending on the way voice search tactics by users evolve over time for each group.

SEO companies will need to develop ways to uniquely satisfy the needs of each group of device users without risking duplicate content issues that could be detrimental to their overall SERP strategies (mobile, home, and desktop) as a whole. Target strategies for keywords will no doubt appear somewhat disjointed initially.

It wouldn’t surprise me if as many as 3 different plans evolved for the 3 disparate search methods:

  • Mobile Voice
  • Home Assistant Voice
  • Desktop

3. Apps (plus or minus) Mobile-Friendly Websites?

Smart Insights has quoted Yahoo! Flurry stats, indicating that apps are used predominantly on mobile devices, with 90% of time on a mobile device being spent on an app, as opposed to using a browser such as Chrome (only 4%).

For some companies, I would argue that an app offers some great potential. But, for companies with a consistently changing landscape of information, articles, blogs, and other forms of data not conducive to being presented in app form, their websites will remain as go-to places for individuals with an interest in their products, services, or culture.

Such sites will still require ongoing SEO attention, but how that attention might translate into SEO planning will undoubtedly take a step sideways as more prominent mobile and voice usage begins to nudge desktop to one side until, dare we even think it, we’ve evolved into a totally mobile and voice driven world?

4. Time to Get Hyped About HTTPS

According to Search Engine Journal, as of February 1, 2017, Google has warned that Chrome will mark sites as unsecure if they have forms that collect information such as personal information, credit card information, or password information, and the site does not utilize HTTPS.

Even if only one page collects information insecurely, the entire site will be marked as unsecure, and Chrome users will be unable to access it without clicking through against Chrome’s warnings. Without HTTPS, most websites are open to man-in-the-middle attacks, through which sensitive information can easily be collected. Considering that 55% of desktop and mobile traffic is searched through Chrome, this is a significant wake-up call for website owners.

In February of 2014, I did some research on my own regarding the security of 86 major corporate oil company websites through which I was attempting to submit job applications at the time. Only 13% of these websites were attempting to collect my personal information securely through their own domain. 17% were attempting to collect my information through unsecured pages on the company domain. And probably the most shocking stat was that 23% of these companies were attempting to collect my personal data through unsecured third party domains.

While Google’s move on HTTPS is going to create some pain points for companies ill-prepared for the transition, I applaud the move. It’s time that major companies and corporations started taking more responsibility for safely handling our personal data.

If your company hasn’t done so already, start taking measures NOW to secure your domain before February 1. For more information on the importance of HTTPS, read my other blog article What Does it Take to Rank #1 on Google?

5. Mobile-Friendly Sites and Soft Selling

We’ve all visited those sites. You know the ones. You arrive on your mobile device and have to start zooming in and scrolling from side to side just to read the content. The links are so small, and so close together, that you inevitably click on the wrong link, and close your browser in frustration when the page is only half loaded.

Impact has written that Google indicated 61% of visitors won’t return to your site if they had trouble gaining access to it on mobile, claiming that 40% will visit the site of a competitor instead. CMS Report states that 57% of users won’t recommend your business if your mobile site is poorly designed.

And, a whopping 87% of purchasers, according to Search Engine Watch, indicate that online content has an influence over their decisions to purchase, with 43% disliking a hard sell or conspicuous advertising.

What Does It All Mean?

So what does all of this mean for 2017? Mobile, Home Assistants, HTTPS, and more mobile-friendly websites are probably going to be some of the most important aspects of SEO to pursue this year.

How user intent is defined, particularly where voice search is concerned will likely be one of the most important, ongoing discussions in 2017, making it worthy of its own developmental approaches and evolving strategies.

For an even scarier reminder of how things change so quickly online, visit Live Internet Stats and become mesmerized by their stunning visuals.

If you want to know more about any SEO strategies for 2017, contact 1st on the List today at 1-888-262-6687. Or drop us an email.

According to marketing consultant Mathew Barby in his recent article How to Rank Number One in Google: A Study of 1 Million Pages, some of the most common elements of top ranking websites in Google are:

  • Backlinks
  • Anchor text
  • Page titles
  • Target keywords
  • URLs

In this blog post we are going to discuss more of Barby’s findings of what it takes to rank on Google in 2017 and provide a brief rundown of how this might impact your SEO roadmap.

Backlink Quantity

Barby found that backlinks outperformed any other aspect of the study with the Top 2 Google results sharing 38% of all backlinks of page 1 search results. As always, organic and natural link building is clearly an area on which to focus.

