It’s rare that Google reveals any of its actual ranking factors, so it came as a big surprise when representatives announced they would reward sites using HTTPS encryption with a boost in search results.
HTTPS isn’t like other ranking factors. Implementing it requires complexity, risks, and costs. Webmasters balance this out with benefits that include increased security, better referral data, and a possible boost in rankings.
Google’s push for HTTPS adoption appears to be working. A recent Moz Poll found 24% of webmasters planning to make the switch.
SEO advantages of switching to HTTPS
In addition to the security offered (which we’ll discuss below), there are additional SEO benefits for marketers to take advantage of.
1. More referrer data
Whenever traffic passes from a secure site to a non-secure site, the referral data gets stripped away. This traffic shows up in your analytics report as ‘Direct.’ This is a problem because you don’t know where the traffic actually comes from.
If you use HTTP, traffic from sites like Hacker News shows up as ‘direct’, because Hacker News uses HTTPS.
Fortunately, there’s a simple solution: when traffic passes to an HTTPS site, the secure referral information is preserved. This holds true whether the original site uses HTTP or HTTPS.
As more and more sites make the switch, this becomes increasingly important.
2. HTTPS as a rankings boost
On one hand, Google has confirmed the ranking boost of HTTPS. On the other hand, with over 200 ranking, it’s likely you’ll find the effect of any ranking influence to remain quiet small.
In fact, a recent study by Search Metrics showed no detectable advantage to sites using HTTPS.
Like most ranking signals, it is very hard to isolate on its own.
In fact, don’t expect HTTPS to act as a silver bullet. If rankings are your only concern, there are likely dozens of things you can do that will have a bigger impact. Here are several:
14 SEO activities more impactful than HTTPS:
3. Security and privacy
Many people argue that HTTPS only provides an advantage if your site uses sensitive passwords. That’s not exactly true. Even regular boring content websites can benefit from SSL encryption.
HTTPS adds security in several ways:
- HTTPS verifies that the website is the one the server it is supposed to be talking to,
- Because HTTPS prevents tampering by 3rd parties, it stops Man-in-the-middle attacks, making your site more secure for visitors.
- HTTPS encrypts all communication, including URLs, which protects things like browsing history and credit card numbers.
My advice is this: Make the switch if doing so is reasonable for your business. Security and trust add to the small ranking gains, making it worth the effort if you can.
Challenges to overcome with HTTPS
1. Mistakes happen
Moving your entire site to HTTPS requires many moving parts. It’s easy to overlook important details.
- Did you block important URLs in robots.txt?
- Did you point your canonical tags at the wrong (HTTP) URL?
- Is your website causing browser bars to display warnings that frighten people away from your site? (Side note: That’s the very first article I wrote for SEOmoz!)
While rare, these problems do happen. Moz has spoken privately with webmasters who have seen both rankings and conversions plummet after implementing HTTPS.
In most cases it’s a simple fix, but beware the risk.
2. Speed issues
Because HTTPS requires extra communication “handshakes” between servers, it has the potential to slow down your website – especially on slower sites.
Add to this the fact that speed is itself a ranking factor, especially on mobile.
The good news is, if you follow best practices your site should be more than fast enough to handle HTTPS. New friendly technologies like SPDY offer you the opportunity to speed up your website more than ever before.
Many webmasters pay between $100-200 a year for SSL certificates. That’s a significant amount for small websites. It’s also a barrier that most spammers won’t bother with.
On the other hand, it’s completely possible to switch to HTTPS for free.
4. Not everything is ready for HTTPS
Sometimes, things don’t play well with HTTPS. Older web applications can have trouble with HTTPS URLs. (Fortunately, Moz updated Open Site Explorer just this year.)
If you run AdSense, you may see your earnings fall significantly, as Google will restrict your ads to those that are SSL-compliant.
Even Google’s own Webmaster Tools doesn’t yet support HTTPS migration. The world may be moving toward 100% SSL encryption, but in the meantime be prepared for growing pains.
Growing number of sites using HTTPS
Lots and lots of sites use HTTPS today, but most restrict usage to checkout and registration pages.
Very, very few sites use HTTPS sitewide.
According to the latest statistics from BuiltWith, only 4.2% of the top 10,000 websites redirect users to SSL/HTTPS by default. While that number appears small, the percentage drops to 1.9% for the top million sites.
This number is likely to increase in the very near future as more websites pursue adoption.
SEO and HTTPS best practices
This post talks about the SEO implications of switching to HTTPS. If you are looking for a technical guide, there are several we’d recommend:
- Moving Your Website to HTTPS / SSL
- Switch to HTTPS Now, For Free
- HTTPS for WordPress
- How to Deploy HTTPS Correctly
What type of SSL certificate works best?
