HTTPS is not a matter of taste, or just an SEO bonus anymore, it’s one of the key user security factors, that Google pays huge attention to. So, today HTTPS it’s a “must have” for all online businesses.
The conclusion of Firefox’s telemetry on January 29, 2017 was that the half of internet traffic is secure, but there are still a lot of mistakes that can be critical for a website’s success. To confirm this statement, SEMrush conducted research on the frequency of HTTPS implementation mistakes and found the 10 most common ones.
Above you’ll find data on 100,000 anonymous websites that use the secure protocol and proof that fixing website mistakes can correlate with better rankings in Google. The first and the most important conclusion is that only 45% of the website’s we analyzed support HTTPS. All data on the frequency of HTTS-related errors was collected during the analysis of those secure domains.
Non-secure pages with password input fields
SEMrush analyzed a total of 100,000 websites (including some that did not use HTTPS) for compliance with Google’s requirement that any page that collects passwords should be encrypted, and discovered that 9% of the analyzed websites still had insecure pages with password input fields.
A problem with mixed content was detected on 50% of the analyzed websites, which means that browsers will warn users about loading insecure content, and this may negatively affect user experience and reduce user confidence.
One error that can occur when moving a website to HTTPS is that internal links on an HTTPS site can lead to HTTP pages. In a recent SEMrush study, 50% of websites face this pitfall.
Also, 8% of the 100,000 websites we analyzed (excluding the ones supporting HSTS for which this problem is not detrimental) had an HTTP home page that did not correspond to its HTTPS version. This can cause such problems as pages competing with each other, traffic loss and poor placement in search results. Plus, 5.5% of the HTTPS websites had HTTP URLs in their sitemap.xml.
Security certificate mistakes
An SSL certificate (Secure Socket Layer certificate) is used to establish a secure connection between a server and a browser and to protect data on the website from being stolen.
During a recent research, SEMrush found out that 2% of the analyzed websites had expired SSL certificates and 6% had an SSL certificate registered to an incorrect domain name.
During the analysis it was important to fix websites that had no HTTP Strict Transport Security (HSTS) server support. The conclusion of the study is that 86% of the analyzed websites don’t support HSTS. This technology is quite new and browsers only began supporting this protocol not so long ago.
In addition to the server issues mentioned above, we discovered in our study that 3.6% of the analyzed websites appeared to have an old security protocol version, and SNI-related errors were discovered on just 0.56% of the websites.