Home > Technical & Creative Skills > Tracking Campaigns

Why is it better to use HTTPS? (11)

07-30-2018 02:16 PM #1 expadz ()
Why is it better to use HTTPS?

I have been setting up my safe url in HTTPS lately as it is generally recommended

Also, chrome started to give warnings: https://gizmodo.com/heres-why-google...-si-1827830039

However, is there any benefits related to running campaigns in affiliate marketing for using https specifically?

I am not technical so I don't quite understand why HTTPS would be preferred over HTTP in general. For example, safe url, money url and tracker domains in https.

07-30-2018 07:04 PM #2 zeno (Administrator)

Here are my bullet point notes on HTTPS:

Chrome and other browsers will make insecure HTTP URLs looks worse over time.
Some traffic sources and platforms require HTTPS links to be used for outgoing traffic (e.g. ads)
The "secure" symbolism in browsers can only do good, its not likely to make people trust you less
HTTPS > HTTP redirection blanks referrer as a browser standard. This can cause tracking issues, so use HTTPS fully or not at all across your stack.
Using HTTPS is not necessarily slow, it is getting faster and adopting it can make it easier to use HTTP/2 which does have significant performance impacts. Check out this page. If you are using Cloudflare + their SSL, you may potentially see performance improvements just from the move to HTTP/2.
Ultimately, the point of HTTPS is security, so using it with your pages/tracker/etc. does decrease the likelihood of your systems or your customers being compromised. It could stop a breach of some customer where they would blame your site for it and cause negative press. E.g. they get their CC details intercepted, get defrauded, publicly rant on FB about how your site is a scam and so on.
If using HTTPS you can use Brotli compression (better than Gzip), as well as enable HSTS which forces browsers to access your server via HTTPS, reducing issues with HTTPS>HTTP redirects and mixed-content errors.
The latest versions of TLS have gotten much better with performance and it is only a matter of time before all webservers (Nginx, Apache, etc.) support the latest versions with these improvements (e.g. zero round trip time negotiation).
Some browsers penalise non-HTTPS content and this can impact your conversion rates. I believe Advertizer (by Monetizer) mentioned enabling HTTPS saw CVRs skyrocket on Safari/iOS.
This page provides a useful overview - https://www.keycdn.com/blog/https-performance-overhead/

Ultimately, much like IPv6, the internet is moving toward HTTPS as the norm, for good reasons.

08-02-2018 06:02 PM #3 realtalk (Member)

Something that just came to mind... is there ever a case where HTTP makes sense?

For example, using HTTP (non-secure) campaign urls which redirect to HTTPS (secure) landing pages.

In this case we would avoid paying any HTTPS cost when first going to the tracker. Or maybe I am overlooking some important details?

08-02-2018 09:20 PM #4 ervin (Senior Member)

Originally Posted by realtalk

Using HTTP on campaign links and then switching to HTTPS does not make sense. Keep in mind that when a user clicks on your campaign link (tracker link), even tho the user does not see anything (because of the redirect) the browser does. So the browser will block the redirect chain right there, and show user a warning, before the user can reach your "safe" https landing page.

All this of course will result in a huge traffic loss, because users generally are not willing to take another extra action and proceed to a link which they are getting a threat alert for.

Regarding the costs that is something that it is up to you of course, but there are some SSL certificates called Wild Card SSL Certificates that can be used with an unlimited number of domains once installed on a server. So you only get 1 certificate and use it on all your domains instead of having to pay separate certificates for every domain.

There are also some free SSL options offered by services such as Cloudflare, but you need to configure your domains on Cloudflare to be able to use them.

08-02-2018 09:45 PM #5 realtalk (Member)

Thanks for the reply ervin, I found your explanation helpful.

For interest's sake, I have a follow up question...

Originally Posted by ervin

On traffic sources like pops, where a new browser tab is spawned, would hitting a HTTP tracking url as the first point of contact work? (i.e. there would not be a transition from HTTPS -> HTTP taking place and thus no browser warning)

Just to clarify, regarding "costs", what I was referring to is the TLS setup time which you can check in browser dev tools.

08-02-2018 09:55 PM #6 ervin (Senior Member)

Originally Posted by realtalk

Thanks for the reply ervin, I found your explanation helpful.

For interest's sake, I have a follow up question...

On traffic sources like pops, where a new browser tab is spawned, would hitting a HTTP tracking url as the first point of contact work? (i.e. there would not be a transition from HTTPS -> HTTP taking place and thus no browser warning)

With Pops as well same things happen. Basically when a pop is triggered, what happens is:

1. Traffic source link is first invoked (for example popads.com/....)
2. The traffic source, based on the best bid, decides which campaign to show (in this case your tracker url gets selected)
3. Last step is your landing page

So as you can see in step 2 your tracker url appears again. Basically there is no way for the source to send users to your landing page without passing from the tracking link.

Unless you use a No-Redirect-Tracking option that some trackers (like Funnel Flux) offer. This is a script that you put on the landing page and that does all the tracking without the need of a redirect, and you can then use your landing page url as a campaign url (which is supposed to be HTTPS

08-02-2018 10:11 PM #7 realtalk (Member)

Aha! It's coming together now, thanks again for the great response ervin!

08-03-2018 12:59 AM #8 thedudeabides (Moderator)

Zeno summed up everything so there's not much to add.

HTTP may still be slightly faster on slower mobile connections due to packet loss from the newer TLS protocols. Can't recall if it was TLS 1.2 or 1.3 though, but watched a video on it earlier this year.

But that seems a trivial point to hold out on. The web is moving to and embracing HTTPS

Originally Posted by ervin

I've not heard anything about browsers actually blocking redirect chains when going from https to http. Can you elaborate?

08-03-2018 01:59 AM #9 mitchell (Member)

Originally Posted by thedudeabides

I've not heard anything about browsers actually blocking redirect chains when going from https to http. Can you elaborate?

Only thing I can think of is maybe he meant trying to visit a site with https that only supports http and doesn't even have an SSL cert.

08-03-2018 03:55 AM #10 erikgyepes (Moderator)

I've not heard anything about browsers actually blocking redirect chains when going from https to http. Can you elaborate?

As far as I know there is no blocking so far with redirects.

That would be too radical, not saying in the near future it will come as well.

So far I noticed only the warnings, even those I not see everywhere (I use Safari), only on sites with forms that asks for login or payment details.

08-03-2018 09:11 AM #11 ervin (Senior Member)

Originally Posted by thedudeabides

Yeah thats correct actually the warnings do not appear directly on the redirect chain, that was simply a shortcut to resume that having mixed links will raise warnings on some browser depending on the security level the user have set.

I just wanted to make the point that there are no benefits having a chain that switches from HTTP to HTTPS, at that point better stick with HTTP only and avoid warnings about mixed contents.

Home > Technical & Creative Skills > Tracking Campaigns