In the latest Google Lightning Talks video, John Mueller provides an introduction to HTTPS and goes over the basics of site migrations.
Mueller’s presentation includes the following talking points:
- How HTTPS works
- Why you might want to use HTTPS
- How to migrate from HTTP to HTTPS
- Common questions about HTTPS
Here’s a quick recap of each section of the video.
What is HTTPS?
HTTPS is a secure connection between sites and users. It protects websites from unwanted activity.
Why use HTTPS?
Website Security
When it comes to website security, HTTPS ensures three things:
- Authentication: Users can be certain they’re engaging with your website and not an intermediary.
- Data integrity: A secure connection prevents data tampering, so users see your content as intended.
- Encryption: Information exchanged between a website and its users will be kept safe.
Web Browser Requirement
Another reason to use HTTPS is because modern browsers require it in order to utilize certain features.
HTTPS is required for the following types of features:
- Geolocation
- Auto-fill for forms
- Camera
- Progressive web apps (PWA)
- Push notifications
- Caching
“Not Secure” Label in Address Bar
There’s no hiding whether or not your site uses HTTPS, as it’s highlighted within the browser address bar.
Non-HTTPS sites are labeled in red as “Not secure,” while sites with HTTPS are labeled “secure” in green.
Because HTTPS should be active by default, some web browsers will only point out the lack of HTTPS.
Related: Google Chrome to Start Warning Users About Insecure Forms
Slight Ranking Boost
Google gives pages that use HTTPS a slight ranking boost in search results.
However, toward the end of the video, Mueller goes on to say the ranking boost is “quite small.”
HTTP pages can still rank over HTTPS pages when the content is more relevant to the query.
Migrating to HTTPS
HTTPS URLs are different than their HTTP counterparts.
That means migrating from one to the other involves redirecting every single HTTP URL to the equivalent HTTPS URL.
Mueller breaks down the migration process into the following steps:
- Set up your HTTPS site
- Verify ownership in Google Search Console
- Test the HTTPS site extensively
- Redirect all HTTP URLs to HTTPS URLs
- Monitor the migration in Google Search Console
- Optional step: Set up HTTP Strict Transport Security (HSTS)
Common Questions About HTTPS
How long do I need to keep the redirects?
Redirects should remain in place forever. There’s never a reason not to redirect from HTTP to HTTPS.
Can I move just a few pages?
Technically it’s possible to move just a few pages to HTTPS. In practice, Mueller says it’s not much more work to move the whole site over, which is what should be done anyway.
Which HTTPS certificate should I use?
Any certificate that’s supported by a modern web browser is fine. Mueller specifically suggests free certificates from the non-profit organization Let’s Encrypt.
How long does a migration take?
Google has a lot of experience with HTTPS migrations, Mueller says, so they can usually be processed within a week.
Will the migration hurt my site’s ranking?
“Usually not,” Mueller says. After all, it’s still the same site. If anything, rankings may benefit from the slight boost mentioned earlier.
Can I revert if needed?
Technically, yes. But it’s not recommended. Instead of moving back, Mueller recommends fixing any issues you have and moving forward.
For more detail on any of the above sections, see the full video below: