The SEO pundits predicted that eventually Google would decide to strengthen or give more ranking benefits to HTTPS sites to keep online users secure. And those pundits were right -- HTTPS is now crucial to your search rankings.
On April 21st, 2017, Google's Gary Illyes said on Twitter that Google has no plans to increase the weight of the HTTPS ranking boost, more than it already is. He said, "we revisited the idea a few months back but we decided against it."
Here is Gary's tweet:
Though Google denies increasing the importance of HTTPS sites, 50% of Google’s search results have HTTPS URLs in them. Therefore, going HTTPS is wise and Google will carry over all your ranking signals when you make the switch, provided you follow the correct process.
Google also reported that a record 50% of all desktop page loads are HTTPS. The world's top 100 sites run HTTPS, including Amazon, Facebook, Twitter, Wikipedia and all Google sites. Google gives the ranking boost solely based on the fact that the URL starts with HTTPS.
What Google has to say about HTTPS Ranking Boost
Google made it clear that secure websites are important for them:
"At Google, user security has always been a top priority. Over the years, we’ve worked hard to promote a more secure web and to provide a better browsing experience for users. [...]
We also started giving a slight ranking boost to HTTPS URLs in search results last year. Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification.
This is why we’ve been strongly promoting HTTPS everywhere."
From January 2017, with the Chrome(Chrome 56 Update), Google has already started implementing strict guidelines to make the entire web a safe place?
HTTPS and Google Chrome Update (Chrome Update 56)
It's clear that Google prefers HTTPS and wants to make the web a more secure place.
Google Chrome is now explicitly labeling HTTP connections as non-secure. According to the Google Security Blog, all HTTP pages that collect passwords or credit cards will be marked as non-secure to ensure web security.
Today, Chrome users receive a warning message every time they access an HTTP site. The Mozcast says that Google Search Engine prefers sites that are HTTPS, if they are equal in all other respects.
Chrome will indicate all HTTP-only sites with a “neutral indicator”, including a mild warning that the information on that particular site is not secure. On the other hand, HTTPS sites will feature a lock symbol and the word "Secure" next to the URL, which indicates to the user that the information sent to this site is private. In the near future, Google plans to label HTTP pages as “non-secure” in Incognito mode and to change the neutral security indicator for HTTP to a red triangle (see example below).
HTTPS vs HTTP
Though there's only one letter difference between the two URLs, that additional "s" makes a world of difference.
HTTPS URLs begin with “https://” and use port 443 by default, whereas HTTP URLs begin with “http://” and use port 80 by default.
HTTP + SSL = HTTPS
Why migrate to HTTPS?
Data Protection and security are by far the biggest advantages of HTTPS, but in fact page speed is also better for an HTTPS site. In a study conducted by http vs https.com, it was found that an HTTP page loads a staggering 334% slower than HTTPS.
Since 2014, when Google began a serious push to get webmasters to switch to HTTPS, encrypted sites have earned a boost in rankings over their HTTP counterparts. In 2014, Google started using this as a ranking signal, giving time for webmasters to switch to HTTPS and started indexing HTTPS pages by default. Google does not rank HTTP website as well as it could, and in fact the search engine has even started to penalize HTTP sites. Chrome says flagging HTTP sites as not secure is just one step in a long list of upcoming changes.
Without trust, a customer journey is dead. Building trust and credibility goes a long way, which is why global leaders like Google and Mozilla are putting their weight behind making the web a more secure place. A secure website is a good thing and consumers prefer a secure website they can trust. An HTTPS website is trusted by the browser, based on the certificate authority pre-installed in their software.
So, you have every reason to switch to HTTPS, protect your site and users with an SSL certificate and migrate. With HTTPS becoming easier and cheaper than ever before, don’t wait to make the switch.
How HTTPS works
HTTPS protects visitors by signaling to the browser that it should use an added encryption layer of SSL/TLS. It protects against eavesdropping when adequate cipher suites are used and the server certificate is verified. It encrypts the request URL, query parameters, headers and cookie which often contain identity information about the user.
For a site with an invalid certificate, most browsers will display a warning message. In the case of sites with an invalid certificate, newer browsers display a warning across the entire window while the older browsers display a dialog box asking whether to continue. Extended validation certificates turn the address bar green in newer browsers. The user will receive a warning while visiting a site that contains a mixture of encrypted and unencrypted content. For some browsers, a “lock” sign may appear.
