HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS encrypts the connection between a visitor’s browser and the website, ensuring that data can not be intercepted.
The website you’re on right now uses HTTPS, and these days, most websites do, too. Websites using HTTPS have “https://” at the start of their URLs instead of “http://” — for example, this URL would be encrypted with HTTPS:
https://example.com/blog/seo/
And this URL would be normal (unsecured) HTTP:
http://example.com/blog/seo
According to W3Techs, as of this writing, 85.7% of websites on the Internet use HTTPS by default. But this wasn’t always the case.
And in 2014, Google announced that HTTPS was implemented as a search engine ranking signal. Google wants to deliver the highest-quality experience to searchers, and they found in their testing that using HTTPS as a ranking signal yielded higher-quality search results.
There are hundreds of ranking factors that you could optimize for, such as backlinks, content quality, and user experience signals, but the important thing to know is that implementing HTTPS is table stakes at this point.
HTTPS Is a Google Ranking Factor
When Google announced that HTTPS was a ranking signal, they made it clear that it was a “very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content.”
But that was in 2014. Google realized that they needed to give publishers time to implement HTTPS on their websites; at that time, it wasn’t nearly as common as it is today. Google went on to say that they planned to strengthen the relevance of this signal as a way to encourage publishers to implement HTTPS.
Would switching from HTTP to HTTPS cause an immediate bump in search engine performance?
No, according to a 2023 post from John Mueller, a Search Advocate at Google, on Mastodon:
However, Mueller went on to say that, if anything, implementing HTTPS would be a “tiebreaker”:
And that makes sense, given the popularity of HTTPS today. According to Mueller, it won’t make or break your website’s SEO, but it could be a tiebreaker between two websites competing for the same keyword.
And this wasn’t the first time a member of Google’s team called HTTPs a tiebreaker. Back in 2015, Gary Illyes from Google’s team mentioned that HTTPS is a tiebreaker when quality signals for two websites are identical.
In other words, assuming that two websites are identical in terms of quality of content, backlinks, Core Web Vitals, and so on, we could assume that the website using HTTPS would outrank the website on HTTP.
And according to a now-deleted tweet from Mueller, implementing HTTPS wouldn’t be a factor when it comes to indexing either. In short, Mueller was asked by another Twitter (now X) user if Google would drop a website's rankings as a result of not purchasing an SSL certificate, a requirement for implementing HTTPS.
Mueller responded by saying no, and he added that there are free options available, including one from Let’s Encrypt.
Why Does Google Care?
Ultimately, Google wants to deliver the highest-quality experience to its users (searchers). And websites that use HTTPS provide a better user experience for searchers once they arrive on one of the site’s pages.
With HTTPS, data transmitted between the user and the website is encrypted or, in other words, inaccessible to eavesdroppers looking to access sensitive information.
For example, if a searcher finds an e-commerce website via a Google search result and then decides to create an account and make a purchase with their credit card, that searcher would want their private information — such as their password and credit card number — protected from bad actors looking to steal that information upon submission.
If that searcher’s information had been compromised by a website they found using Google, that would be a low-quality experience provided by Google. And that searcher might trust Google less than they had before.
Google can route traffic to websites using HTTPS with more confidence that those websites are going to provide a high-quality, secure experience for searchers.
HTTPS Report in Google Search Console
Google Search Console (GSC) is a free tool provided by Google for website owners to track search engine performance and diagnose issues with their websites.
In GSC, Google provides an HTTPS report in the Experience tab:
In this case, our website does not have URLs being served on HTTP. However, if it did, Google would highlight any URLs being served via HTTP as critical issues. You can use the Export button at the top right corner of the screen to export a list of these URLs.
You can also inspect URLs manually within GSC to see whether a page is HTTP or HTTPS:
Common Issues or Errors
If you’ve recently migrated from HTTP to HTTPS, there are a few best practices you should keep in mind.
Update Your Sitemap
Your sitemap provides an easy-to-reference list of URLs for Google and search engines to find on your website.
If you’ve recently migrated to HTTPS, don’t forget to update your sitemap with the current version of your URLs. In other words, you don’t want to reference your old HTTP URLs in your sitemap. And if necessary, you can submit a new sitemap to Google within GSC.
Update Your Canonicals
Canonical tags tell Google the primary location (URL) of a webpage. You may have implemented canonical tags globally for all of your webpages.
If you’ve recently migrated to HTTPS, you’ll want to make sure that you update any canonical tags, so that you aren’t pointing Google to the old HTTP version of your webpage as the primary location of that webpage.
In GSC, by inspecting a URL, you can view the user-declared canonical:
Update Existing Internal Links
Internal links help Google understand how all of your webpages are interconnected and related to one another. If you’ve recently migrated to HTTPS, you’ll want to go back to all of your existing internal links and update those links from HTTP to HTTPS, even if those links are already redirecting from HTTP to HTTPS.
In short, by forcing Google to crawl a redirecting internal link, you’re wasting your site’s allotted crawl budget, albeit a small amount.
Final Thoughts
Just use HTTPS.
HTTPS is a small ranking factor, often described as a tiebreaker, and as an SEO, I’m looking for every advantage I can get. Moreover, by using HTTPS, you’ll deliver a more secure experience to the people visiting your website.
These days, many CMS platforms will default to HTTPS. However, if you serve webpages separate from your CMS on your domain, you’ll want to implement HTTPS on those URLs.