Website Security

Get our latest news about Website Security and our other online marketing services. Call us at 1-888-262-6687 to inquire about your marketing needs.


When was the last time you thought about your website’s security?

If not recently, maybe now is the time. Both Chrome and Firefox are getting close to releasing the newest versions of their browsers that will noticeably mark your website as Not Secure to visitors.

In this article, we will explain Online Certificate Status Protocol (OCSP), how it works, and the importance of making the OCSP process as fast as possible on your secure HTTPS website.

What is Online Certificate Status Protocol (OSCP)?

The OSCP definition is pretty straight forward. It is a protocol for checking the status of an online certificate. In other words, OCSP is a set of steps taken to check the status of your SSL Certificate before your website is shown to the visitor. During this multi-step process the browser and your server will check/prove the identity of your website and then encrypt all information shared between the browser and the server so that hackers and phishers can’t intercept the data transfer.

How Does OSCP Work?

The Internet browser of your website visitor (like Chrome or Firefox) initiates what is called a handshake with your secured website, asking it to identify itself. Your secured website sends a copy of its SSL certificate, including the server’s public key.

The visitor’s browser checks the certificate root against a list of trusted CAs. It checks to make sure the certificate hasn’t expired, hasn’t been revoked, and that its common name is valid for the website to which the browser is connecting.

If the SSL Certificate is trusted by the browser, the browser produces and returns a symmetric session key using the public key it got from the server. The server decrypts the session key with the public key of its own on the server. The server then sends back the acknowledgement which has been encrypted by the session key.

The secure encrypted session begins.

how ocsp works

Can OCSP Affect My Website Speed?

With so many steps back and forth you may be wondering how long this takes, especially as we stress the importance of site speed for SEO. The process should only take milliseconds because during this time your site visitor has to wait. The faster the OCSP process is completed, the more quickly your site visitor will gain access to your site. Google likes websites that can be accessed quickly.

That is why we recommend choosing a trusted Certificate Authority and purchasing a high-quality SSL Certificate.

How Do OCSP Response Times Compare Between Certificate Authorities?

There are a lot of Certificate Authorities (CAs) that sell SSL Certificates at various price points, but don’t let price be your only consideration.

You need to know that the Online Certificate Status Protocol (OCSP) speed with the company you choose can affect your website speed, and overall site traffic and rank with Google.

In our experience, DigiCert has one of the quickest OCSP response times in the industry, 4 to 8 times faster than most Certificate Authorities. This provides your site visitors with quick responses to OCSP requests through their browser.

OCSP Response Times January 2016

Interested in learning more about SSL and putting OSCP into action on your website in order to provide your visitors with the most secure browsing experience possible?

Contact 1st on the List!

The Chrome 56 Update

Google has taken a very strong stance on website security over the last couple years and very soon its latest update will hit the web.

Set to release sometime late January 2017, the new Google Chrome 56 browser will label any HTTP website that collects passwords and credit card numbers as Not secure.

Have you complied with Google’s suggestion to make sure that your website is secure, whether or not your website collect sensitive information?

As time goes on, we are warned that Google will be even more strict and start labeling all insecure websites as Not Secure, even if they do not collect sensitive information.

Google will also begin giving even more favourable rankings to websites with SSL Certifications in place and HTTPS Everywhere active on all pages (and other areas) of a website. This is Google’s prerogative, and they are choosing to do so in an effort to make the Internet more secure for everyone.

How Do I Get Rid of the Not Secure Warning?

If you are a website owner, and your site is already deemed, or might be deemed, Not Secure by Google, you need to purchase an SSL Certificate through a Certificate Authority (CA) and have it installed on your website. This will turn your website URLs to HTTPS, meaning that your site pages are secure.

Google suggests, in their article titled Secure Your Site With HTTPS that you “ensure a high level of security by choosing a 2048-bit key.”

At 1st on the List, we have chosen to work with DigiCert because they satisfy the encryption standards that Google expects you to have for HTTPS Everywhere. We can help you install the 2048-bit key and implement the required site changes.

How Do I Start Implementing HTTPS?

The best way to begin implementing HTTPS is to give 1st on the List a call and chat with one of our SSL experts. They’ll need to know how many sites you have, how many subdomains each site might have, and some other details about your organization.

HTTPS Everywhere not only appeases Google, it will make your visitors happy because you invested the time and effort to prioritize their privacy and security needs. It can also help protect your organization from the liability of security breaches.

Call 1st on the List today about your SSL Certificate and discuss how HTTPS should be your next step toward creating a safer Internet for everyone.

At 1st on the List, we’ve been talking about the importance of HTTPS and SSL for a couple years. Here are some other articles we have written on this topic:

It has been several weeks in the making but we have just published an informative presentation on everything you need to know about HTTPS and SSL.

Since Google announced that HTTPS Everywhere is an SEO ranking signal in August many of these topics have been in the news. This informative presentation outlines the benefits of SSL, the different levels of SSL certificates, how you need to install SSL on your website and many other details. We invite you to take a few minutes to browse through the slides.

Still have questions? Contact us at 1-888-262-6687.

For a number of months now we have believed that Search Engines will slowly start to prefer HTTPS/ SSL websites and just yesterday Google officially confirmed HTTPS as a ranking signal:

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

What is HTTPS and SSL?

HTTPS stands for Hypertext Transfer Protocol Secure.

SSL stands for Secure Socket Layer.

TLS stands for Transport Layer Security protocol.

HTTPS is simply a combination of HTTP and SSL. Essentially, as Forbes explains on this topic, HTTPS encrypts the data between your browser (ex. Chrome, Safari, Firefox) and the website. This protects the privacy of anything that you do on the website. The purpose of this is to make it harder to hackers to break into the connection and steal your information.

Is Your Site HTTPS/ SSL?

You can see whether a site is HTTPS or HTTP by looking up in your browser’s search bar and checking for the small “s”.

How to Deal With the New HTTPS Google Ranking Factor

Google promises to publish their “Best Practices” much like they do with other topics such as Quality Content and Site Speed, but for now they have given some basic tips:

  1. Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  2. Use 2048-bit key certificates
  3. Use relative URLs for resources that reside on the same secure domain
  4. Use protocol relative URLs for all other domains
  5. Check out the Site move article for more guidelines on how to change your website’s address
  6. Don’t block your HTTPS site from crawling using robots.txt
  7. Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

What Does This New Google Ranking Factor Mean for You?

  • Remember that Google says this is a “lightweight” ranking factor and that there are other more important ranking factors such as quality content.
  • There are rumors that Google may increase the importance of HTTPs in order to further encourage all websites to adopt the secure comms protocol.
  • Consider switching to HTTPS, especially if you are in a competitive market where every small advantage will make a difference.
  • In light of recent stories in the news of billions of logins and passwords being stolen from compromised websites people are becoming more cautious about where they create accounts, give their credit cards and disclose other personal information. By Google making this a “ranking factor” thousands of SEO’s will prompt their clients to implement HTTPS. As Internet users become more accustomed to seeing HTTPS sites they will likely expect this of you as well.

Need a second opinion about moving your site to HTTPS? Give us a call at 1-888-262-6687 today or read more about our HTTPS Everywhere services.