Referrer policy states

The Big Problem with HTTPS, and How to Fix it Fast

Follow me

Jay Dillon

Director of Strategy and Creative at Inbound Experts
Jay is a digital marketer and producer whose creative and technical skills have developed digital brand strategies and sales campaigns using a range of complex internet applications from stand-alone websites through to Facebook API integrations.
Follow me

The continued work to improve the security and privacy on the web is ever-evolving.

HTTPS is now seen as the most secure protocol and as a result there has been a large migration towards HTTPS, as well as a related strong steady rise in SERPs for sites using HTTPS.

But there’s been a big problem for HTTPS site administrators when trying to refer traffic from an HTTPS site to an HTTP site.

HTTPS and “Referrals”

As most marketers working in the world of web design already know, “referrer” is an HTTP header field that lets the user know the URL of the page that linked to the page the user is on. In other words, the referrer is the page that sent the user to their current page.

The admin of the page is then able to see where people are coming from to visit that page, which is very helpful for analytics. By the way, the first documented spelling of this word was “referer” with one “r”, so if you’re trying to access the referrer information on your website through an app or programmatically, you’ll need to use the single “r” spelling.

A Little HTTPS History For Those Who Have Yet To Make The Switch

It all started with the onset of the ecommerce movement and the need to secure web identities and credit card information. By 1999, SSL became the underlying transport for HTTPS, and it has undergone several revisions since. Now, let’s fast-forward to the U.S spying scandal leaked by Edward Snowden in the summer of 2013. Snowden revealed widespread tracking of people’s behaviour online, confirming that browsing the web via the insecure HTTP protocol allows third-parties to track what pages you view and information you send online.

Obviously the Snowden case is just one of many catalysts to make the web more secure. All of this made Google’s eyes widen, placing a lot of priority on security.

So Why are Digital Marketers Migrating to HTTPS?

As it turns out, HTTPS is not only a solid base for future technological advances (i.e. future-proofing), it also offers a lot of potential SEO ranking benefits (Google even dedicated a post to HTTPS as a ranking signal). And, as you might know, HTTPS has been steadily and solidly climbing the ladder in SERPs, clearly favoured by Google’s focus on security. Back in June 2014 Google I/O went as far as calling for “HTTPS everywhere” for the web. Marketers are making the transition because it is in the good interest of the future of their site.

The Problem

HTTPS is not perfect and has a few downsides when it comes to the initial switch because it typically involves routing your site through several 301 or 302 redirects, which are known to be associated with a slight loss of link equity, therefore resulting in a loss in rankings. Expect a drop in organic search traffic. Although this initial short term effect of a large migration usually hits hard, keep in mind that the HTTPS gain is less than the amount of link equity lost, meaning that overall switching to HTTPS will negatively affect your overall traffic.

The second larger speed bump is the loss of referral data, one of the most common problems marketers have been running into when making the switch from HTTP to HTTPS. It is well known that when one site injects traffic into another, information identifying the originating site as the source of traffic is sent. This valued data has traditionally allowed marketers to see where traffic is coming from. SEOs (I include myself) have been using referrer data for a very long time to better enhance SEO strategies.

Usually people might link back or check out the site sending the traffic when they identify the referrer in analytics data. The fact that spammers are well aware of this has motivated Google to push for HTTPS transitions and to also tweak some of its algorithm. As a result, the process of being able to identify referrers stops when traffic flows from an HTTPS site to a non-secure HTTP site. Webmasters have been going blind, not being able to see their traffic sources. However, it’s important to note that this problem only affects the case of HTTPS -> HTTP. Below i’ve summarised the 4 possible cases, yet only one results in a loss of referral data:

  • HTTP -> HTTP – referrer sent
  • HTTP -> HTTPS – referrer sent
  • HTTPS -> HTTPS – referrer sent
  • HTTPS -> HTTP – referrer NOT sent

The Solution: Meta Referrer Tag

How do you get past that second larger speed bump as an https site?

It’s actually not that difficult and it’s called meta referrer tag. Surprisingly enough, this has been around for a while but no one has really had to use it till now. This tag basically allows you to modify the referrer information that is being passed. It works with most browsers, traffic remains encrypted and for those marketers with HTTPS sites that still want to attain some valuable backlinks from HTTP blogs and sites, the meta referrer tag allows you to pass referrer data to all sites (including HTTP).

How? I’ve comprised a graphic below of the five referrer policy states for using the meta referrer tag. Remember that the meta referrer tag is placed in the <head> section of your HTML with a defined state. There are five states that control how browsers send referrer information from your site:


*Note: to view specific examples for each state and for a more in-depth read on referrer policy for the web, please refer to W3C’s draft on the issue.

So now it’s time to decide which policy state works best for you and apply the coding to start regaining that referrer data.

Bottom Line on HTTPS and the Referrer Issue

Google is clearly favouring security when it comes to managing sites. This means that going HTTPS is probably a good move for the long run. However (and until everyone’s on HTTPS) there’s still a valuable source traffic to be seen by many HTTP blogs and sites coming from your HTTPS site, so making the switch and following this guide will ensure a more smooth transition. Feel free to comment on any of your own experiences or glitches with HTTPS to help us write better articles with the information you need.

More articles from Inbound Experts

How to use Twitter (properly)

Twitter can be an amazing platform for connecting with an audience. However, many struggle to get the hang of it. If you are just getting started or feel as if you are not making the most of Twitter, download this free guide for going from zero to hero.