Welcome to WebmasterWorld Guest from 3.85.214.0

Forum Moderators: Robert Charlton & goodroi

Message Too Old, No Replies

Switch back to http

     
10:46 am on Jan 15, 2015 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 7, 2009
posts: 61
votes: 0


Hi everybody,
I tested https for a while and I decided to switch back to http.

My site was using http, then I used a permanent redirect to https.

My question is: which is the correct way to undo a permanent redirect? Should I simply remove 301 redirect from http to https and add 301 redirect from https to http?

I'm very confused...
11:11 am on Jan 15, 2015 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2955
votes: 35


Removing the redirect from https to http is the first step. But search engines may already have crawled and indexed the https version and you may have acquired links to these URLs. Therefore a redirect back from https to http is advisable. No idea though if this will trigger security warnings in some browsers, because the browser first expects to see encrypted data and is then redirected to an unencrypted site.

Any reason to switch back to http? Was site performance worse or did you see other negative effects?
11:27 am on Jan 15, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:26379
votes: 1038


Yes, i'd like to know the reason for switching back, and how long was "a while"?
12:27 pm on Jan 15, 2015 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 7, 2009
posts: 61
votes: 0


The main reasons are:
- I don't really need https for an informational website
- I don't see any ranking nor trust improvement
- browsers block http images, http iframes, any kind of non-https resource included in my websites.
- probably server load is higher for https (not tested)
So lot of limitations and no real reason tu use https.

There are three scenarios:
1) old website converted to https in september
2) new website under development, password protected, not indexed but already discovered by googlebot (found few entries in apache access_log)
3) bought website which now is under development, disallowed by robots.txt and password protected, old pages are indexed with http, homepage indexed with https

I guess removing the redirect for scenario 2) is easy, but what about 1 and 3 ?
3:34 pm on Jan 15, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


The main reasons are:
- I don't really need https for an informational website

True.
- I don't see any ranking nor trust improvement

Not yet you don't. It's coming though.

- browsers block http images, http iframes, any kind of non-https resource included in my websites.

If you've got an ssl cert, then just serve all those things via https: - which is the way it should be done properly anyway.

In terms of server load, with today's servers the additional step of encryption is insignificant IMO.

I sugest sticking with https in today's environment. All the big boys are beating their drums over this.

Alternatively, another way to look at it is, if your site's not worth the $50/year for an ssl cert, well that certainly tells Google something. Well, again, probably not yet. But it's an other signal that's different from low end crap. So keep it, and wait for the SE's to play catch up.
3:39 pm on Jan 15, 2015 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member lammert is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 10, 2005
posts: 2955
votes: 35


If you've got an ssl cert, then just serve all those things via https: - which is the way it should be done properly anyway.

Which works as long as all your images and other site furniture is coming either from domains under your own control, or from domains which offer a https URL version. If you use external image servers, JavaScript libraries or other stuff served by domains not under your control it is difficult to iron out all those browser errors. This is even a bigger problem if you have a forum or other system with UGC where users are allowed to embed foreign content.
4:50 pm on Jan 15, 2015 (gmt 0)

New User from US 

5+ Year Member

joined:Sept 6, 2014
posts: 16
votes: 0


@teokolo, I can understand your confusion but I agree with the posts supporting the use of HTTPS - even for informational sites. I feel that the internet as a whole will be encrypted soon. I also believe site visitors will more likely trust encrypted sites over non SSL sites.

Doing something because Google said to do it is likely to only have a short term effect. But doing something to improve visitor experience and trust is a much better, more permanent solution.

I have https sites and the mixed content issue is a genuine concern. If your content is dynamic, it will be a pain until the need causes enough interest to find a solution. If you use WordPress there are some helpful plugins - I use "SSL Insecure Content Fixer". I would guess that other CMS would have something simular.

This plugin is helpful but I still have to make core code changes in plugins and templates. The fix is easy, usually as simple as removing the http: from the offending URL. But sometime it's hard to find the file where the offending url is located.

Good luck with whatever you decide. If the cost for an SSL cert is ever an issue, look for a dirt cheap price. My domain register offers a $1.98 cert with any new domain purchase or transfer. Their regular price without any other purchase is under $10.
5:05 pm on Jan 15, 2015 (gmt 0)

Junior Member

5+ Year Member

joined:Dec 7, 2009
posts: 61
votes: 0


Thanks for your replies.

