Cubecart 6.0.5 - No SSL on sensitive pages

[bondimedical]

I have noticed you cannot enable SSL only on sensitive pages in 6.0.5. Why was this decision made?

[Al Brookbanks]

A number of reasons;

1. It's widely regarded that always on SSL if better for SEO. Google have some official posts about this.

2. SSL on sensitive only pages was only introduced to save server load where it wasn't needed. These days the added overhead is considered negligible.

3. It allows us to remove a significant chunk of logic on every page load as to whether it should be on it of. 

4. The new code only allows the front end of the store to operate under the specified SSL URL. This prevents duplicate content from other domains (like IP addresses and temporary hosting domains) from working. This in turn prevents duplicate content which helps improve SEO. It also fixed two reported bugs concerning incorrect URLs bring cached.

5. One way switching prevents redirect loops which has affected some merchants on specific hosting configurations for years. :)

[bondimedical]

Yes, but you are changing the URL of your website from http to htttps which means anybody who upgrades a CubeCart 5 store to CubeCart 6 will lose all their rankings. Just read up on Google how difficult it is to change an existing website from http to https. Here is a list for starters.

SEO checklist to preserve your rankings

• Make sure every element of your website uses HTTPS, including widgets, java script, CSS files, images and your content delivery network.
• Use 301 redirects to point all HTTP URLs to HTTPS. This is a no-brainer to most SEOs, but you'd be surprised how often a 302 (temporary) redirect finds its way to the homepage by accident
• Make sure all canonical tags point to the HTTPS version of the URL.
• Use relative URLs whenever possible.
• Rewrite hard-coded internal links (as many as is possible) to point to HTTPS. This is superior to pointing to the HTTP version and relying on 301 redirects.
• Register the HTTPS version in both Google and Bing Webmaster Tools.
• Use the Fetch and Render function in Webmaster Tools to ensure Google can properly crawl and render your site.
• Update your sitemaps to reflect the new URLs. Submit the new sitemaps to Webmaster Tools. Leave your old (HTTP) sitemaps in place for 30 days so search engines can crawl and "process" your 301 redirects.
• Update your robots.txt file. Add your new sitemaps to the file. Make sure your robots.txt doesn't block any important pages.
• If necessary, update your analytics tracking code. Most modern Google Analytics tracking snippets already handle HTTPS, but older code may need a second look.
• Implement HTTP Strict Transport Security (HSTS). This response header tells user agents to only access HTTPS pages even when directed to an HTTP page. This eliminates redirects, speeds up response time, and provides extra security.
• If you have a disavow file, be sure to transfer over any disavowed URLs into a duplicate file in your new Webmaster Tools profile.

 This is a step in the wrong direction and I am asking you to please restore this or provide a means for people who still want to use it eg a plugin?

[Al Brookbanks]

No the URL remains exactly the same. Just the protocol has improved. CubeCart satisfies all the conditions above that it can aside from the 301 header which has just been added for 6.0.6. https://github.com/cubecart/v6/issues/578

[bondimedical]

Hello Al

The URLs of all website's with CubeCart will now change from http://www.example.com/ to https://www.example.com/ meaning that all the steps I have outlined above and more need to be taken. The 301 redirect needs to be put in the htaccess file for the website so all URLs indexed in Google are directed to the https version.

Edited June 3, 2015 by bondimedical

[Al Brookbanks]

all the steps I have outlined above and more need to be taken

They don't all need taking and CubeCart isn't capable of making all of them as some require server side changes (e.g. HSTS). The 301 redirect is the important one.  

[bondimedical]

The HTTPS has negligible affect on SEO and slows down website's. In fact people changed their website back to HTTP because their bounce rates went up. What about disavow files, how will CubeCart update those?