A website hard coded to work only in https will get an error while working with http. Similarly, an error message is displayed, if the port 80 is disabled by the Admin.
Current Trend
As of June 2016, 10.2% of Alexa top 100,000 websites use HTTPS as default, 43.1% of the internet’s 141,387 most popular websites have a secure implementation of HTTPS and 45% of page loads (measured by Firefox Telemetry) use HTTPS.
According to Mozilla, since January 2017, more than half of the web traffic is encrypted.
Firefox uses HTTPS for Google search as version 4. The add-on called HTTPS Everywhere available for Mozilla Firefox enables HTTPS by default for hundreds of frequently used websites.
According to Pete Meyers from Moz, 50% of page one search results are HTTPS. Experts predict 70% of the page one results will be HTTPS by the end of 2017.
Here is a chart from Moz showing the 50 percent mark, and the estimated trend
While I was researching HTTPS sites, I found that on an average 8 out of 10 of the search results in SERP are HTTPS sites.
HTTPS and other Search Engines
I found a similar trend in the other search engines too (Bing, Yahoo, DuckDuckGo). 8 out of 10 rankings on the first page are HTTPS sites.
Below are the screenshots of the SERP for “HTTPS vs HTTPS” from Bing, Yahoo and DuckDuckGo respectively.
Bing SERP
Yahoo SERP
DuckDuckGo SERP
Switching to https
Having concerns, migrating to HTTPS? Here is a simple guide on how to implement HTTPS on your site.
For years, Google has been telling webmasters that it is safe to switch from HTTP to HTTPS. But, in the process, ensure that your organic traffic doesn’t suffer. First and foremost, communicate to Google that you've switched over. Google has updated Google Webmaster Tools to better handle HTTPS sites and the reporting on them.
Google has given a few tips on how to switch to https:
- Select the kind of certificate (single, multi-domain, wildcard)
- Use a 2048-bit key certificate
- For resources that reside on the same secure domain, use relative URLs
- For all domains, use protocol relative URLs
- Don’t block your HTTPS site from crawling using robots.txt
- Create a URL map of your site and redirect
- Allow indexing of your pages by search engines and avoid the noindex robots meta tag.
- Carefully track HTTP to HTTPS migration in your analytics software and within the Google Webmaster Tool
Though there are many SEO concerns to consider, when Google itself says to do it, let’s do it.
Limitations
Though HTTPS come with many benefits, as a website owner, you should be aware of both the benefits and limitations.
- Many advertising networks do not provide SSL compliant ads. Thus placing the ad code on a site with an SSL certificate, the site is not secure which defeats the purpose of the SSL certificate.
- Moving your entire site to HTTPS requires many moving parts and it's easy to overlook important details.
- Since HTTPS requires extra communication between servers, it may slow down your website (speed is itself a ranking factor).
- Many webmasters pay a large amount per year for SSL certificates.
- Older web applications can have a problem with https URLs.
- Most sites use FeedBurner to burn RSS Feeds which is not supported by Google since they can’t handle feeds served from HTTPS.
- The migration of your social share can be frustrating.
The Takeaway
When Google itself is thinking of adding “loads of things” and focussing on easy site migration, it is evident that Google gives ample importance for web security through HTTPS. Though Google wouldn’t share the details, one is reminded of the changes it deployed for few sites which had difficulty in migrating to HTTPS [ e.g. Yelp].
A webmaster can balance the complexity, risks, and costs in implementing HTTPS with the SEO benefits it brings with it, which includes security, better referral data and boost in rankings. With the majority of the web moving towards SSL encryption, experts believe that in a few years time it would become the default and Google might increase the ranking benefit of SSL certificates over time. It's high time to look into getting SSL on your site! If you're not sure where to start with, consult our experts at Techwyse Internet Marketing Inc.
With people relying more on the internet these days than just to hang out, as a developer or website owner, we are responsible for ensuring the customers have a safe web experience.
Experts are of the view that in the future it will make a bigger impact and if you expect to get a significant amount of search traffic in the coming years, plan on switching to HTTPS.