What You Need to Know About HTTPS and SEO
By Britt Bischoff on March 17, 2016 in Digital Marketing
Why is everyone talking about HTTPS recently? What are the benefits of doing so? What does HTTPS have to do with SEO? Should you switch your site to HTTPS? So many questions, and thankfully, I have some answers for you in this post. Plus, learn about common problems and how to fix them, and what you need to know before you get started.
You seem like a smart cookie, so I'm not going to belittle you with boring definitions and lessons on how the internet works. Here's my one sentence summary of HTTP and HTTPS as a recap:
HTTP (HyperText Transfer Protocol) rules the communication between browsers and servers. HTTPS (HyperText Transfer Protocol Secure) is simply the secure version of HTTP, encrypting the data exchanged so your information is kept secret and safe.
Should I enable HTTPS on my site?
“But, I don’t sell anything on my site” or “I’m not asking for credit card information.”
Even if you’re not asking for financials on your site, it’s to your visitor’s benefit to protect their privacy by keeping their information confidential and secure anyway. It is to your benefit to do so by protecting your site from being compromised and save yourself from the potentially embarrassing (and costly) consequences of compromised data.
Here’s some helpful guidelines to determine if you should or shouldn’t. Does your site have:
- User logins
- Newsletter subscriptions
- Ability to manage a shopping cart
- Item searches
Basically any time you’re asking users to volunteer their information or can tie their behavior on your site to their identity is a valid reason for encryption (this goes for browsing history too).
Ranking factors aside, HTTPS is a best practice as it ensures that your information and conversations are kept private, no one can mess with your data, and who you’re talking to on the other end is truly who they claim to be. Doesn’t this sound like something you’d expect from every site in 2016?
Let’s talk about how HTTPS impacts SEO
Google has subtly been pushing websites in the direction of HTTPS for all types of websites to make a more secure browsing experience. In 2014, they added HTTPs as a light ranking factor and declared their preference for HTTPS, although any boosts in search visibility and rankings were minimal. At that time, Google also gave the warning that they plan to improve this ranking factor and make it a stronger ranking signal in the future.
At the end of 2015, Google began cracking down on HTTP sites even further with issued warnings for SSL/TLS certificates not matching domain names (which some browsers have a hard time telling that your site is secure and may inadvertently block users from accessing). And in December, Google announced that moving forward, they’ll automatically index HTTPS pages first before the HTTP version, making HTTPS the default preferred version of your site. From your HTTP version site, Google will look to see if you have the same pages on HTTPS, and if found, will index the HTTPS version. Google will do this automatically if you haven’t set any redirects, canonicals, or preference for HTTP in your markup. It sounds like the lazy man’s plan to rely on, but is not ideal for SEO and there’s still work to do (see below).
Why does Google care?
Their mission is to help make the web a better place and to improve user security. Because most sites weren’t moving toward HTTPS, Google did what they had to by incentivizing websites to prioritize security.
SEO benefits of moving your site to HTTPS:
- Small ranking boosts (at this time)
- HTTPS may serve as a tiebreaker between two equal pages / sites ranked
- Adds trust and legitimacy to a site
- Gives you an edge in a competitive niche
- Better referral data in Google Analytics (less traffic grouped into “direct” and funneled where it is actually meant to go)
- Long term conversion boosts. Added user trust shows greater likelihood of conversion in the long run.
Enabling HTTPS isn’t without its challenges...:
- Google considers HTTP and HTTPS as separate URLs, which creates duplicate content issues without always-on HTTPS.
- Diluted value due to duplicate content and indexing
- Tracking and reporting issues
- Inadvertent blocking HTTPS urls in robots.txt
- Inconsistent use of HTTPS when both HTTP and HTTPS enabled. This can happen when preference is set for the wrong protocol.
- When HTTPS isn’t always on, not only does this present issues with consistent data encryption
- A common issue that arises even after enabling ssl/tls, your HTTPS URLs don’t display in search results. This often happens because you’re communicating to Google to display your HTTP version instead. You could also have some crawl issues, noindex settings blocking indexation of your HTTPS version, among other problems.
- Both HTTP and HTTPS page versions are indexed, creating duplicate content, divided value, and inconsistent user experience
- Canonical tags pointed at the wrong protocol (http vs https)
- Site speed issues if you’re not using best practices
- Resetting social share counts on pages
Ready to go HTTPS? Here’s what you can do to avoid a disastrous move:
- Default to always-on HTTPS. Meaning, if you’re going to go HTTPS - commit it across your entire domain.
- Permanently redirect pages and users to HTTPS version by 1-1 matching.
- Set canonical links on each page to recognize the HTTPS page as the original / preferred.
- Don’t include insecure elements (images, includes, embeds, videos, etc). Make sure this all uses HTTPS.
- Don’t block HTTPS from robots.txt
- Make sure your sitemap lists the HTTPS version instead of HTTP
- Be consistent in your links so that they always link to the HTTPS version. Fix any links that don’t. It’s recommended by Google to use relative links (/page1) if you’re linking to pages within your site, and to include the HTTPS protocol (https://www.yoursite.com/page1) if you’re linking from another website.
- Add the HTTPS version in Google Search Console and submit the HTTPS
- Update your Google Analytics tracking with HTTPS
- Consider the type of certificate. While Google doesn’t care what type of certificate you have, it makes an impression on users and seeing the SSL with errors (grey padlock with yellow warning symbol) isn’t very reassuring.
- Don’t let your certificate expire.
- Maintain social share counts on your site with hacks to your social share buttons with the new endpoint URLs.
- Monitor your site traffic after the move.
My recommendation is to default to HTTPS if you’re in the position to do so. If you’re in it just for the ranking benefits, keep in mind that it’s still a very insignificant factor at the moment. Other major ranking factors still trump HTTPS as a signal.
This isn’t a magic fix, and you’re likely not going to notice the benefits immediately. Although HTTPS is better for your site, users and SEO in the long run, there will be implications to switching to HTTPS and you should expect a temporary loss in traffic. Taking the necessary precautions I’ve outlined in this post will help better prepare and minimize negative impacts of transitioning to a secured site.
What questions do you have about HTTPS? Fire away in the comments below!