: Huge drop [50%] in traffic after HTTPS move Currently look after 3 websites. I changed one of them to be HTTPS as it's ecommerce, however have seen a huge drop in organic traffic since this
Currently look after 3 websites. I changed one of them to be HTTPS as it's ecommerce, however have seen a huge drop in organic traffic since this was implemented. Went from around 800 impressions to 400.
Any ideas as to why?
Very concerning as I expected it to improve if anything!
I set up 301 redirects to carry through to old pages to www.example.com/product1 would go to www.example.com/product1
I also set up a separate webmaster account for the HTTPs version as our integration wasn't working well with Google Merchant Centre, and data is flowing correctly but unsure why/if this would cause conflict.
Very confused!
More posts by @Hamaas447
8 Comments
Sorted by latest first Latest Oldest Best
Time for an update!
It's not 100% resolved, however having updated the sitemap and robots.txt to ensure that all were pointing to HTTPS, traffic is now at about 85% of what it was.
It seems to be gradually climbing again, and one explanation for lower traffic/searches is due to seasonal demand. So I think for now the issue is resolved, though I'm certainly in no rush to change over sites in future to HTTPS where not needed...
So you support all the bleeding edge encryption, got an A+ on Qualys, that is awesome. But did ya'll check your analytics for XP users, specifically using IE or Chrome? Its no secret that XP is a dog that dies slow when connecting to modernized sites. Its also no secret that IE and Chrome on XP (or even old version of android browser) are very much limited to what they can do with SSL.
Here are some examples of situations that would cause reduced HTTPS traffic:
You didn't set up GWT, analytics, and other services to correctly see the HTTPS change and its not actually dropping off. False positive, this is the most common error.
You run multi-tenant server and rely on server name indicator (SNI) to serve your certs. Old IE and Android browsers will not connect. Bots might not understand what it is.
Because of all the exploits this summer, you have turned off SSL2/3 support and opt only for TLS. Fringe or un-updated browsers may fail.
You wanted to enable forward secrecy to get unique keys during handshakes. Heck make it "robust" forward secrecy. Very old IE on XP will be asking "WTF is that" and prob fail.
You are supporting only the most badarse ciphers and have ousted the old ones. Cloudflare is a great example of this -- because of ECDHE neither IE nor Chrome will be able to connect on XP. Must use Firefox in this case, which often, XP users (senior citizens, indian colleges, enterprise call centers) do not know how, or are not allowed to install.
You have a yellow lock on too many pages. This makes people scared and they run away to a site that is actually secure (green lock). Can attempt to amend this by HSTS below (hides the asset instead of making broke lock), but then you risk broken site instead of just broken lock.
You are enforcing HSTS and XP users might not be able to use it. Also, if HSTS is blocking an insecure source, it completely removes it from the page. Perhaps there is a critical blocked element (such as a piece of content loaded with script/AJAX) and you might not even realize its gone.
You have implemented a CSP but XP users might not be able to use it, or its error'd out causing a similar issue as the HSTS blocked content above. Your lock looks green, you might not even realize all your inline styles are disabled so a critical script such as add to cart becomes broken or blocked.
Possible other causes:
Certain search engines, directories, scanners, etc are unable to crawl your site with such security. Example, BingBot only recently (Jan 2015) started to understand SNI and [P]FS. There are TONS of directories and things that simply do not understand how to crawl your SSL site -- example seobook.com. If there are errors, they may remove your backlink, even though its their fault for not updating their crappy CURL schema.
You got a ton of traffic from badbots, but now they are staying away for the same reason: they run XP, use IE6 wrapper, crappy CURL, unable to crawl, unable to spam. Or perhaps they are an exploit scanner, they see HTTPS and they leave immediately. Dont underestimate the amount of traffic from badbots, its huge.
You have an SSL cert in the RSA128 sunset realms and certain browsers are displaying the warnings that you are using weak encrypt. The browser may still allow them to connect, but will do the "something is wrong" flag on the address bar. Try your site through all the latest version browsers.
You have SSL implemented -- but poorly, inconsistent, and switches are too slow. This is a pretty common error of judgement: Folks think that you can just redirect with htaccess, set a canonical, and be good to go. What about all your assets like dynamic menus, image sources, etc? What about your feed generators? What about just about anything else your platform does? Make darn sure that your platform is rendering EVERY link/src as HTTPS or relative url at the least...otherwise bots will be confused and/or double connecting causing increased handshakes, increased redirects, and more lag (de-ranked due to pagespeed).
Too many redirects chained together. Google hates redirects when they chain over 2-3. So if you are using 301 SSL, this eats one off the bat. If you redir to WWW mode, thats another. If you then redirect to new content, thats another. If there is anything in between, youre playing with fire. Check the 3 minute mark of this vid:
I could imagine (by a far stretch here) that the "bots and spammers" people donßt like https because it drains more resources on there end (too) so they just crawl and visis http.
I changed three of my websites from http to https and all of them entirely different niche aswell. 301 redirects and google webmaster tools site change and even all the internal links that were posted using http in the url were changed to https over night.
New https pages started appearing in serps within a few days and all http pages were gove in a months time and all the pages showed up with https. Traffic dies for a few weeks then recovered after a month or so but even after waiting for a good 5 months the traffic never reached to levels at the time of changing. In total a drop of more then 40% as compared to http version after 5 months of waiting.
I changed this site back to http and redirected all the https pages back to http. Took about a month for traffic to reach the orignal levels.
Lesson learnt : Google is lying about ranking boost for ssl pages. I do not sell anything and have no money transactions or personal info changing hands on any of my websites so I dont need ssl.
You may want to test if your webserver is configured properly to serve HTTPS. If not configured correctly, it is possible that the browsers are throwing a warning page to the users and the users are choosing not to visit your site.
Tools such as this one from Qualys SSL Labs can tell you if there is an issue. Aim for an A rating
HTTPS does not improve traffic in any way, shape or form. It's a secure protocol and nothing else. No different, otherwise, from HTTP. If you want Google to combine the results for both http and https, you have to do that in webmaster tools AND, better, redirect your http traffic to https. Then your totals will be added together instead of separately tracked.
HTTPS doesn't send the referrer header. Such traffic will therefore be lumped in with 'direct' traffic.
I've supported HTTPS on my websites for about two years now, but I'm just starting to experiment with the HTTPS versions in search engines. For my sites, I have always had the HTTP version as the canonical (using link rel canonical tags) but allowed users to navigate to either HTTP or HTTPS.
On March 18th, I switched that for one of my sites. I made HTTPS the canonical, but still allow users to use HTTP. So far it looks like there is a slight drop.
HTTP
The HTTP site has fallen out of the search results over the course of a week.
HTTPS
The HTTPS site has come up in the search results, but it is not getting quite as many impressions as the HTTP site got.
Keep in mind that these graphs are measuring different time periods. The HTTP site was averaging about 225 impressions per week. The HTTPS site is getting about 178 impressions per week.
I'm planning to continue to monitor this site for a couple months, but at this point I'm hesitant to roll out HTTPS for search engines on my larger sites because it appears that getting Google fully switched over may be problematic.
EDIT:
After letting it run for a month, traffic is back up to where it was before the HTTPS migration:
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.