The Impact of HTTP vs. HTTPS in SEO
These days site security is an increasingly important part of search engine optimization. Ever since Google announced its call for a move toward a more secure internet overall, marketers have found having a secure website a lot more important.
In simple terms this means going from HTTP to HTTPS for SEO strategy. That’s because now site security is actually one of the many ranking signals that search engines like Google use to help rank and understand websites – which means that businesses that want to improve organic traffic shouldn’t forget about this technical aspect of their website set up.
So what’s the difference between HTTP and HTTPS in SEO? Well here’s the basics: HTTP stands for “hyper text transfer protocol” and HTTPS stands for “hyper text transfer protocol secure.” What this means in technical terms is a bit complex, but in effect websites with a secure protocol are able to transfer data to-and-from internet browser with encryption – much better for security.
For SEO, HTTP to HTTPS upgrades can help websites not just appear more legitimate, and put shoppers at ease, they can also help search engine crawlers determine the quality of a site by signaling an intent to provide visitors a safer experience. Plus, for websites where people may need to enter personal info, fill out forms, create accounts, or enter credit-card numbers – using proper website security is a must-have! Particularly for Google SEO, HTTP to HTTPs improvements can have a big impact.
Here’s what it means, and what businesses should do for their SEO strategy.
HTTP vs HTTPS in SEO
Site security first became a thing in SEO back in 2014 when Google famously called for “HTTPS everywhere” at its I/O conference. Later they announced that the “HTTPS protocol” and security in general would become an official ranking “signal” for its search engine algorithm.
Google also said at Share16 in 2014 that it would start marking non-secure pages, emphasizing that “HTTPS and making sure your site is secure is an imperative at this point…”
This means that for better SEO and better search rankings, businesses should set up their website using HTTPs across their whole domain.
For websites and online businesses that want to improve their search engine rankings, site-security as a ranking factor is very straightforward: their website, and all of their pages should be HTTPS. Going from HTTP to HTTPS can have an SEO impact for the better.
So what’s the actual difference between HTTP vs HTTPS in SEO? Basically, the hyper text transfer protocol is a structure for transferring data from a user’s computer, to a website’s server, and back. It’s how the HTML and other information is transferred from the internet to a browser. HTTPS is functionally the same as HTTP except that it that it uses something called “secure socket layer” protection (SSL) for transporting data. HTTP uses a standard port when connecting to a server, whereas the secure protocol uses the TCP Port 443 by default.
This means that sensitive information that’s entered into website by users is protected and more secure. The SSL security measure encrypts the data being sent to and from web users – preventing it from being intercepted by hackers.
Here are three key differences with the protection that TLS provides for your website:
- It encrypts the data being sent to keep it secure from hackers, eavesdroppers, or thieves that would want to take personal information.
- Data is kept reliable, meaning that it can’t be changed, modified or corrupted when moving between a user’s computer and the website server.
- It provides “authentication” that proves to visitors that what they are seeing comes from the intended website and is legitimate (helping protect against “man-in-the-middle-attacks”).
Google SEO with HTTPS web design
Google uses several hundred signals as part of its algorithm for ranking websites in search results and HTTPS is only one of them. In fact, it’s a relatively lightweight ranking signal. Other major algorithmic signals like backlinks, content, and meta data are still going to be the most important SEO strategies.
Additionally, Google has confirmed that site-security and HTTPS protocols are not considered when indexing a site. They are only a lightweight ranking signal and will have no effect on whether a site is added to the search index.
Yeah, that’s wrong. HTTPS is not a factor in deciding whether or not to index a page, at all. We do use HTTPS as a light-weight ranking factor, and having HTTPS is great for users. A free certificate from Let’s Encrypt works just as well.— 🍌 John 🍌 (@JohnMu) January 29, 2019
Additionally, the HTTPS protocol acts as more of a “tie-breaker.” It’s SEO impact may be relatively low compared to other more important on-page and technical factors, but it may be the one thing that gives you a slight edge against competitors where all other factors are close to being equal. Google’s John Mueller sheds some light on this in one of his “office hours” hangouts:
Google’s Gary Illyes, from their public Search Relations Team has said that the secure-protocol signal “affects enough queries measurably that I wouldn’t ignore it.” In fact, even “invalid” HTTS security certificates (like expired certificates) can maintain an SEO ranking boost – though obviously best practice is to maintain these for long-term results.
Here’s what Google’s Search Console Help documents say about the HTTP-to-HTTPS SEO impact:
“HTTPS sites receive a small ranking boost, but don’t expect a visible change. Google uses HTTPS as a positive ranking signal. This signal is one amongst many others, and currently carries less weight than high-quality site content; you should not expect a major SEO advantage for moving to HTTPS in the short term. In the longer term, Google may increase the strength of the HTTPS boost.”
