HTTPS and SNI — what’s the impact?
The website I run, media.info, has just gone ‘properly’ https. We’ve been running https for some time, but I’ve been nervous about switching fully because we use https via SNI. (Amazon CloudFront offers this as standard).
SNI basically means that you are using a newer version of https that can live on servers with other websites on. It’s supported by most new browsers. But it isn’t supported by everyone.
Chances are that you’ll have only found this page if you’re wondering what the impact will be on your traffic if you switch totally to https via SNI. So, here’s the impact according to some deep-diving into my stats.
There are quite a few old browsers that don’t work with https via SNI, but the main ones you need to worry about are Internet Explorer on Windows XP; and Android Browser on Android v2. Other browsers on these operating systems do work, so it’s only these that you need to worry about. They’ll simply get a broken page or an inexplicable error; and you’re essentially cutting off these users from ever using your website again if you implement https fully.
Looking at my last month of traffic… Android Browser via Android 2.x is now only 0.45% of all Android users. It’s a tiny figure. My guess is that these users will have other devices to access the website in any case.
Internet Explorer on Windows XP now accounts for just 20% of all Windows XP users. That’s higher than I’d like, and probably means that those Windows XP users are at work and using the website without being able to install any other browser.
But in total, 1% of all sessions are affected. I think I can cope with that.
These people are also less valuable to me than even that. These sessions account for around 0.6% of all AdSense revenue (the predominant method of earning revenue from the site).
Now, Google AdSense do warn that if you go over to https, you may see lower revenue overall. That’ll be interesting to see.
But if you’re wondering whether you should switch from http to https via SNI, this might give you cause for relaxation. It looks like the time is now.
(It’s not the whole story; there are some bots and things that don’t support SNI. I still maintain a separate RSS server, partially because RSS readers don’t all support SNI quite yet. But otherwise I’m relatively relaxed.)