Going Secure: HTTPS
Update: Since writing of this post, we have successfully moved 100%
our POS traffic to HTTPS
.
Wego takes security of its infrastructure as a top priority and to make our customers feel secure about their browsing experience on the web with us, we started the transition of our domains to HTTPS
.
As Wego has over 50 localised domains, its a huge task to migrate all domains to HTTPS
. Web front end for all domains running from the same application serving both HTTP
and HTTPS
content simultaneously was a big challenge. The biggest challenge was the Mixed Content Issue, to make sure we were able to load all content for both types of protocol without breaking one for the other. Migration of Images, secure script loading, Google Tag Manager, Ad campaigns, API(s) and other services that we integrate with all needed to be secure for them to work.
We started off by migrating all our subdomains on wego.com to HTTPS
, which constitutes around 60% of our global organic traffic. With each domain having its unique features and custom sections, we started of with changes from the backend which would support url protocol per domain to avoid mixed content issue or reduce the impact to the least. As every time mixed content is requested, browser can halt the loading, causing the website to be unresponsive and deliver poor user experience. Without getting into the technical details of all the changes that were required, migration to HTTPS
is more work than one would think of just making HTTP
, HTTPS
.
Once we were through with setting up serving the correct content based on domains. We started our work on CDN
, From per Domain
certificate to Wildcard
to SAN
certificate there are more options than types of oranges that you can buy off the shelf. Amzaon Cloudfront
is great to work with Amazon ELB
but we don't use Cloudfront as our primary CDN other than to serve assets from it. The important bit of challenge with HTTPS
was if the CDN
goes down due to any unforeseen reasons we can't have our website running like for HTTP
where we can bypass the CDN to relay traffic straight to our infrastructure due to the certificates being part of the CDN. For this reason we had Cloudfront
configured as a pay-as-you-go backup CDN for HTTPS
traffic, the best part is it provides the certificates for free to its user not costing us double to have certs in two places.
After having all the setup and migration steps configured and ready to enable each domain to HTTPS
, we started off with one domain at a time as it is hard to satisfy the royalty, for king's wrath is always more than its blessing. Cutting on the pun, SEO
is an important part of the web and is very critical to our business as well. Though you can find a lot of positives about how HTTPS
can help with SEO
all seem to drill down on your hopes that you might not see any positive impact. Not so surprisingly we came to the same conclusion as well that there was no positive impact to our rankings rather one of our major domain took a slump after it was migrated.
All in all the migration has been smoother than we could have expected considering the amount of work that was done to add that "S
" to the protocol. With majority of our traffic on HTTPS
we are looking forward to making more and more domains and services secure as we move forward while continue to provide better experience.