External images are not a big deal since I can easily switch my own CDN to https.
My main problem is I use some external widgets (most of them are flash games or flash banners) loaded from external resources which don't use https. Without those features, some of my websites lack user experience, time on site decreases and so on.

Websites have decent amount of traffic and can afford even premium ssl certs, that's not my main concern.
10:37 pm on Jan 15, 2015 (gmt 0)

New User from US 

5+ Year Member

joined:Sept 6, 2014
posts: 16
votes: 0


@teokolo Just when you think you have it, something else pops up. As I mentioned earlier, as more sites go to HTTPS, I feel these issues will be solved. As an example, one of my templates seemed to have a few mixed content items in every new release. I fixed them and then pointed them out to the template vendor. The past few releases didn't have any content problems.

If your flash issue only occurs in IE, I may have a suggestion for you. If it happens with more than IE, I'm no help.
7:13 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3595
votes: 50


Tell me one reason I need to go to https: if I have a site that provides information or as most are today and adsense website.
8:02 pm on Jan 22, 2015 (gmt 0)

Administrator from US 

WebmasterWorld Administrator goodroi is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:June 21, 2004
posts:3509
votes: 387


You don't "need" to do anything in life. Let's remember that we are on a SEO forum and the O stands for optimization aka trying your best to be the prettiest girl at the dance. Google has said there is a tiny, little ranking boost and it might grow over time. I wouldn't change based on that because Google does have a reputation of making a lot of noise before making any real ranking changes. I am planning on migrating my information sites to https this year for reasons other than Google rankings.

If I was a journalist looking to interview an industry authority I would probably prefer a site hosted on https vs a http site. If I am visiting an information site, I would be more inclined to buy an ebook if it was hosted on https. Even if I wasn't buying anything but was asked to submit my email or other information, I would probably be more willing to give that information to an https site. Not to mention man-in-the middle attacks or my competition trying other sneaky stuff.

I wouldn't say it is critical to migrate every info site right now. Ask yourself what are you gaining by not migrating? I expect that the reasons for not migrating will shrink over the next year or two, while the reasons for migrating to https will keep growing.
8:18 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3595
votes: 50


I understand the reasons to migrate to https but not the whole site. Having a submit form is easy to put under an ssl and not the whole site. Putting information under an ssl is just not good logic.

Ecommerce sites SSL the cart, info sites SSL the input forms. Upload sites yes the whole site, but looking at most of the websites very few pages really need to be under an SSL.

This issue is just getting way over blown and with Google saying a tiny bit of boost MIGHT happen who knows how many jumped on the wagon.

Now you have those as in this post that see opps might have made a mistake.

Think before you follow the wolf down the path.
8:55 pm on Jan 22, 2015 (gmt 0)

New User from US 

5+ Year Member

joined:Sept 6, 2014
posts: 16
votes: 0


@bwnbwn I started out only using Https for the pages such as those you mentioned. My site is a membership site with the usual Https pages to be expected from an ecommerce site plus the members only pages. It quickly became a chore to keep up with which pages were encoded and which weren't.

I decided to force the whole site to Https. My decision had everything to do with me being lazy and nothing to do with Google. I gave up chasing Google's idea of the perfect site a long time ago.

I try to always design for a good visitor experience. I agree with goodroi that visitors may feel just a bit more comfortable when the page is encoded.
9:08 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3595
votes: 50


wslade your not the 1st post of those that switched back, you didn't mention all the info in the 1st post so I really didn't know. I can understand your problem and in your case I wouldn't switch back.

Some sites are better ssl 90% of the web really no need. Adds 0 security, do you really think a hacker is going to spend his resources intercepting data on a info site, please.
9:12 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3595
votes: 50


wslade on the feeling better it is SSL I am willing to wager a bet.

Find a couple of websites both pretty much the same nitch, find one ssl and find one not. Have the user go to both and ask them after what was the difference, 99% won't know the difference.
9:14 pm on Jan 22, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 30, 2005
posts:13012
votes: 222


I'm not jumping to SSL until Google requires advertisers to do it (if ever).

