Add certificates to your .brand redirects to help your security and SEO

By Tony Kirsch – Head of Professional Services, Neustar

With the ever increasing amount of .brand redirects being used across the world, it’s a timely reminder to ensure that you’re using best practice setup techniques to improve your security and your SEO.

Our recent .brands industry report highlights a continuing trend for redirect (or vanity) domain registrations with almost 9,000 currently in use and a growth rate of 10% demonstrated for the first half of 2019.

But of these domains, only a small percentage are placing SSL certificates on the .brand domain itself – especially where the redirection does end up on a secure site.

This introduces two main concerns.

Firstly, having a domain of any sort that does have a certificate forwarding through to another destination introduces a risk of penetration and an ability for bad actors to intercept the traffic and move it to another location.

And as we saw in 2017 with the Equifax case, this sort of hack has an enormous impact on traffic, customer sentiment and ultimately, the bottom line.

Sure – if you’re a mom and pop blogger, it’s possible that you may be less likely for this to impact you. But if you’re a multinational organization using your .brand for a big promotion, the implications are far more severe.

Of significant, and often misunderstood impact is the second concern – using domains that are not secure as redirects can be seriously damaging to your SEO ranking and may be slowly eating at all the hard work you put in place to build your search ranking on your main site.

We’ve written articles in the past with Ben McIlwain from Google around this topic when discussing HSTS – an increasingly used technology that ensures secure traffic for your domain. You can see more about this here – https://www.makeway.world/latest-news/google-engineer-ben-mcilwain-hsts-perfect-fit-brands-security/

But this was made all the more clearer when analyzing Google’s use of redirect domains for their Law Enforcement Request Service (lers.google) which redirects back to the lers.google.com site.

The lers.google domain has its own certificate, and forwards directly through to the final destination site. In this case, Google have implemented the HSTS protocol to make it even more secure but for those not ready to take the plunge, you do not need to do this to ensure you’re ticking the main boxes on this.

To ensure you’re doing it correctly, you’re going to need an SSL certificate for each redirect domain, the same as for hosting any other secure site.  That might be different in that you might now need to get more certificates than you had before (one for each domain you’re using as a redirect, rather than just one for your “main” site), but with free and automated certificates through services like Let’s Encrypt it shouldn’t be a concern for the security conscious technology team and it’s worth it for the added peace of mind and Google Search rankings boost.

So if your marketing strategy involves using domains that redirect and those domains aren’t secure, it’s time to get that sorted ASAP.

Our advice – play it safe.

The publicly available information shows that not doing it ensures that people are going to be less likely to find you through Google and you may have just damaged your internal perception of your .brand asset inadvertently along the way.

GoDaddy acquired Neustar's registry business as of August 3, 2020.