The last few years have seen a lot of encouragement for website owners to deliver their sites via https, yet many ad funded websites are still to make the change. Few people would deny that serving website securely via https is a good thing, but concerns over lost revenue mean that it is a project that many site owners remain unwilling to start.
The Google Chrome team have recently announced that they will be pushing secure connections harder; visibly flagging sites as insecure when they don’t use it. With this likely to put new pressure of publisher earnings, many will be reassessing the move to https soon.
Why are publishers hesitant to use https?
Switching to https does have some direct cost and adds performance overhead, but these drawbacks are small compared to the potential benefits. The publishers of ad-funded websites generally have more direct concerns, broadly focused around three areas:
There has been much discussion about Google AdSense and Google Ad Exchange revenues dropping when publishers switch to a secure connection – anecdotally demand seemed lower and as such CPMs were affected negatively, but no studies have been released to support this. Many of the large drops being reported seemed to be traffic related, which may suggest a botched roll-out of https rather than an issue with ad serving.
Moving a site to https effectively means changing the URL of every page: http://www.example.com is not the same URL as https://www.example.com. Changing URLs means that ads are suddenly being delivered from new URLs which can have a big impact on both contextual and placement advertising. Google’s ad ecosystem deals with this very quickly, with mediabot generally crawling new URLs as they appear, but it can cause an initial impact if large numbers of URLs are appearing faster than they are being re-crawled.
The URL changes can have a big traffic impact too. If proper redirects are not put in place the new URLs can cause duplicate content issues or lost traffic, as well as taking longer to appear in the organic search index.
Demand partners that don’t support https
Whilst Google ad systems fully support https, not all networks do. Publishers pulling demand from other sources may find that they are generating security warnings or getting empty impressions if they haven’t tested all their demand partners in advance.
How is Chrome set to make https more of an issue for publishers?
Chrome is the world’s most popular browser by some margin, and the means of delivering a large proportion of the ad impressions for many publishers. The Chrome team recently announced that they will soon put a very visible message in the search bar for websites that are not encrypting traffic.
Currently (December 2016) Chrome users are shown a padlock icon when browsing a secure site and an ‘i’ icon when using an insecure one. From January 1st 2017 Chrome will move to a more obvious “Not secure” message on non https pages. Users seeing such a prominent “insecure” message on a website may be less inclined to browse further, which would obviously impact ad revenue for that site.
In the future the sign-posting of insecure pages is set to get stronger still with the “Not secure” warning becoming a red warning triangle. The red triangle version is planned to initially be rolled out only in Incognito mode (where user expectations of privacy are higher), but the eventual aim is to use the stronger treatment for all insecure pages regardless of browser mode.
What should publishers do?
I think that it is wise to accept that all publishers are going to have to switch to a secure connection at some point. Recognising that fact means that publishers who haven’t yet switched can start making plans and considering that the criteria are for them to decide when the make the change. Https is on the rise. Figures from builtwith.com show that the number of websites delivering https as default has doubled in the last year and the Chrome team claim that half of pages served by Chrome are now https.
Those worried that serving https only ads will impact revenue would be wise to start testing performance. Switching from http to https (or back again) can be a complex process, so it is advisable to understand the issues specific to your site before making the change. Having https available just for testing would allow you to investigate which of your networks and advertisers will serve ads correctly in this manner and is well worth doing prior to any switch. However to test the effect on demand (and therefore CPMs) you’ll likely need to send a proportion of real traffic through https and monitor the impact. In many cases you will even be able to get insight into that by simply calling the https version of network tags.
What is important to do now is to start getting a plan in place. With Chrome’s dominant market share there could be very sudden and dramatic shifts in traffic if the Chrome team decide to push this point hard. If that were to happen there could be significant gains to be had by publishers who have made the change and losses with those who are yet to do it. In the words of the Google Chrome team: “.. . don’t wait to get started moving to HTTPS. HTTPS is easier and cheaper than ever before, and enables both the best performance the web offers and powerful new features that are too sensitive for HTTP”