Moving To HTTPS Can Backfire: Google’s Own Products Aren’t Secure Web Friendly Yet
Earlier this month, Google announced that HTTPS sites — those with SSL certificates aimed at protecting users against data interception — would receive a slight ranking signal boost over non-encrypted HTTP sites. One problem with this encouragement to get site owners to make the switch is that there are web components that aren’t HTTPS friendly […]
Earlier this month, Google announced that HTTPS sites — those with SSL certificates aimed at protecting users against data interception — would receive a slight ranking signal boost over non-encrypted HTTP sites.
One problem with this encouragement to get site owners to make the switch is that there are web components that aren’t HTTPS friendly yet, including Google’s own Trusted Stores and AdSense products.
The Wall Street Journal reported earlier this week on troubles with encryption protocols running afoul of Google’s Trusted Stores program requirements. Google’s e-commerce certification program requires that the Trusted Stores badge be displayed on every page of a site, yet by design Google does not show the badge on secure pages, which have typically been shopping cart pages.
The problem arises when a site goes from having just cart pages secured to converting an entire site to HTTPS. Trusted Stores is “not compatible” with common encryption, meaning the badge can’t display on home pages or product pages that are typically unsecured. So, Google doesn’t accept HTTPS sites into the Verified Stores program.
A Google spokesman told WSJ “as a priority, we’re working on a solution to display the badge for stores who are moving their entire sites” to HTTPS.
In a cautionary tale for ad-driven site owners, AdSense publisher Pete Claar found out the hard way that sacrificing ad compatibility for a bit of a rankings advantage won’t necessarily pay off. Claar says he was excited about the rumored SEO benefits of moving to HTTPS, “When Matt Cutts started hinting at HTTPS boosts a few months ago I immediately converted” the site. After converting Schooldigger.com in mid-March, Claar says he quickly came to regret his decision and moved his site back to HTTP roughly three weeks later.
As an HTTPS site, ad revenues fell 43 percent and CPCs were off 39 percent from the previous period. The biggest telltale that things weren’t going well was page revenue per thousand impressions (RPM) fell 37 percent. After reverting to HTTP, RPM bounced back to previous levels.
Barry Schwartz tested the HTTPS switch on his sites and found similar RPM drops. In the first week after migrating Search Engine Roundtable, the average RPM dropped to $0.47 from $1.27.
Google added HTTPS support for its AdSense advertising program last September. However on the support page, the company still states, “We don’t recommend that publishers with HTTP sites convert their sites to HTTPS unless they have a strong reason to do so.”
Google also acknowledges that “if you convert your HTTP site to HTTPS, ads on your HTTPS pages might earn less than those on your HTTP pages” because the HTTPS ads don’t compete in auctions with HTTP ads. There are still a large percentage of HTTP ads in the system, and ad rates decline without them competing in the auction.
Many other ad networks don’t support HTTPS at all, which makes the thought of converting that much tougher for a good number of publishers.
“Now with the rankings boost being made official, a lot of publishers are probably going through the process I went through,” says Claar. “But until ad networks better support HTTPS ad serving, I’m afraid the rankings boost is not going to be worth the loss in revenue.”
Even as Google announced HTTPS has an impact on “fewer than 1% of global queries”, it added that it “may decide to strengthen” the signal to “encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
There is a communications problem when Google’s own ecosystem lags behind its SEO recommendations and its program that’s designed specifically to certify trustworthy e-tailers doesn’t support HTTPS. This isn’t the first time Google has made a move to push site owners and advertisers to adopt what it sees as the web’s future — AdWords Enhanced Campaigns switch was in large part a push to get advertisers and publishers to design multi-screen compatible sites and landing pages — but, in this case the failure of Google’s own products to be on the leading edge of HTTPS will impede the adoption it’s encouraging.