HTTPS

What is HTTPS and HTTP?

HTTPS (HyperText Transfer Protocol Secure) and HTTP (HyperText Transfer Protocol) are protocols used for communication on the Internet. HTTPS (Hypertext Transfer Protocol Secure) is an encrypted version of HTTP, which means it is the protocol that protects your customers' data when they send personal information between their computer and your website.

For example, if a customer enters and submits credit card information via a purchase form on your website, HTTPS encrypts the information as it is sent between the customer's computer and your website.

Your customers should be protected when sending sensitive information through your website, which is why you should use HTTPS if you handle sensitive information - not only for your customers' sake, but also because Google favours secure websites in their search results. You can easily see if your website is HTTPS-secure in the address bar of your internet browser:

Note that HTTPS does not protect your website itself - your website will still be vulnerable to hacking, malware, DDOS attacks and other types of attacks.

Why go from HTTP to HTTPS?

Google favours websites that use HTTPS because HTTPS encrypts the communication between the user and the website, thereby significantly improving security. In addition, the Google Chrome web browser flags all HTTP websites with a warning indicating that the website is not secure:

In other words, there are two major benefits to using HTTPS over HTTP: increased visibility on Google and an improved user experience. The latter can be reflected, for example, in users being more willing to shop on your site, as they no longer see a "Not Secure" warning against entering credit card details on your site.

How to switch to HTTPS

The actual switch from HTTP to HTTPS is usually easy and painless. At your web host, you can buy a so-called SSL Certificatewhich makes your website available via https://. There may be a short period where you lose visibility on Google, but you will regain it shortly after (provided you have made the switch to HTTPS correctly, as described below) - and in the slightly longer term the switch will have a positive impact.

Remember the following when switching to HTTPS:

• Your website must not can be accessed with both HTTP and HTTPS, because Google interprets it as two different domains. You can prevent this by setting up a 301-redirectthat redirects users from the HTTP to the HTTPS version of the website. The redirection can be set up for the whole website at once and does not need to be set up for each page.
• Internal links (i.e. links from your website to other pages on your website) must be changed from HTTP to HTTPS. We recommend that you use relative URLs in links (e.g. "/underside" instead of "https://www.eksempel.dk/underside"), and if you already do so, you will not need to change any links in connection with the switch to HTTPS.
• There are different types of SSL certificates, which define which HTTPS encryption you have. In most cases, you can settle for an ordinary Single Domain-certificate. Larger organisations that need the highest level of security (e.g. banks) can acquire a so-called Extended Validation-certificate.

Despite the many obvious benefits of switching from HTTP to HTTPS, many website owners have yet to make the move. Google has written a good English guide on how to protect your website with HTTPS. You can read the guide here: Protect your website with HTTPS. We can also highly recommend the more in-depth guide HTTP to HTTPS: An SEO's guide to securing a website by Patrick Stox, an SEO specialist at IBM.

By the way, be aware that several things can go wrong when you migrate your website to HTTPS. The typical errors are:

• Indexing problems. Make sure you don't use NoIndex and NoFollow tags, as they prevent search engines from indexing your website.
• Duplicated content. Make sure that your website cannot be accessed using both http:// and https://. Google will see it as two different websites and if the content on the two websites is identical, Google will see it as duplicate content.
• Outdated links. Remember to direct all internal and external links pointing to your website to https:// to maintain the SEO value of the links.

HTTPS, unlike the cookie law, is a voluntary security solution, and HTTPS does not cause annoying pop-ups or other annoying elements on your website.

Frequently asked questions