HTTP the conversion killer: Avoid this critical mistake on your website!

June 13, 2019

HTTP kills your conversion! Soon-to-be and existing website owners’ life doesn’t get easier with time. HTTPS is here to save you! When launching a new website, you must think about whether you should get a digital certificate or not. The digital certificate is often referred to as SSL certificate and TLS certificate. Let me convince you why HTTPS is so important!

Difference between HTTP and HTTPS as a visitor through an example

HTTPS is the secure version of HTTP. The new acronym ends with S, which means secure. Nowadays, it’s incredibly easy to spot whether you are browsing a website through HTTP or HTTPS. Google released Version 68 of Google Chrome in July 2018. This version includes a very noticeable change in the address bar:

google chrome showing not secure address bar

Above, you can see an image of the address bar when you are browsing a website through HTTP. Imagine a visitor seeing this in their address bar when browsing your website. It isn’t a convincing sight. There is even worse news than this. In October 2018, Google released Version 70. Introducing this conversion killer. When you are filling out a form on an unsecure website, this is what happens:

filling out a form in google chrome on a not secure website

This is horrifying! Your visitors are definitely going to leave your website after noticing this! Now let’s take a look at how this looks like when we are browsing a website through HTTPS:

google chrome showing secure address bar

This is what we are looking for! No sign of that frightening “Not secure” text anywhere. We also have a neat lock next to our domain name. This is just a simple visual difference between HTTP and HTTPS. Move on and take a cursory glance at the technical details with a simple example.

The brief technical difference between HTTP and HTTPS through an example

Let’s pretend that You and I are meeting up in a café. You order a delicious coffee and I order a tea - because I don’t like coffee. We ask the Lady who served our beverages for a WiFi password. We successfully connect to the WiFi network. I’m showing you a few examples of landing pages including email subscription forms on them.

a website mockup with a heading, input for email and a submit button

Few of these websites are served through HTTP, some are HTTPS. A hacker guy in the café is also on the WiFi network and he is monitoring the network traffic. He is seeing what websites we are browsing and what data we send through the subscription forms. After submitting the form through HTTP, this is what the hacker is seeing:

raw values from the network protocol, showing what a hacker might see in the network, email is clearly visible

Look at that, the hacker can easily identify my email address from that data. Now you may think: “Why is this a problem?” Stealing an email address is the tip of the iceberg. Let’s move on from simple landing pages and take a look at some membership websites, especially their login page.

a website mockup with a heading, input for email, input for password and a submit button

This membership site is served through HTTP. Let’s log in and see what the hacker will see in his traffic monitoring software.

raw values from the network protocol, showing what a hacker might see in the network, login details are clearly visible

Hopefully, when you were looking at the image you either had an “aha!” or an “oh no!” moment. The hacker can identify the login details from that data easily. What if you use this email address and password somewhere else too? It is very common nowadays. Same email address and password combination everywhere. Using a slightly different password is common as well, e.g. using different numbers at the end of the password. The hacker is going to move on and try it on several sites. Probably his first stop will be Gmail. He might have a tool that can do this for dozens of websites in just a click. Now that we know how dangerous it is to surf on websites through HTTP, let’s see this example through HTTPS.

Moving back to the subscription form example, this is what the hacker is seeing when we submit the email address.

raw values from the network protocol, showing what a hacker might see in the network, email address is now encrypted

That is garbage. No one will ever find out the email address from that. The browser encrypts the data then sends it, when the server receives the data, it then decrypts it. My email address is safe! Now try to log in to the membership website. After submitting the email address and password, this is what the hacker is seeing.

raw values from the network protocol, showing what a hacker might see in the network, login details are now encrypted

Garbage, again. We are safe, the world is safe, everyone is safe! So uplifting, isn’t it? Now you should have a brief understanding of the difference between HTTP and HTTPS in practice. Knowing how risky it is to give away your sensitive data through HTTP, you will definitely want your website to be browsed through HTTPS safely.

There are other considerations to take into account. Let’s talk about search engine optimisation, also known as SEO.

HTTPS and SEO

These two acronyms are looking good together, aren’t they? In 2014 (yes, 2014!) Google introduced HTTPS as a ranking signal. What does this mean? In other words, Google will rank higher your website when it is served through HTTPS. It won’t rank your website 1st as soon as you start using HTTPS, but it definitely helps a bit in ranking. But how about your visitors? Do you think they are going to like the “not secure” warning in their browser’s address bar? Absolutely not. Using HTTPS for your website will help to rank better on Google, encourage your visitors to click and retain visitors.

This should already convince you to start your new website using HTTPS!

Speed, is HTTPS slower than HTTP?

There is no one answer to this question. Web servers are evolving, everything in the IT world is evolving at a tremendous rate. It is possible to set up a website that is faster through HTTPS, but the opposite is possible as well. Speed depends on a lot of factors, but modern solutions actually make your website load faster through HTTPS. By all means, you shouldn’t take performance as a priority over privacy. Nowadays every website transfers some kind of sensitive data.

SSL Certificates are expensive, aren’t they?

You don’t need to spend a dime for a certificate. Most of the web hosting companies have integrated Let’s Encrypt into their services. You can create a new digital certificate for your website with one click for free. CloudFlare also provides you with an easy solution to enable HTTPS on your website. There are different types of digital certificates that might cost a lot, but first, keep it simple and get it running.

Do it now or regret it later

Switching to HTTPS from HTTP on an existing website can be devastating to your website’s ranking. It can be done in a way that minimizes your change in ranking, but it can’t be avoided. It takes a while until the changes take effect in Google’s index, which results in a drop of ranking… a lower rank is less traffic… less traffic is less conversion… You get it. You don’t want to make this mistake, do you?

Recap

Start your new website using HTTPS, or you are going to regret it later!

SEO: Boosts your website’s ranking on Google, its algorithm takes HTTPS into account.

Load speed: Modern solutions make your website load faster through HTTPS.

Security: Emails, passwords, cookies, anything that is transmitted is secure. Your visitors can safely browse your website in a public place.

Trust: Increase your visitor’s trust. Seeing a lock rather than a “not secure” indicator in their address bar is definitely a better sight.

Higher conversion rate: Your visitors are more likely to subscribe, purchase or sign up on your website if it is secure.


Now you might have an existing website and you are thinking about how to switch from HTTP to HTTPS. Unfortunately, that’s a blog post for another time. If you have any questions, thoughts or if you think I missed something, feel free to reach out to me on Facebook or Twitter.


David Szabo
Web Wizard

Hey, David here. Hope you enjoyed reading this article. I don't have many posts here yet, but keep tuned! Thanks for reading, have a nice day!

Follow me on Facebook and Twitter!

You might love these posts too

Google Analytics Best Practices That'll Save You From Mess

Google Analytics is a really powerful tool. But such power comes with many-many configurable options and features. It’s easy to mess up your data and you won’t notice it until you want to take a look at the reports. But that’s too late… Prevent the mess with these best practices. Don’t worry, they are simple and easy!
David Szabo
Jun 27, 2019