But if I *had* jumped to SSL, I sure wouldn't jump back.
10:33 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Oct 25, 2005
posts:3595
votes: 50


netmeg I am not jumping either but if I had I wouldn't switch back either your just asking for more trouble.
11:53 pm on Jan 22, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


I've used SSL on all my sites for years although until recently, in a mixed fashion. Everything I build has a login form, registration forms and certainly a contact form (all of which ask for personally identifiable information) so it's always been a no-brainer for me. With Google's announcement and the evolution of server resources available today, having it on every page is no problem and I see that G picks up the changes rather quickly. Having it on all pages also means that I don't have to deal with the logic of switching it back and forth on various pages.

I agree with others that there may be no need to jump on the bandwagon for pure content sites but if you have a login form, or any form that asks the user to identify themselves or submit sensitive info and you're not using SSL, you need to get a clue. Why, because if you're asking for that type of information and not securing the exchange of information, you are screaming that you don't care about your visitors privacy or security.

As for securing all your content, given the way information is passed about from pageview to pageview these days (in the process of maintaining the illusion of state in a stateless environment), I'm quite happy to provide SSL on my sites and pretty much have the feeling that we're all going to wind up there eventually. Switching back to http because you're not seeing some great uptick in traffic right now doesn't make much sense. Not when you put it in the perspective of where things are headed. I wonder how many people run WordPress sites and don't have their own administrative login page secured. I see it all the time and can only shake my head.
12:06 am on Jan 23, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Aug 1, 2013
posts:1338
votes: 22


As for the original question, good luck getting an answer that for sure won't tick off Google. In the past, I've set up permanent redirects to https pages and then switched back with no apparent impact. Back in the day each page on my site checked for the type of connection and then redirected if necessary. A simple matter of redirecting to https to turn security on or to http to turn it off. That was when I thought using https would be a drain on my site. As many have said, it's a non-issue for the most part now so I'm done with all that malarkey.
1:20 am on Jan 23, 2015 (gmt 0)

Senior Member from HK 

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 14, 2002
posts:2301
votes: 20


If you're going to SSL - try to enable your server for SPDY. Thats where you'll start seeing the benefits of fast loading pages - which has a positive side effect for your users.
7:31 am on Jan 23, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 14, 2003
posts: 4320
votes: 42


Sounds like you did this without knowing what you were doing don't try to fix it by doing something you don't know anything about. You should serve everything https. Nobody has ever said making that change would improve your trust or ranking in any significant way. Also there is no single SEO change you could make that would make a measurable difference to your rankings. Single SEO factors each have tiny boosts and don't do anything by themselves. It all adds up.
5:33 pm on Jan 23, 2015 (gmt 0)

Preferred Member

10+ Year Member Top Contributors Of The Month

joined:July 23, 2004
posts:596
votes: 103


I think that serving your pages via https makes sense inasmuch as having a license to do business makes sense.

Business is a process, and it might be wise to exploit every tool that's out there in order to achieve the maximum benefit.

5 or 6 years ago Google went on this rant about good and bad internet neighborhoods -- They implied, and quite heavily, that if you were hosted in areas they thought were seedy, your chances of listing highly might be diminished ..

SSL plays square into that argument .. Going dedicated or shared is the difference between living in a 150 unit one bedroom flat, or a 4 bedroom house with a pool.

Google knows who the renters and the owners are, and IMHO, responds to them accordingly.

Aside from obtaining a business license and/or permit to do business in your area, there are many other things SSL included, that you can do to boost your credibility, in order to receive your required validation, both in the SERP's and with the public at large.

You don't do this because Google said so -- You do this simply because it makes good business sense - It's always made sense.

SSL rates right up there with your TOS, Contact, Returns/Refunds, Warranties -- all of which promotes trust and validity ...

I'm not going to sit here and try to second guess Google, but I'm of the opinion that if you take your business seriously enough, and cover whatever bases you can, Google will take you seriously enough to respond in kind ..
5:34 pm on Jan 23, 2015 (gmt 0)

New User

joined:Jan 18, 2015
posts: 25
votes: 4


teokolo, I am thinking along the same lines as you, giong back to http. I have a dedicated IP for https and shared for my http sites. Thus, I can save money by consolidating all sites under single acont and not having separate account for https stie. It is not a lot of money saved but it is more than I am making on the site (zero).

