Full HTTPS Store Is Not Optional Anymore – Will It Kill Your Store’s Conversion Rate?
This blog post was originally written in 2013 by Anton Pachkine, General Manager at FINESTSHOPS INC.
If you recently received a troubling message from Google Webmaster saying “Nonsecure Collection of Passwords will trigger warnings in Chrome 56”, you are not alone. Thousands of online stores ignored all the warnings and now their visitors see a message in the browser: “Connection is not secure. Logins entered on this page could be compromised”. A similar warning will be shown in new Chrome and FireFox browsers.
X-Cart reps has recently published the detailed article about this HTTPS/SSL thing. They explained why Google is pushing so hard for HTTPS everywhere, destroyed all myths about it and, finally, suggested a few ways to solve this issue. The article was written in simple language so that even non-techies could easily understand what is what. Now it’s time to drill this question down and add a few technical details.
You have 3 options to fix “Connection is not secure” warning in the browsers:
1) Remove the login form (username and password fields) from all unsecured pages in your store or replace that form with a link to a secured login page
This may require the minimum changes to the templates but will not prevent browsers from showing a warning sign beside your URL. Not as scary as “Logins entered on this page could be compromised” but still not ideal.
2) Switch your store to run everything from HTTPS
This may require a bit more changes to the store and the templates. You will need to adjust store’s configuration and test all the pages to make sure everything is loading from secure (HTTPS) URLs. After this is done, browsers will show a green sign with “Secure” text or your business name in it (depending on the type of SSL certificate you are using):
This is great but if your server does not support HTTP/2 protocol, your store will run slower on HTTPS connection compare to HTTP and nobody likes slow stores which takes us to the 3rd option.
3) Switch your store to run everything from HTTPS and upgrade to a server with HTTP/2 support
This will be the best solution because your store will be fast and secure so your customers and search engines will be happy.
If you are busy with running your business and do not follow the latest developments in the Internet networking, here is a little introduction: HTTP/2 is a major revision of the older HTTP network protocol used by the World Wide Web (aka WWW). Most major browsers already added HTTP/2 support by the end of 2015 so the majority of your customers will enjoy the benefits but according to W3Techs, as of December 2016, only 10.8% of the top 10 million websites supported HTTP/2 so you can get ahead of your competition by implementing that technology for your store.
The major advantage of HTTP/2 is improved page load speed, especially improved page load speed over secured connections. Below are the speed test results of one of our clients we recently switched to HTTPS on a server with HTTP/2 support.
Without HTTP/2 support:
With HTTP/2 support:
As you can see, we cut full page loading speed in half from 12 seconds to 6 seconds without any changes to the store’s code or the design. Plus the second store is running from secure HTTPS URL which would be 30% slower without HTTP/2
If you want a competitive advantage right now without any major investments, consider running your store from HTTPS on a server with HTTP/2 support.
About the Author
Anton Pachkine – General manager at finestshops.com: E-Commerce Conversion Optimization and Management.
Finestshops specializes at upgrading, hosting and supporting X-Cart based stores for small and medium-sized businesses that operate without a large IT department. Contact us today to see how we can help your business!