HTTPS Migration For Enterprises & Large Sites

Discover how best to use our tools in a solid plan for a successful migration

Enterprise Guide To Migrating Large Sites

Planning to migrate a large site or estate to HTTPS? Based on working with lots of big enterprises, we've put together some information which will help you understand and plan how to use our tools in your workflow. In our guide you will find detailed instructions and tips, workflow plus additional licensing and support options

Download

Overview

Mixed content issues occur on HTTPS sites due to links within the content using HTTP rather than HTTPS in the asset’s URL. This breaks the HTTPS security padlock on the page that is affected. Most content on sites can be picked up during a crawl, but this can miss some dynamically generated content because the crawl cannot discover it.

In order to find both types of content, we have two applications to use:

How HTTPS Checker Works

HTTPS Checker is a downloadable desktop app which identifies pages to crawl via links on your site, then identifies and reports on mixed content issues that are found. These issues are stored in local storage on your machine, summarised at the end of the crawl on-screen and via downloadable CSV or PDF formats. You can control the crawl via different Mode settings, which directories to include as well as tuning the speed of the crawl.

How HTTPS Reporter Works

HTTPS Reporter captures Content Security Policy violations from your site which are triggered when a page is visited that has a mixed content issue. You need to generate and add a CSP to your website header. You then log in to your HTTPS Reporter dashboard to see these violations and mark them as fixed.

Licencing & Payment On Invoice Option

For large sites, we have a $99 Enterprise licence which allows crawling up to 250,000 pages. However, we also have a $249 Platinum licence which allows unlimited crawling of pages and is therefore suitable for even the biggest sites (the largest site to use the tool when we last checked had 8,000,000 pages). We can bill via invoice for enterprise and platinum licences for as many months as specified.

Get Your Enterprise Licence   or   Contact Us For A Platinum Licence

Support & Consultancy

We provide telephone support and consultancy to large enterprises on an agreed plan.

Approach to Migrating Large Sites

Planning Tips For Large Sites Or Estates

Complexity

Large sites often have lots of technology to build pages or show ads, you need to identify and handle this array of technology plus front and back-end integrations. If you don’t have an asset record of what’s been implemented on your site, start with a search on Builtwith which will show your technology profile and then make sure each technology provider has an equivalent HTTPS service.

Timescales

It is going to take a lot of time and effort to migrate a site or multiple sites, so plan your resourcing and treat it as a high-level project. Start with your Dev site.

Bite-size Chunks

Handle the migration in sections or audiences rather than trying to do the whole thing in one go.

Learn As You Go

Measure and record the issues as you complete each section, then apply what you learn to the next section. HTTPS Checker allows you to download a PDF or CSV of crawl results and HTTPS Reporter stores and displays issues in your dashboard.

Tackling Widespread Common Issues First

It is a good idea to first look at common generated pages such as category or product pages, to see if there is a program issue likely to affect all of them and to resolve it first and then progress to the main crawl. You can upload a list of example URL’s covering your common pages and run them through the HTTPS Checker app.

Workflow

To help in the creation of your own migration plan, we’ve included an example process flow and tips on using the apps.

Plan

  • Estate Registry
  • Website Technology Discovery
  • 3rd Parties & Tracking
  • SSL Certificate, Security Policies & CDN
  • Migration Targets & Content Types
  • Resourcing & Timescales
  • Dev & Test Environments
  • HTTPS Migration Tools
  • Workflow & Test Procedures
  • Post-migration Checks
  • Post-migration Monitoring

HTTPS Migrations can be complex and time-consuming so ensure you plan for this as a priority project that is fully resourced and follows a documented living plan which incorporates learning points as you progress through the program of work. Ensure your plan covers changes to analytics and post-migration checks.

Scan Preparation & Tuning

  • Purchase Licences
  • Target Pages To Scan
  • Addressing Common Widespread Issues
  • Dev / UAT Site Setup
  • Test Scan On Static Content
  • Optimise Crawl Speed & Re-test

Decide how you are going to segregate large sites into manageable migration chunks.
Tip: You can upload a CSV list of URL’s to crawl into the HTTPS Checker app for precise targeting and also define sections of the site using robots.txt rules in Advanced Options. You can also set crawl parameters here to tune the speed of the crawl.
Tip: Check the log files to make sure you haven’t set it too fast.

Scan

  • Run HTTPS Checker Scan On Target Pages
  • Monitor Server Load
  • Collect Issues Requiring Fixes
  • Check Log Files

Run the scan on your target pages and the HTTPS Checker app will summarise issues and provide PDF and CSV downloads of the issues found too. Check your log files to see which URL’s were crawled and which gave errors, so you can investigate them further. Try slowing down the crawl if you are generating a lot of errors.

Fix & Re-Scan

  • Assign List Of Issues To Fixers
  • Record Fixes Made
  • Re-run Scan On Fixed URL’s
  • Check Log Files

Share the CSV of issues out to your fixers, maybe via Google Docs so it is in a central place, and assign the issues out. You can then check the fixes by importing a specific list of CSV’s to crawl and then do a full scan as a double check when you believe everything is fixed.

CSP Violation Capture

  • Set up CSP Header
  • Set up & Verify HTTPS Reporter
  • Check Violations Being Captured

Set up your CSP header and start catching violations in HTTPS Reporter. This will pick up issues that come from dynamically generated content, which the HTTPS Checker app can’t find, as well as any other mixed content issues that have crept back in.

Fix CSP Violations

  • Assign List Of Issues To Fixers
  • Mark As Fixed In HTTPS Reporter

Mark fixed issues in HTTPS Reporter. A daily email is sent out if new violations are added to the database. NB There is a cap on how many issues are stored so it’s important you clear down fixed issues.

Continuous Monitoring

  • Daily Email Alert Of CSP Violations
  • Assign List Of Issues To Fixers
  • Mark As Fixed In HTTPS Reporter

Continue to monitor your site(s) with HTTPS Reporter for any new mixed content issues that make their way onto the site(s) over time. Look to see if you can tighten up your website management and import tools to stop “http” content being added. You can consider using the HSTS web security policy, but do so with caution.

What To Expect In The Full Guide

Download        Get Your Enterprise Licence        Contact Us For A Platinum Licence