Google called for “HTTPS Everywhere” (secure search) at its I/O conference in June 2014 with its Webmaster Trends Analyst Pierre Far stating: “We want to convince you that all communications should be secure by default,” and it anticipated some resistance and skepticism from the SEO industry.
In 2016, 2 different Google representatives advocated for HTTPS: Maile Ohye in a joint BrightEdge webinar “A View from Google” called HTTPS a “requirement” and Thao Tran speaking on the main stage at Share16 in October said “HTTPS and making sure your site is secure is an imperative at this point… Google will start marking things non-secure… The future of the web is a secure one, and so make sure people in your organization understand HTTPS, and it should be on the road map” for 2017. The picture is definitely getting more clear. As a digital marketer, it’s important to understand the differences between HTTP and HTTPS, the advantages of switching, and any issues you might encounter in your SEO management efforts.
Well, the adjustment period has come to an end with Google warning Chrome users when displaying pages that include forms from non-HTTPS sites: “Beginning in October 2017, Chrome will show the ‘Not secure’ warning in two additional situations: when users enter data on an HTTP page, and on all HTTP pages visited in Incognito mode.” This message will appear in url bar of Chrome browsers.
HTTP (Hypertext Transfer Protocol) is a structure for transferring and receiving information on the web, most frequently operated to retrieve HTML web pages. HTTP is considered an application layer protocol — it exists to present information to the web user no matter what channel it takes to do so. HTTP is stateless, which means it uses less data by forgetting earlier web sessions.
What does HTTPS stand for? HTTPS, or Secure HyperText Transfer Protocal, was established to sanction secured transactions and authorization over the web. Exchanging information, like credit card numbers or access, requires security to avert unauthorized entry through HTTPS.
So what’s the difference between HTTP vs HTTPS? HTTPS is HTTP — just the secure version. HTTPS follows the same protocols as HTTP — the browser begins a connection to a server on a standard port. The additional layer of HTTPS security uses Secure Sockets Layer, or SSL, to transport data. HTTPS exercises TCP Port 443 by default, so they use two separate communications.
For a detailed walkthrough see our on-demand webinar on HTTPS vs HTTP for SEO.
Where Does SSL Come In?
- Encryption: Encrypting the transferred data for security
- Data Integrity: Data cannot be altered or corrupted during transmission
- Authentication: Users are authenticated to communicate with the website
Just like HTTP and HTTPS don’t discriminate with the path that data takes to its destination, SSL equally doesn’t care how the data looks, but HTTP does. So how does it affect HTTP vs HTTPS? In between the two HTTPS presents the best of both worlds: the data is visually appealing to the user, and you’re getting the extra layer of security as the data moves.
What is HTTPS Used For?
Since the key is search security, HTTPS has been used for any site involving secure information. It’s used for ecommerce sites to tender protected transactions. More than likely, your bank will use HTTPS to secure your personal information — easily recognized by the padlock on your browser. And as we’ll discover next, HTTPS is recognized and used as an SEO benefit to your secure site.
HTTP vs HTTPS: HTTPS as a Ranking Factor
Even in 2013, research showed an increase in encrypted URLs. However, it wasn’t until the official announcement that we began to see sites affected by this factor.
Considering their user-based algorithm updates, Google preference for trusted sites isn’t surprising. If users are guaranteed to have a secure site experience, the answer to HTTP vs HTTPS becomes simple — they will prefer HTTPS to HTTP.
SEO Advantages of Switching to HTTPS
If you’re following Google’s recommendations, deciding on HTTP vs HTTPS is also easy – switching to HTTPS will benefit you and the security of your site. There are also some additional SEO benefits for you to consider:
Not a major boost, but as part of an overall strategy with other ranking factors, it’s a safe bet. In addition, we usually see that the impact of Google’s recommendations and algorithm increase over time. Learn more about Google page rank.
If you’re exploring Google Analytics for your HTTP site, the traffic passing through referral sources can appear as “direct” traffic. Through an HTTPS site, the security of the referring domain is preserved. This makes the HTTP vs HTTPS decision even easier to make.
Security and Privacy
Security benefits your overall goals in a few ways:
- Authenticates the website and server communication
- Avoids damage by third parties
- Encrypts data and communication, like browsing history and credit card information
So Are There Any SEO Concerns in Switching to HTTPS?
As with all major URL changes and site migrations, there is likely to be a disruption and loss of rank followed by a recovery in rank. There are little to no issues when switching to HTTPS, especially for SEO. But implementing the secure switch incorrectly can hurt your site and possibly your SEO and cause a sustained loss in traffic.
Steps to Switch
Google’s own recommendations are below:
- Determine if you require a single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates to generate a Certificate Signing Request (CSR) on your webserver
- Make sure to maintain a current SSL certificate
- Use relative URLs for resources that reside on the same secure domain
- Redirect to HTTPS pages by server-side 301 HTTP redirects (mod_rewrite is common)
- Update your robots.txt to allow your HTTPS pages to be crawled
- Check that your website returns the correct HTTP status code
- Get and configure the required TLS certificates on your server
More from Google Support:
Avoid irrelevant redirects
Don’t redirect many old URLs to one irrelevant destination, such as the home page of the new site. This can confuse users and might be treated as a soft 404 error. However, if you have consolidated content previously hosted on multiple pages to a new single page, it is acceptable to redirect the older URLs to that new, consolidated page.
Provide errors for deleted or merged content
For content on the old site that will not be transferred to the new site, make sure those orphaned URLs correctly return an HTTP 404 or 410 error response code. You can return the error response code at the source URL in the configuration panel for your new site, or you can create a redirect for a new destination URL and have that return the HTTP error code.
Ensure correct Google Search Console settings
A successful site move depends on correct — and up to date — Search Console settings.
After the move, add the URL to Search Console. If you haven’t already, verify you own both the old and new destination sites in Search Console. Be sure to verify all variants of both the source and destination sites. For example, you should verify www.example.com and example.com, and include both the HTTPS and HTTP site variants if you use HTTPS URLs. Do this for both source and destination sites.
Make sure to read our detailed how-to checklist for how to perform a successful HTTPS site migration.
HTTPS will make your site more secure and Google is ramping up advocacy and signal weight for it. As always the majority of your decision should be based not on chasing algorithm changes, but on optimizing the needs of your business and improving your user experience.
For a more detailed breakdown view our on-demand webinar on HTTPS vs HTTP for SEO.