HTTPS (Hypertext Transfer Protocol Secure) works by transmitting normal http interactions through an encrypted system so that the information cannot be accessed by any party other than the intended users. This technology is nothing new, as HTTPS has been around for over 20 years. However, in days past, web-server capacity and network performance were limiting factors for websites trying to adopt HTTPS protocol. Now, with the latest advancements in technology, the cost of adopting HTTPs is significantly lower, making more webmasters able to implement using it than ever before.
Google; an organization that continuously strives for secure public internet, launched their “HTTPS Everywhere” campaign last year and moved all their products (such as Search, Gmail, YouTube, and Drive) under strong HTTPS encryption. Beyond their own products, they were also working to encourage website owners everywhere to switch from HTTP to HTTPS by adding HTTPS as a ranking signal for Google.
HTTPS is not only for e-commerce!
HTTPS is important beyond just e-commerce sites– it’s equally as important for news or content websites, such as sites where people go to read articles. Visitors that do not log-in or make any online transactions on the website are safe in that respect…but how safe is the content? The content on HTTP websites can be easily altered by third parties using man-in-the-middle (MITM) vectors. Newstweek is one device that comes to mind that can manipulate news on HTTP websites that are being read by other people on wireless hotspots. This is why HTTPS is important, no matter the kind of website you have. HTTPS keeps everyone safe on the web by restricting malicious attacks on sites of any kind.
The beginnings of HTTPS-adoption and its problems
Implementing HTTPS may seem intimidating for people who just want to publish articles on the web and live on their AdSense revenue. The task can become even more complex if you end up uncovering a significant amount of technical debts, such as hard-coded third party URLs, in the process. Complicated issues may require people who live in the command line to fix the issues. Despite these possible limitations, the majority of content publishers were replacing HTTP with HTTPS for their websites, especially after Google announced HTTPS as an ad ranking signal.
However, HTTPS adopters were shocked to find out after the fact that Google AdSense earnings drops with HTTPS migration. In their desire of quick brownie points with Google rankings, most of the publishers who adopted HTTPS overlooked the fine prints in Google documentation:
HTTPS-enabled sites require that all content on the page, including the ads, be SSL-compliant. As such, AdSense will remove all non-SSL compliant ads from competing in the auction on these pages. If you do decide to convert your HTTP site to HTTPS, please be aware that because we remove non-SSL compliant ads from the auction, thereby reducing auction pressure, ads on your HTTPS pages might earn less than those on your HTTP pages.
Not all Google ad formats were available for HTTPS. Lo and behold, there was another issue. Some of the ill-fated publishers who tried to run HTTP ads on an HTTPS site ended up with visitors on older browsers getting a mixed content warning, while those on modern browsers were not seeing any ads at all.
Google’s initiative for HTTP ads
On March 2015, the Interactive Advertising Bureau (IAB) published a call to action to adopt HTTPS ads. Soon after on April 17, 2015 Google published news of an initiative on serving HTTPS-encrypted ads. The specific initiatives are:
- By June 30, 2015, the vast majority of mobile, video, and desktop display ads served to the Google Display Network, AdMob and DoubleClick publishers will be encrypted.
- By June 30, 2015, advertisers using any of our buying platforms, including AdWords and DoubleClick, will be able to serve HTTPS-encrypted display ads to all HTTPS-enabled inventory.
We believe this move will ease the pain of previous HTTPS-migrated publishers, and will increase the HTTPS adaptation rate. Adopting encryption on public-facing servers is important in protecting the privacy and security of public data. Adopting HTTPS will also secure business communications from eavesdropping when they’re routed over the public internet.