Page Experience Matters: HTTPS for Users and Ranking
Did you know that more than 95% of U.S. webpages loaded in Google Chrome are now encrypted? That’s good for websites and users. But not so good for the 5% that have not migrated from HTTP to HTTPS.
This article is part of our series on page experience. It highlights why HTTPS is important for everyone, but especially so you can equip your webpages to qualify for a ranking boost in Google. A secure site is a ranking signal in Google’s page experience update that went live in mid-2021. (Tip: You’ll find more info on the page experience ranking factors at the end of this post.
In this post (and be sure to see the other articles in this series at the end of this one):
What Is HTTPS?
HTTPS, or hypertext transfer protocol secure, secures the data that’s exchanged between a web browser (such as Chrome) and a web server (which stores, processes and delivers your webpages to a user).
Image credit: “What is https?” by TutorialsTeacher.com
As the illustration shows, the difference between HTTP and HTTPS is that the data is not encrypted on HTTP. HTTPS helps protect against attacks that can happen while data is in transit.
Examples of attacks could be:
- A breach of sensitive data like passwords, credit card numbers and health information
- Malware installation onto the user’s computer
- Fake content served up to the user instead of the content they wanted
- Studying the overall browsing activities of users to ultimately discover a user’s identity
HTTPS came about in the ‘90s and originally applied to processing credit card information. But as companies like Google began to push for secure web browsing, HTTPS has become a gold standard for websites.
Why Is HTTPS Important?
HTTPS is important because it helps to protect your website and your website visitors from potential bad actors. HTTPS creates a good user experience, helps instill trust in your website, and protects your revenue.
Google announced back in 2014 that sites with HTTPS would receive a ranking boost albeit a small one. In other words, if your site was not secure but a competitor’s was, their website may rank better, all else being equal.
Will HTTPS be a stronger signal in the future? Maybe.
In its 2014 announcement, Google said that “over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
But in 2017, Google rep Gary Illyes said they didn’t have plans to make it a stronger signal:
No. We revisited the idea a few months back but we decided against it.
— Gary 鯨理／경리 Illyes (@methode) April 21, 2017
Another announcement coming from Google in 2015 said it would index HTTPS pages by default:
… we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page.
A secure website can also protect website visitors and revenue. When people reach a webpage that is not secure, they may receive a message that labels it as such. This may cause a person to bounce from the site or abandon their cart.
Image credit: “A secure web is here to stay,” Google Security Blog
Plus, once you enable HTTPS, you can implement HTTP/2 on your site. This is the first major upgrade to HTTP since its inception, and it can improve page load time. Remember that site speed is a signal in Google’s ranking algorithm .
— 🍌 John 🍌 (@JohnMu) April 3, 2016
So it’s a good idea to implement HTTPS for security — and to do it ahead of Google’s page experience ranking update in 2021.
An additional note: I believe HTTPS is a strong trust signal, especially for ecommerce sites. But if everyone is finally HTTPS, then everyone is tied. That means NOT being HTTPS becomes a disqualifier.
How Do You Move to HTTPS?
If you’re ready to move your site to HTTPS, Google offers some good resources to start:
Just like any site migration, it’s common to see fluctuations in rankings and traffic for a period of time. Depending on the size of the site, this can take weeks or more. Traffic should resolve itself after things settle (and you may even see a ranking and traffic boost afterwards).
To avoid pitfalls that could impact your site during the migration, make sure that you:
- Start small by moving a part of the site and testing as you go.
- Do the migration when website traffic levels are lowest.
- Monitor your rankings before and after — there will be some flux but it should work itself out.
- Don’t block HTTPS with robots.txt.
- Don’t forget to 301 redirect all the old URLs to the new ones.
- Make sure your internal links and tags (canonicals, etc.) aren’t referencing the old HTTP URLs.
- Avoid the noindex meta tag on important pages.
- Look for excessive redirects that may cause slow page load times.
- Ensure the content on HTTPS webpages is the same as on HTTP pages.
- Crawl the site after and make sure you get the 200 status code on all pages.
Google offers its best practices for an HTTP > HTTPS move here.
For more details on the coming update, keep reading our Page Experience series:
- What’s the Page Experience Update?
- How to Make a Mobile-Friendly Site
- Intrusive Interstitials & Why They’re Bad for SEO
- HTTPS for Users and Ranking
- Core Web Vitals Overview
- Core Web Vitals: LCP (Largest Contentful Paint)
- Core Web Vitals: FID (First Input Delay)
- Core Web Vitals: CLS (Cumulative Layout Shift)
If you found this article helpful, please share it and consider subscribing to our blog.