Show Me the Data - A Blog About University and College Websites

Rock-solid websites are the foundation of effective digital marketing, communications, e-commerce and social media campaigns.

But, you can’t know if your higher education website is rock-solid without checking it.

We study higher education websites to identify and benchmark the critical issues and we publish the results here.

Our automated higher education website quality assurance service is founded on our research so you can find and fix issues from privacy and security, through social media usage and SEO, to website analytics and content.

Extending the Benefits of HTTPS: Security, Trust and Identity

Extending the Benefits of HTTPS: Security, Trust and Identity

The Story So Far …

Currently, when you connect to most university or college websites your browser (in this case Chrome) maintains studied neutrality about the connection security (HTTP), for example:

 The October 2017 release of Chrome 62 will slightly up the ante, with security warning messages on entering data on sites with HTTP connections:

Google’s original security post is here:

In our last article, we established that about one third of university and college main websites have implemented HTTPS. On connecting to these websites your browser (again, Chrome) confirms a secure connection (HTTPS) exists, for example:

From limited testing, it looks as if the dozens or hundreds of individual web properties (collectively, the ‘web estate’) at larger universities and colleges have implemented HTTPS (secure) connections to about the same degree as the wider universe (roughly, 33%).

Turning HTTPS to Your Advantage

As we’ve previously noted, secure connections to higher education websites are about ensuring that digital interactions enjoy identical levels of security and trust as all other personal interactions. This is not just a matter of implementing technology.

To the end of ensuring security and trust, there’s a further step that higher education institutions can choose to take. One already taken by other ‘trusted’ entities. That is to implement extended validation (EV).

When you connect to sites using extended validation certificates your browser (Chrome) confirms the connection security and site identity, for example:

Looks good, doesn’t it? Clearly stating the official name of the institution hosting the site and the location. It’s the same approach taken by financial institutions, for example: 

Extended Validation Certificates

The purpose of EV certificates is to confirm to website visitors that the entity operating a site is who it claims to be and the certificate issuer has verified the identity. Specifically, in issuing EV certificates issuers check:

  • the identity of the website owner, through business incorporation or other public records;
  • confirms that the applying entity actually owns or controls the domain; and,
  • verifies the identity/authority of the individuals applying for the EV certificate.

The degree of scrutiny required to obtain an EV certificate should assure higher education website visitors that they can trust the site. Moreover, there’s even a little bit of extra institutional brand reinforcement thrown in.

EV certificates come at a price, around USD200 annually, along with a time commitment to gather the data needed to complete the certificate vendor’s application process.

Who’s Using EV Certificates?

We previously identified 1,443 institutions out of 4,310 that had implemented secure HTTPS connections.

On closer inspection, we found 45 of the 1,443 institutions (1 in 30) have chosen to implement an EV certificate. DigiCert and COMODO are the two principal suppliers of extended validation certificates to those institutions that have implemented EV.

We speculate that with greater awareness of the need to move to HTTPS, a second wave of university and college implementations will see upgrades to extended verification.

And, for those institutions yet to move on HTTPS implementations here are the main suppliers of SSL certificates (the underlying HTTPS technology):

Certificate Supplier

Market Share in

 Higher Education

Go Daddy






Let's Encrypt






















Table 1: List of SSL certificate suppliers identified from 1,443 university and college websites using HTTPS

Go Daddy emerges as the largest supplier because Go Daddy is one of the main website hosting providers to the higher education sector in the United States. We note that, with the exception of Let's Encrypt and InCommon, connections to all the other certificate supplier sites are enabled with extended verification certificates.

And, if you’ve made it this far, about 10% of the HTTPS installations we tested failed SSL Labs’ server test. We’ve used our best endeavours to get in touch with those institutions so they can take the appropriate action. We recommend submitting your main website URL to SSL Labs' test.



Sign Up For Email Delivery:



eQAfy is a subscription risk assessment and quality assurance service that helps higher education websites be error-free,
deliver their intended user experience and meet their marketing and communications objectives

Learn More About eQAfy Website Quality Assurance


Photo Credit: Samuel Zeller at Unsplash



Sign Up for Email Delivery:

We collect the following solely to email you new blog posts.

* indicates required

MailChimp stores your data.
There's no sharing with third parties.
Unsubscribe or ask to be removed at any time.


eQAfy Logo


Higher Education Website QA


Rock-solid websites are a foundation of effective digital marketing, communications and social media campaigns.

You’ll only know if a site is undermining campaigns, harming reputations or creating risk exposures by checking it.


Run a sample QA audit

25 Most Recent Blog Posts