There is a secondary reason. At one time, based on my plans, I was envisioning have two related services and structurally having two sites made sense. I now see the two services being much more integrated and am thinking I want to merge the https content site into one of my existing http sites anyway.

I will probably just 301 redirect from https to page on http site for several weeks/a month and then take the https site down permanently. I am hoping the period of transition insulates me from a duplicate content penalty as the old site disappears.
7:43 pm on Jan 23, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2004
posts:1995
votes: 75


@mcneely, I think what you said is one of the most professionally replied posts I have read on WebmasterWorld. Hands Down, really, no I really mean it.

But then not everybody is in the .... that is BS.

To the OP: it's couple of bucks extra, it is already done, keep it that way.

My 2 pesos.
8:35 pm on Jan 24, 2015 (gmt 0)

System Operator from US 

incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14664
votes: 99


I tested https for a while and I decided to switch back to http.


Knee-jerk reaction, stick with https.

You shouldn't expect to see an increase in the SERPs, but Google has plainly said they were moving to get all sites to be secure. Adding HTTPS was never about ranking better, it was about avoiding ranking worse after a grace period for sites to get HTTPS. When everyone has had plenty of time to get an SSL cert, Google will change the ranking and HTTP only sites will drop, with some exceptions. Google's announcement was the beginning of that grace period.

I'm expecting in the near future that HTTP sites will be demoted and HTTPS sites will stand their ground.

This is similar to adding RWD to your site so your site continues to rank on mobile search vs. being demoted. People wrongly think RWD or HTTPS will boost rankings when in reality it's vaccinating your site against inevitable demotion if you don't do these things.

Why is Google pushing SSL?

HTTPS is a pretty good trust factor plus it's one of the ultimate anti-spam tools as web spammers won't be able to get or maintain SSL for all their sites, if they can get it to start with.

In the future HTTP may be the same as web spam, you may get a yellow warning page "UNTRUSTED SITE" when clicking on HTTP links just like the red warning pages for malware today. I could see that happening in as little as 24 months as the web transitions to HTTPS.

People running serious sites will get secure certificates and pay the fees to make sure their visitors/customers know that they are a legitimate secure site.

Compare that with web spammers or link schemes where the very business model requires being on cheap and anonymous hosting. HTTPS is the exact opposite.

Those that don't go through the secure cert verification process will be assumed they're possibly trying to hide something so they'll be hidden in the SERPs.

IMO many websites will drop like rocks whether it be they're really spam sites or just lack the funds to support an SSL cert. Those that rank will have just a little more cash to spend than those that don't. I expect there will be some wildcard SSL hosting sites out there for those that can't afford SSL which the spammers may also use and defeat the whole process. Google might demote wildcard SSL because of that in the future which will harm some legit sites using it for their subdomains.

The bottom line is spammers won't rank without SSL and SSL forces them out into the public to be tracked. The expense and time involved to keep swapping SSL certs will drive the spammers, and some collateral damage, out of business.

It's just another move in the big online game of cat and mouse being played out between Google and the gamers.

Just remember, when Google tells you to do certain things like HTTPS or RWD it's not to rank better but to avoid ranking worse after a grace period.
2:47 pm on Jan 25, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Mar 7, 2003
posts: 1085
votes: 10


^worth the price of admission.

...and getting weigh in from all the various recognized voices through the years...

Priceless.
4:07 pm on Jan 25, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member wheel is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 11, 2003
posts: 5072
votes: 12


Great post Incredibill, encapsulates many reasons to get SSL on your main site.

For me, a big part of this is as simple as spam sites won't spend $500 on an EV SSL cert, and big brands will. So it's one more signal that says 'not a spammer'.
8:10 pm on Jan 25, 2015 (gmt 0)

System Operator from US 

incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14664
votes: 99


For me, a big part of this is as simple as spam sites won't spend $500 on an EV SSL cert, and big brands will. So it's one more signal that says 'not a spammer'


Spammers have to change domains constantly, and use a large volume of domains, so HTTPS is a non-starter for them. I've suggested the same method to stop email spam years ago for the same reasons.