Technical Question - Affiliate Referral Tracking Using SSL

From what I have read, it seems Google looks favorably on sites offering security. Establishing an SSL connection with porn blogs might not actually be necessary, but if it helps with search engine rankings, then it’s definitely worthwhile exploring, which is what I am doing at the moment.

Based on my understanding, if a visitor is referred from a secure site to a non-secure site, then the referral information is removed prior to the referral for security reasons. If this is the case, then this would pose a big problem for affiliates, because the landing page of most porn sites is not secure until you reach the credit card payment page and you usually want visitors to explore the tour first, which would mean the referral would not be tracked and the affiliate would not receive credit for the sale.

I have seen some sites using SSL that don’t have a green padlock, but instead a yellow padlock with an exclamation mark to indicate a problem or mixed security issues, which is not good. This could be the result of an insecure link or a graphic from an insecure source on the secure page. Does anybody know if there a way for a blog using SSL to successfully refer visitors to a non-secure site and retain the referral information whilst ensuring the green padlock displays so visitors don’t receive warning messages?

It’s interesting to note that some of the sites discussing the benefits of SSL don’t use SSL themselves, possibly due to them being affiliates and aware of the issue with referral tracking. I look forward to hearing any solutions, particularly using referral links from the same domain, rather than using non-SSL referral links from a different domain. I hope you are all having a great weekend. :slight_smile:

Re: Technical Question - Affiliate Referral Tracking Using SSL

I wondered about the same. If referral info / cookies is removed when transferred from SSL to non SSL then it makes it all pointless from a affiliate perspective.

Re: Technical Question - Affiliate Referral Tracking Using SSL

Brad,

There is a solution to everything you mentioned and more…

First, almost no affiliate programs look at the HTTP referrer to determine who referred the visitor. That’s the only thing that is really a concern. Instead they embed the affiliate information into the URL. The URL does not get modified when going from HTTPS to HTTP. So you will get credit for the sale. The only program that uses HTTP referrer is Bucks Factory, and then it’s only an optional way to send traffic, not their standard way. So with that exception, you will get credit for the sale.

To be clear - all the cookies get set properly when you refer from HTTPS to HTTP provided your affiliate ID is in the URL. The worst case scenario is you get credit for the sale but the sponsor can’t tell you the referring URL.

Second, yes the default is to not show the referrer when going from HTTPS to HTTP, but you can override that default by using the referrer meta tag. But note, there was an older spec for that tag, now there’s a newer spec.

https://wiki.whatwg.org/wiki/Meta_referrer - older spec
https://moz.com/blog/meta-referrer-tag - good discussion of newer spec

With that you can send the full referral URL to the sites you link to or just send the domain portion of the referring URL (or nothing). Pick which one you want based on how much detail you want to see in your affiliate stats.

That referrer meta tag is currently supported by 67% of browsers. But it’s only a problem if the non-supporting browsers actually strip the referrer data when going from HTTPS to HTTP – I suspect they don’t.

So with that, you could even get something like the referrer only version of Bucks Factory working (at least 67%+ of the time).

Third, the issue you didn’t mention is broken locks on your site if you hotlink images or videos. The bottom line is you cannot hotlink when you convert to SSL.

Related to that is cookie stuffing. You’ll also get a broken lock on your site if you cookie stuff. But for that you can use the prerender or prefetch meta tags. Prefetch is (also) supported by 67% of current browsers. It’s not a perfect solution, but it’s good enough.

Bottom line you won’t lose sales moving to SSL (except a percentage of your cookie stuffing sales). However you might lose a little detail in your referral stats if you don’t use the referrer meta tag.

Re: Technical Question - Affiliate Referral Tracking Using SSL

Thank you for your detailed response Jay, I really appreciate it. My technical knowledge is limited in this area (as you can probably tell), so I have been researching this and I was concerned when I read about referral information being removed prior to the visitor being sent to the non-secure site.

I wasn’t sure how much information was being stripped and whether this process would prevent a sale from being tracked, but you have alleviated my concerns and I now understand things better. What was also making me cautious is that a number of sites talking about the benefits of SSL weren’t actually using it themselves.