Site security also has other good, general implications for digital marketing. It can improve other marketing efforts by helping your site appear more legitimate and trustworthy to visitors; afterall people are more likely to share and revisit a site if they feel that it’s safe and legitimate. Secure site design can help not just SEO but also potentially improve dwell time, reduce bounces, increase back-link growth/referral traffic, and it may increase conversion rate (CR) in situations where shoppers might otherwise hesitate to provide credit card info or create an account.
Getting your site secure
Businesses and brands that want to improve SEO with HTTPS across their site should talk to their web developer about the issue – but in most cases using HTTPs is already the norm (with some exceptions).
To migrate from HTTP to HTTPs for an SEO impact, website owners may need to work with their web host/CDN to get their website domain set-up properly. They might also have to consider configurations based on which content management system (CMS) they are using – such as WordPress, Magento, Shopify, Wix, etc. The act of moving over won’t hurt SEO performance, but businesses should expect some possible temporary fluctuations in their SEO performance after they switch – Google will treat the change the same as a site move with URL changes.
Otherwise the best practice these days is to ensure that a website is set up with a secure protocol from the start. Ensure your website is built with HTTPS for better pre site-launch SEO.
Follow Google’s guidance on moving a site to a secure protocol – as well as their best practices for HTTPS. Here’s how you can move your site from HTTP to HTTPS with minimal SEO impact and search ranking issues:
- The migration does not have to be done all at once. It’s fine to move sections of a site, or individual URLs over to HTTPS in sections.
- Security best practices should be used anytime individual URLs are changed, when domain names are changed (such as moving from “example.com” to “example.net”), when merging multiple domains together, or when URL paths are changed (like changing “example.com/page.php?id=1” to “example.com/widget” or “example.com/page.html” to “example.com/page.htm”)
- Redirecting page URLs with 301 or 302 redirects will not harm SEO performance with PageRank.
- Be sure to add the HTTPS property to Search Console. The non-secure domain in Search Console won’t provide data for a live version of a site using HTTPS.
- You must obtain a legitimate security “certificate” as a part of enabling HTTPS for your site. Be sure to get the certificate from a legitimate source.
- It’s best to use server-side, permanent 301 redirects when moving old non-secure URLs to HTTPS.
- Make sure that your HTTPS pages can be crawled and indexed by Google. Don’t block your HTTPS site from crawling using robots.txt or “noindex” meta tags.
- Support HSTS (although this is not an SEO ranking factor).
- Make sure that your HTTPs certificate is constantly up-to-date and does not expire.
- Ensure that your new website has an accurate sitemap with HTTPS URLs, submit your sitemap in Search Console to make sure that Google can crawl and find pages easily.
It’s also important that websites don’t have any mixed content. HTTPS security for your domain is crucial to on-page SEO for sites where users want to feel safe putting in their personal information or payment info, but many sites don’t realize that “mixed content” can still hurt their search engine optimization.
Mixed content refers to when a page/website might have an HTTPS based URL, but where individual HTML elements and on-page resources might be delivered with non-HTTPS URLs. The initial HTML will be loaded using an HTTPS connection, but other resources (like images, videos, stylesheets, scripts) are loaded over a non-secure HTTP connection.
Part of following on-page SEO best practices means ensuring that your site is built entirely with secure-protocols. This can improve the actual security of your site, as well as the SEO performance.
How to check your HTTPS security for SEO
Here’s how to check your site and make sure that you are set up for Google SEO between HTTP vs. HTTPS. Fortunately, there are a couple free tools that can help.
Website owners or marketers can go through a simple technical SEO audit checklist to make sure they’re set up correctly for search.
You can check your website’s pages for HTTPS by looking in your browser to see if HTTPS is shown at the front of the URL – in browsers like Chrome, a little lock icon is shown. It’s also a good idea to check for multiple versions of the site (by substituting https://www, https://, https://, https://www) to make sure that each one is redirected to one main HTTPS version.
The MozBar browser extension can also help clarify whether the site is delivering an HTTPS version of a page – as well as whether redirects are in place. The image below shows an example of a page that is redirected to an HTTPS version as shown with the Moz browser extension.
Google’s Lighthouse browser plugin can be used to verify if a site has a healthy HTTPS status. With the plugin installed, select “Options” and make sure the “Best Practices” box is checked, then click “Generate Report.” This tool will generate a report, and once it’s loaded users can verify that under Best Practices > Passed Audits the report reads: “Uses HTTPS.”
An example might look like this:
Also, a version of the Lighthouse tool is built into Chrome, which means sites can check their site security within the browser. Run Lighthouse in your browser to check for any mixed content, here’s how: on the page right-click and select “Inspect”, on the following menu go to “Audits” and then click on “Generate Report.”
It will look like this:
Websites with mixed content or HTML elements that are still sent over HTTP should work to fix or update their site to move completely from HTTP to HTTPs for better SEO.
Have more questions about HTTP vs. HTTPs in SEO? Contact our team to learn how to grow your organic performance online with strategic SEO services. Fill out the form below to get in touch.