Website Protection

01What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user's computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users' connections to your website, regardless of the content on the site.

 

Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

 

  1. Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can "listen" to their conversations, track their activities across multiple pages, or steal their information.
  2. Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  3. Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

02Best practices when implementing HTTPS

Use robust security certificates

 

You must obtain a security certificate as a part of enabling HTTPS for your site. The certificate is issued by a certificate authority (CA), which takes steps to verify that your web address actually belongs to your organization, thus protecting your customers from man-in-the-middle attacks. When setting up your certificate, ensure a high level of security by choosing a 2048-bit key. If you already have a certificate with a weaker key (1024-bit), upgrade it to 2048 bits.

 

When choosing your site certificate, keep in mind the following:

 

  • Get your certificate from a reliable CA that offers technical support.
  • Decide the kind of certificate you need:
    • Single certificate for single secure origin (e.g. www.example.com).
    • Multi-domain certificate for multiple well-known secure origins (e.g. www.example.com, cdn.example.com, example.co.uk).
    • Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).

03Migrating from HTTP to HTTPS

If you migrate your site from HTTP to HTTPS, Google treats this simply as a site move with URL changes. This can temporarily affect some of your traffic numbers. See the site move overview page to learn more. A

 

dd the new HTTPS property to Search Console: Search Console treats HTTP and HTTPS separately: data is not shared between properties in Search Console.

 

See the troubleshooting page for sitemap moves to troubleshooting problems with your migration.

Download Introduction Guide.

SSL stands for “Secure Socket Layer.” It is a technology that establishes a secure session link between the visitor’s web browser and your website so that all communications transmitted through this link are encrypted and are, therefore, secure. SSL is also used for transmitting secure email, secure files, and other forms of information. 

  • (pdf, 251.91 KB)