I also appreciate the link to the meta referrer tag article - I’m going to read about this now. I don’t cookie stuff, so that part is not an issue for me, but I do appreciate you including the information about this. I hope others also find this information helpful Jay, because this has been very helpful to me. Thanks again. :slight_smile:

Re: Technical Question - Affiliate Referral Tracking Using SSL

In 2014, google said they will give secure sites a minor ranking boost. They also said a small ranking benefit will only be counting as a “very lightweight signal” within the overall ranking algorithm. And google said this carries “less weight than other signals such as high-quality content.” So, I doubt how it will literally affect real SEO ranking.

Normally, the online billing company or eCommerce needs SSL to secure the transaction. I don’t see SSL is necessary for a porn blog. Buying a SSL certificate is cheap, but the overhead of processing SSL may slow down your site as well, if you don’t have a high server configuration.

Re: Technical Question - Affiliate Referral Tracking Using SSL

All of that is true, but IMHO, we’re in an industry which is generally seen as “low quality” by Google. Having encrytion when no one else has it is one way to stand out in the crowd and be seen as a higher quality site (though just having encrytion won’t do it – but encrytion combined with other things might).

Yes, Google is most concerned about “your money or your life” sites (health & ecommerce). But if you’re doing anything that’s social on your sites then there are big privacy issues. For example on my forum site people talk about their sex lives. Yes, it’s a public forum and they’re writing for the whole world to see, but it’s not necessarily something they want intercepted.

But behind all of this is the philosophy that all sites should be encrypted because, while say a gardening discussion forum may not be terribly revealing, that plus the rest of your browsing profile is rather revealing. And certainly your porn surfing habits are revealing. Personally I think it’s our responsibility to protect our users and we should all be working towards SSL everywhere.

What I don’t understand is why paysites, which already have certs for the ecommerce pages, don’t encrypt everything on their sites, and why sponsors don’t encrypt everything on their program sites (e.g. NATS).

This is largely a red herring. For starters most of us don’t come close to maxing out our CPUs. So we have the computing power to do TLS. And good certs use algorithms that are processor optimized. So performance really isn’t that big of a deal…

https://www.maxcdn.com/blog/ssl-performance-myth/

I also found a reference that said that “When Google switched Gmail to use HTTPS, no additional resources were required; no network hardware, no new hosts. It only increased CPU load by about 1%.”

But there is an issue using TLS and how much of a problem it is, depends on how you have your sites constructed…

It takes at least four TCP roundtrips just to open a single SSL connection between the client and the server — and this doesn’t happen until after the initial TCP connection has been set up. The amount of data transferred as part of the handshake isn’t huge (under 5 kB typically), but for very small requests this can be quite a bit of overhead.

Source (good article)

That means TLS can be a fairly big problem on crappy connections with high latency. Which is one reason why edge networks (CDNs) are popular these days.

Back in the day it used to be good to do what was called sharding where you put page resources on a whole bunch of different servers so your browser would pull from multiple places at the same time. That was a good strategy back then, but now it’s not. Now the fewer places you pull from the better – especially for little things.

This means if there’s a public, CDN-based version of something it may or may not be a good idea to use it. You have to ask yourself “how likely is it that my user will have recently pulled JQuery off the Google CDN?”, or “how likely is it that they’ve pulled the image crop routing off the vendor’s CDN?” In the first case, yes, they probably have recently pulled JQuery off Google, so that’s an OK usage of a CDN, but they’re unlikely to have just pulled some obscure routine off some equally obscure CDN. In that case the file should be on your own server so it can be retrieved without additional connections.

HTTP/2 is coming to the rescue with all of this. At it’s core is reducing connection overhead. But in many cases it’s not in the established, stable build of your server OS. But that will change probably this year.

Bottom line, yes, you have to be on top of things and understand your code and how things are served if you want to minimize the performance impact of TLS. But if you are on top of things that impact can be negligible.

Re: Technical Question - Affiliate Referral Tracking Using SSL

[QUOTE=Jay;167273]Brad,

Bottom line you won’t lose sales moving to SSL (except a percentage of your cookie stuffing sales). However you might lose a little detail in your referral stats if you don’t use the referrer meta tag.[/QUOTE]

Thank you, just what I needed to know!