Thumbnail for video explaining how to check for https secure protocol implementation

Secure Protocol 101: How to Check the HTTPS Implementation of Your Website (video)

Another SEO Audit How-To Video

Google wants your website to be secure! That’s why they are favoring websites that use “https” instead of “http”

Image of a website running https

Above is an image of how a website will show in a browser if it is running https

 

Image of a website showing a not secure warning

Above is an image of a site that has not implemented https, or has done it incorrectly

This is another video in our series of SEO Audit Essentials how-to’s. In this video I discuss one of the items we always check when we’re doing an audit on a website, namely whether it’s running on secure protocol (in other words, using “https” instead of “http”), and then, if it is, whether that https protocol has been implemented correctly (often it has not).

Since Google is valuing https in their ranking we always want to make sure that Google doesn’t think the https implementation on a website is broken. It might negatively impact the trustworthiness of the site.

(This video is designed to complement our SEO Audit Essentials free checklist. To get a copy of that checklist for your SEO work, click here)

An audio transcript appears below the video.

Audio Transcript

Hi, everybody. This is Ross Barefoot with Horizon Web Marketing. I’m here with another tip for how to use our SEO audit checklist. As you may already know, and may already have a copy, we offer as a free download a checklist similar to the one we use in house for performing an SEO audit on your website. So, we’re just going to drill down into one small aspect of that, and show you how you can do a check on your site. And in this case, it’s for the security protocol that your site is operating under.

Let’s take a look at the checklist. You can see it here. It’s set up in a spreadsheet format.

image of seo audit essentials checklist

If we scroll down a little bit, you’ll see it there’s a setting that says security issues. And the first question is, is the site using HTTPS? Of course, as you probably know, Google is pushing everyone to use a secure protocol and here I’ve got a project site to take a look at. You’ll see up at the top left that the site is using HTTPS, as opposed to just HTTP. Whenever you visit a website, typically, if it’s running this secure protocol, if you’re using Chrome browser, it’s going to show secure, other browsers will show something similar.

Your first step is, if you’re going to check out your site is try typing in the address, just like I’ve done it here without any protocol [ed: without http or https] and hit Enter, and then see what it defaults to. In this case, it defaults to HTTPS. So, so far, so good. I’d click around to a few pages on a few links, see if it’s running HTTPS. Okay, so at this real basic level, it looks to be running HTTPS. But I’m going to check one other thing, and that is what about if somebody has a link out there with just the standard old-fashioned HTTP? So, I’m going to put that in for this site and I’m going to hit enter. Now notice that it redirects again to HTTPS.

So, some sites do not force it to check. Part of what you’re going to do is you’re going to check by taking out that S, and running it through and seeing if it redirects back to the secure protocol. But typically, you’re not done there.

Using the Insecure Content Report in Screaming Frog

Now tool that we use quite a bit, and I’ve talked about on some of my other videos is Screaming Frog [ed: for a link to any tools mentioned in this video, see the description of the video on YouTube]. It’s free for up to about 500 URLs. It’s a free download. Otherwise, if you have to buy it, it’s a good tool to have. I’ll do other videos on what we use it for, a whole bunch of different stuff. I’ve done a crawl here on a somewhat abandoned site called rockymountainsearchacademy.com. Once I do a crawl using Screaming Frog, they have a report that is called insecure content. When you click on that, it’ll prompt you to download a spreadsheet.

image of the dashboard of Screaming Frog

What the spreadsheet looks like is right here. You’ll notice that it will show me every page that has a link on it that points to an insecure destination. In this case, on my page, How To SEO Courses, you’ll see here under the column destination, notice how the protocol over here is HTTP. That’s not really the best case. Now in our situation, we do have what are called redirects in place. So, if someone clicks on that link, they are forced to a secure version of this page. But that puts an unnecessary step in the process. So, this would be an area that I would need to give some attention to, to change these links here to HTTPS.

Using JitBit to Double Check for Page Resources Called Insecurely

Now there’s one other free tool that I’m going to show you how to use. We’ll go back here, and we’ll check this tab. This is a cool little site called JitBit. You can go there and do an SSL check. Now, this will only go up to about 200 pages. But it gives you a good idea whether you might have a problem or not. Notice you have to tweet to gain access? That’s a small price to pay. So, I go ahead and tweet, and I’m going to show you what the result is when I did a check on Rocky Mountain search engine Academy. And you can see in the screen capture here, that it finds just one insecure item. Now, this is because it’s looking for actually where the website is calling some sort of a resource that is using something to build the page that is insecure. Now, this is something that Screaming Frog did not pick up on. And so, in essence, you really have to do a variety of different checks.

At this point, if you find that you do have a problem, and you’re not really technical, here’s where you call in your developer or an outside developer if you feel that your developer, or the person you’re working with, can’t handle this. And you say, “Well, here’s what I find:” In the case of Rocky Mountain search Academy, I have a bunch of insecure links that need to be swapped out. That can be done with a one-step database replacement operation. I would also show them the JitBit document, because it shows where an external script is being called insecurely. Both of those are red flags to Google. And so, they would need to be dealt with. Once you deal with them, you can mark this off your list.

Again, my name is Ross Barefoot with Horizon Web Marketing and Horizon Web Marketing Academy. I hope this has been useful to you. Please subscribe for more tips like this, and also click on the bell icon next to the subscribe button. That way, you’ll actually get a notification when we have new videos come out that will help you work through these tough SEO questions. Bye for now.

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *