Roberto Carrazana5 minutes read
Post tags:

Security (https) and performance (http2), essential for direct sales

En españolen français.

httpsimagen3_opt

At Mirai we have always said that technology is key for direct sales, the basis on which to support all actions to boost your website. Without good technology, all your efforts to boost your direct channel will be in vain. It is, therefore, a fundamental element but also an insufficient one.

In other words, if direct sales were only about technology, most hotels would sell a lot through their direct channel and OTAs would not have the sales quota they currently enjoy. However, of course, this is not the case. That said, the fact that technology is not a differentiating factor does not take away any of its importance or value. It is the first problem to solve: not having good technology is a mistake that no hotel should make.

https and http2 are two good examples of functionalities that OTAs already have and that you should also have on your own website. Each will provide you with something different: https with security and http2 with performance. Having https is increasingly common, unlike http2, which is a relatively new technology that only a few providers in Spain offer despite being the new standard defined by the mighty Google.

https, a more secure website and optimised for positioning on Google

Websites with https are nothing new and have existed for decades. However, adding this level of security has in the past been at odds with performance (slower websites), costs (SSL certificates were expensive) and implementation (complex installation and maintenance).

Fortunately, in recent years those three issues have progressed a lot. Processors are so quick that the encrypted SSL does no longer result in a delay. The cost of certificates still exists but has substantially decreased and installation and maintenance are slowly becoming simpler and more scalable.

To this day, there are no reasons to not have https on your website. If you still do not have it, get to work because it offers many advantages:

– Increased security during client interactions.

  • Awareness. Users are increasingly aware of the importance of security on the Internet and they positively value being able to browse on secure websites.
  • Encryption. All communications will be encrypted, thus avoiding that ‘curious’ users can read it and misuse it.
  • Data integrity. As well as the data being unreadable, it will also be unmodifiable, so nobody can alter the message to be received by either party.
  • Authentication. Avoids or reduces to a minimum the possibility of hacking attacks, in which hackers pretend to be one of the parties (your hotel or the client) in order to get sensitive information from the other. These attacks are known as ‘man in the middle’.

– Positioning on Google. For years now, Google considers that having https on a website is a ‘positive sign for organic positioning or SEO’. We have put it in inverted commas on purpose because it is a striking yet vague statement in terms of defining its impact. Everyone knows that Google preaches about security and it is reasonable that those who follow them, by adding https, benefit from it. However, the impact has been modest up to date, even though many ominous companies proclaimed that ‘your website will disappear from Google’ or ‘it will get double the amount of views by switching to https’, fishing this way for alarmed and panicked clients.

– Avoiding the ‘not secure’ notification on Chrome (and on all browsers in the future). Google follows its path and has gone from rewarding those who adopted https to penalising those who haven’t. Since July 2018, they have been showing a ‘not secure’ message on websites that do not have https.

Not secure message

This is a notification that stands out a lot, especially in comparison to websites that do have https:

Not secure vs secure

Google has threatened, without a deadline –you can find more information from Chrome on the timeline here–, that the notification will be emphasised more and gives us the following example:

Eventual tratment of all HTTP pages in Chrome

As well as having https, you have to verify that you have a good certificate. Google Chrome will no longer use Symantec certificates and starting in September 2018 it will show a security warning on websites that still use those certificates:

Your connection is not private

You can check if you will be affected by it on this website.

http2, a faster website

http2 is the latest evolution of http (also known as http1), whose first version, 1.0, was launched in 1996 (no fewer than 22 years ago). http2 is a radical change on how to serve websites which results in a considerable improvement of the website’s performance, with up to 50% less loading time.

In this real example we can compare the loading time of www.hoteleuropa.eu from the United States with http (or http1) and the new http2. We can see a considerable improvement of 37% on the loading time.

(This video was made with www.dareboost.com)

At Mirai, by converting our clients’ websites to http2 we have observed a considerable improvement in their loading time, a decrease that, in many cases, is reported by Google Analytics, like in this example below, where you can see the evolution of the website’s loading time now (blue) and the comparison with the same loading time last month (orange).

9. Check htt2 supported EN

Why is http2 so much faster than http?

Because the website loading procedure is totally different:

  • With http, the client’s browser requests one element at a time to the server (images, CSS, JavaScript, etc.) to load the website and show it on screen.
  • With http2, however, the server anticipates the situation and sends all elements without waiting for the browser to request them, thus considerably reducing the page’s loading time.

These two images illustrate this difference:

http vs https comparison images
Images: https://medium.com and https://www.collectiveray.com

In our example of www.hoteleuropa.eu, we can see the difference in loading time in milliseconds with http2 (dark blue) and http (light blue):

http vs https

How can I check if my website is compatible with http2?

Unlike https, using http2 will be ‘invisible’ to users since URLs will continue to be written as http:// and not http2://, as it may have seemed the case. Therefore, the best way to check if your website has http2 active is by using an online tool such as https://http2.pro/check

9. Check htt2 supported

Although the are many large hotel chain websites that already have it (Marriot, Accor or IHG), there are still many other chains who don’t, as well as many independent hotels, a lost opportunity to offer the best service to their clients.

Is http2 compatible with all browsers?

As of today, it is estimated (data estimated via caniuse.com) that 95% of users in European countries, Japan and the United States (the main markets of origin in the tourism industry) use browsers that are compatible with http2. On a global scale, including Russia, India, China and Africa, that percentage decreases to 85%.

The reality is that that vast majority of browsers have been compatible with http2 for many years and only versions 6, 7 and 8 of Internet Explorer do not have full compatibility. In any case, it is not a problem if a browser is not compatible with http2 because the website will still work with http, as it has always done, so no errors should appear if an old browser is used.

http2 compatible browsers

Conclusion

Right now, you cannot miss out on the great improvement of having all websites supporting https and http2. The opportunity you have today will shortly become a threat. It is time to get to work, revise your technology and update it as soon as possible.

At Mirai, we are migrating our clients’ websites to https whilst also implementing http2, achieving the security and performance that clients are increasingly demanding.