Companies offer a myriad and confusing array of SSL certificates. The two primary ones to pay attention to are:
- Standard Validation SSL – Standard level of validation. Typically cost between $0-$100.
- Extended Validation SSL – Offers the highest level of validation and often costs between $100-500.
From a rankings point of view, it makes absolutely no difference what type of certificate you use. For now.
John Mueller of Google has stated that Google doesn’t care what kind of SSL certificate your website uses, but that may change in the future.
From both a security and user experience point of view, the type of certificate you choose can have an impact. Consider how different certificates alter how your website appears in the web browser address bar.
The green bar associated with extended certificates communicates trust, while the warning symbols associated with errors can cause worry with visitors.
SEO checklist to preserve your rankings
- Make sure every element of your website uses HTTPS, including widgets, java script, CSS files, images and your content delivery network.
- Use 301 redirects to point all HTTP URLs to HTTPS. This is a no-brainer to most SEOs, but you’d be surprised how often a 302 (temporary) redirect finds its way to the homepage by accident
- Make sure all canonical tags point to the HTTPS version of the URL.
- Use relative URLs whenever possible.
- Rewrite hard-coded internal links (as many as is possible) to point to HTTPS. This is superior to pointing to the HTTP version and relying on 301 redirects.
- Register the HTTPS version in both Google and Bing Webmaster Tools.
- Use the Fetch and Render function in Webmaster Tools to ensure Google can properly crawl and render your site.
- Update your sitemaps to reflect the new URLs. Submit the new sitemaps to Webmaster Tools. Leave your old (HTTP) sitemaps in place for 30 days so search engines can crawl and “process” your 301 redirects.
- Update your robots.txt file. Add your new sitemaps to the file. Make sure your robots.txt doesn’t block any important pages.
- If necessary, update your analytics tracking code. Most modern Google Analytics tracking snippets already handle HTTPS, but older code may need a second look.
- Implement HTTP Strict Transport Security (HSTS). This response header tells user agents to only access HTTPS pages even when directed to an HTTP page. This eliminates redirects, speeds up response time, and provides extra security.
- If you have a disavow file, be sure to transfer over any disavowed URLs into a duplicate file in your new Webmaster Tools profile.
Tips for FeedBurner and RSS
Many sites still use FeedBurner for RSS feeds. Unfortunately, Google stopped supporting it long ago and FeedBurner isn’t compatible with HTTPS.
If you use FeedBurner, you’ll need to migrate your RSS to an HTTPS-compatible service. If you’re technically competent you can do this yourself, or FeedPress has a very inexpensive RSS migration solution.
Migrating social share counts
When migrating to HTTPS, you often want to preserve you social share counts. These are the numbers that display in social share buttons.
These counts don’t impact your rankings (as far as we know) but they act as strong social proof, and it’s frustrating to migrate a page with thousands of tweets and likes only to see them reset to zeros.
In fact, some social networks will transfer the social counts through their APIs, but it may take weeks or months for them to show up correctly. Here’s a list of what does and doesn’t eventually transfer over:
- Facebook: Yes
- Twitter: No
- Google +1s: Yes
- Google shares: No
- LinkedIn: Yes
- Pinterest: No
If you want instant karma, Mike King wrote an excellent tutorial on how to preserve your social share counts by altering the code of your social buttons. We used this method on Moz when we migrated from SEOmoz in order to preserve the counts on our content.
Example button codes to preserve social shares (edit for your site):
<div class="fb-like" data-href="http://moz.com/blog/10-tools-for-creating-infographics-visualizations" data-send="false" data-layout="box_count" </div>
<a href="https://twitter.com/share" class="twitter-share-button" data-counturl="http://moz.com/blog/10-tools-for-creating-infographics-visualizations" data-url="https://moz.com/blog/10-tools-for-creating-infographics-visualizations" data-count="vertical" data-via="moz">Tweet</a>
<div class="g-plusone" data-size="tall" data-href="http://moz.com/blog/10-tools-for-creating-infographics-visualizations"></div>
Keep in mind: This only displays social shares from the URL you dictate. Because of this, it doesn’t update your counts with any new social shares. This works best with content like older blog posts that are likely not to get many new shares.
If you expect your content to continue to earn social activity, you may simply want to let the numbers update naturally over time.
Making the leap
Much of the web is now moving towards SSL encryption, and within a few years it may even become the default. SEOs, consultants and agencies that become experts know may be rewarded as the popularity of the protocol grows.
Will you make the switch to HTTPS?