Backlink Variety

Pages ranking #1 had 168% more linking domains that pages ranked #5. This indicates that the number of backlinks from multiple domains is more fundamental to search results than a large number of backlinks from one domain. A natural backlink profile with a diverse set of authoritative domains is important.

Anchor Text Focus

Anchor text driven by keywords is still a significant ranking factor. Pages holding the #1 ranking position had the keyword they were ranking for take up 5.4% of the anchor text. Focussing on your anchor text and keyword placement within it are a priority.

Shorter Titles & URLS

The optimal length for page titles was shown to be 8 words. The shorter the URL length, the higher the ranking position of the page. Barby’s study found that URLs under 60 characters also equate to higher ranking, and when combined with short page titles, could make excellent snippets that have high Click-Through-Rates which in turn can further strengthen the ranking. Optimizing in this way for snippets alone can be an extremely effective tactic.

Title/URL Keyword Placement

Surprisingly, the keyword presence in the title for 15.8% of number 1 pages has less to do with page presence itself than the consequence of click-throughs on the search snippet. As always, keyword placement within the URL was significant as well. If you are interested, read our recent article 3 Ways Featured Snippets in Search Can Boost Your Website Traffic to learn more about the implications of a featured snippet ranking.

HTTPS Ranks!

This study reports that 33% of pages ranked in the first 3 positions had implemented HTTPS. Google has confirmed the importance of HTTPS and in their continued efforts to make the web more secure will undoubtedly put more ongoing weight behind it where page ranking is concerned. For more information, check out our HTTPS Everywhere page.

Utilizing the items discussed in this article as next step advancements or maintaining them as an on-going part of your SEO strategy will likely improve your SERP presence. Don’t abandon other important aspects of SEO such as schema markup or mobile friendliness. Instead, include them as parts of a diversified, comprehensive, and ongoing web presence master plan.

If you have any questions about the development of your website SEO, call us today at 1-888-262-6687. Or, you can reach us by email at contact@1stonthelist.ca.

It has been several weeks in the making but we have just published an informative presentation on everything you need to know about HTTPS and SSL.

Since Google announced that HTTPS Everywhere is an SEO ranking signal in August many of these topics have been in the news. This informative presentation outlines the benefits of SSL, the different levels of SSL certificates, how you need to install SSL on your website and many other details. We invite you to take a few minutes to browse through the slides.

Still have questions? Contact us at 1-888-262-6687.

For a number of months now we have believed that Search Engines will slowly start to prefer HTTPS/ SSL websites and just yesterday Google officially confirmed HTTPS as a ranking signal:

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

What is HTTPS and SSL?

HTTPS stands for Hypertext Transfer Protocol Secure.

SSL stands for Secure Socket Layer.

TLS stands for Transport Layer Security protocol.

HTTPS is simply a combination of HTTP and SSL. Essentially, as Forbes explains on this topic, HTTPS encrypts the data between your browser (ex. Chrome, Safari, Firefox) and the website. This protects the privacy of anything that you do on the website. The purpose of this is to make it harder to hackers to break into the connection and steal your information.

Is Your Site HTTPS/ SSL?

You can see whether a site is HTTPS or HTTP by looking up in your browser’s search bar and checking for the small “s”.

How to Deal With the New HTTPS Google Ranking Factor

Google promises to publish their “Best Practices” much like they do with other topics such as Quality Content and Site Speed, but for now they have given some basic tips:

  1. Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  2. Use 2048-bit key certificates
  3. Use relative URLs for resources that reside on the same secure domain
  4. Use protocol relative URLs for all other domains
  5. Check out the Site move article for more guidelines on how to change your website’s address
  6. Don’t block your HTTPS site from crawling using robots.txt
  7. Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

What Does This New Google Ranking Factor Mean for You?

  • Remember that Google says this is a “lightweight” ranking factor and that there are other more important ranking factors such as quality content.
  • There are rumors that Google may increase the importance of HTTPs in order to further encourage all websites to adopt the secure comms protocol.
  • Consider switching to HTTPS, especially if you are in a competitive market where every small advantage will make a difference.
  • In light of recent stories in the news of billions of logins and passwords being stolen from compromised websites people are becoming more cautious about where they create accounts, give their credit cards and disclose other personal information. By Google making this a “ranking factor” thousands of SEO’s will prompt their clients to implement HTTPS. As Internet users become more accustomed to seeing HTTPS sites they will likely expect this of you as well.

Need a second opinion about moving your site to HTTPS? Give us a call at 1-888-262-6687 today or read more about our HTTPS Everywhere services.