HTTPS Strikes Again and Again

March 21, 2016

Collective Measures
Most marketers know that Google prefers and gives (minor) boosts in rankings to HTTPS secure sites but the secure encryption makes tracking site users complicated. Learn the best practices to get the most out of the HTTPS data at the agency blog.

Share this:

HTTPS, or Hyper Text Transfer Protocol Secure, is the secure version of HTTP and means that all communication between the website and the user’s browser is encrypted.  HTTP was created to define the method and protocol of transporting data from servers of sites, and computers. While HTTPS is a great idea in theory, transitioning sites from HTTP to HTTPS has caused marketers headaches trying to adjust to the changes in reporting, especially once Google got involved.

First, Google itself changed from HTTP to HTTPS to protect users from the websites collecting keyword data. As a result, Google Analytics profiles began to fill with lots and lots of keyword (not provided)’s.

Then in August 2014, Google announced it would reward websites switching to HTTPS with a (minor) boost in ranking factors.

This announcement coupled with increased focus on data security likely fueled substantial discussion around the need to move websites to HTTPS. The unknown is whether the effort would be worth the SEO reward and would HTTPS alone mitigate security/privacy risks.  As clients make the move to HTTPS, CM is also seeing how this change is affecting their data, specifically in Google Analytics

Below are a few of things to watch out for as websites transition to HTTPS or if transitions have already occurred.


1.Acquisition through Direct Traffic

https leads

If a site remains on HTTP, it is likely seeing growth in direct traffic in the analytics. Similar to the keyword not provided change made by Google, website referral information is being stripped away when users transfer from HTTPS to HTTP.

If a site has ‘sister’ sites that pass leads from one site to another and they have not been transitioned to HTTPS, the analytics is likely not seeing referral information when users are moving from your HTTPS site to your HTTP site.

Be sure to investigate and understand the effect this is having on the data. It is likely there will be an increase in direct traffic and the sites that have been transitioned to HTTPS have fallen off as referral sources. These changes should coincide with the launch of the HTTPS site. Luckily, there a few tactics to resolve the issue.


  • Transition the other sites to HTTPS. This might be out one’s control and is a high-effort solution. It will remedy the issue however this is the most difficult solution.
  • Set up cross domain tracking. Alternatively, if you are using Google Tag Manager and have not set up cross domain tracking to include all versions of your site this will also allow your referral information to be carried forward. This is a quick fix but does rely on GTM and Google Analytics already being present on all sites.
  • Implement campaign URLS on HTTPs sites linked to HTTP sites. A third option, which may be more labor and a short term solution, would be to implement campaign URLs on HTTPS sites linked to HTTP sites. If using Google Analytics, place parametered URLs using Google’s UTM structure to pass ‘referral’ information to the HTTP site. Instead of seeing the data in channel reports, it will be seen in the campaign reports. This also assumes one has access to the HTTPS site, and have the ability to edit URLs and can find and manage all of the possible onsite links. The third option is likely a band aid solution until all of the sites can be moved to HTTPS.


https crm
If one is passing referral information to a CRM tool, it is important to look at how it is affecting the source attached to leads.

Collective Measures has seen a situation in which a site was passing referral information to their CRM upon a form completion. After the site transitioned to HTTPS, it saw an increase in leads tagged as direct traffic. The agency found that they placed a redirect after the form submit that was first sending their lead information back through their old HTTP site before sending it through to their CRM. This simple redirect, likely needed for a business reason, was changing the referral information being passed to the CRM.


If one is relying on a CRM to close the loop on lead generation or sales, it is possible to see false signals on what channels are truly driving leads and revenue. If this problem is not caught early, it could affected future planning and budgeting.


https social

Similar to Google’s switch to HTTPS, social networks are also moving to HTTPS. What is important to understand is how to interpret all of the different Source / Medium’s seen in Acquisition reports. If one filters the Source/Medium acquisition report using the term Facebook you will see multiple entries. It is possible for an accounts to have 15+ different line items for Facebook. This can become confusing when trying to define the source.


Marketers should define and understand the social referrals to make reporting as easy as possible. Below is an example break-down of the most common. The l. and lm. sources are the ones affected by the HTTPS change.

Source / Medium: Facebook sources defined

  • / Referral: Traffic coming from Facebook’s Mobile App
  • Facebook / Social: As defined by Google’s default channel definitions where the referral source is social or the medium matches some variation of social. You can see the complete definition for social here (
  • / Referral: Desktop visitors directly coming from https//
  • / Referral: Mobile browser visitors coming directly from https//
  • / Referral: This ends up being a bit of a catch all. We also see this come through as a referral source for traffic coming through a social posting tool like Sprout or SpredFast.
  • Facebook / CPC : Paid traffic coming from paid social campaigns. These will come through in the default channel reports under paid search.


Security and privacy concerns do not appear to be going away. Like the adjustments made after Google removed keyword data from HTTPS searches similar changes will need to be made as the market changes. We at Collective Measures will continue to keep an eye on this changing environment and provide insights that help you navigate privacy and security changes.

Share this article

Share this: