Advertisement
  1. SEJ
  2.  ⋅ 
  3. News

Google Lightning Talks: HTTPS Explained

Google’s John Mueller explains what HTTPS is, why sites should use it, and answers common questions from site owners.

Google Lightning Talks: HTTPS Explained

In the latest Google Lightning Talks video, John Mueller provides an introduction to HTTPS and goes over the basics of site migrations.

Mueller’s presentation includes the following talking points:

Here’s a quick recap of each section of the video.

What is HTTPS?

HTTPS is a secure connection between sites and users. It protects websites from unwanted activity.

Why use HTTPS?

Website Security

When it comes to website security, HTTPS ensures three things:

  • Authentication: Users can be certain they’re engaging with your website and not an intermediary.
  • Data integrity: A secure connection prevents data tampering, so users see your content as intended.
  • Encryption: Information exchanged between a website and its users will be kept safe.

Web Browser Requirement

Another reason to use HTTPS is because modern browsers require it in order to utilize certain features.

HTTPS is required for the following types of features:

  • Geolocation
  • Auto-fill for forms
  • Camera
  • Progressive web apps (PWA)
  • Push notifications
  • Caching

“Not Secure” Label in Address Bar

There’s no hiding whether or not your site uses HTTPS, as it’s highlighted within the browser address bar.

Non-HTTPS sites are labeled in red as “Not secure,” while sites with HTTPS are labeled “secure” in green.

Because HTTPS should be active by default, some web browsers will only point out the lack of HTTPS.

Related: Google Chrome to Start Warning Users About Insecure Forms

Slight Ranking Boost

Google gives pages that use HTTPS a slight ranking boost in search results.

However, toward the end of the video, Mueller goes on to say the ranking boost is “quite small.”

HTTP pages can still rank over HTTPS pages when the content is more relevant to the query.

Migrating to HTTPS

HTTPS URLs are different than their HTTP counterparts.

That means migrating from one to the other involves redirecting every single HTTP URL to the equivalent HTTPS URL.

Mueller breaks down the migration process into the following steps:

  1. Set up your HTTPS site
  2. Verify ownership in Google Search Console
  3. Test the HTTPS site extensively
  4. Redirect all HTTP URLs to HTTPS URLs
  5. Monitor the migration in Google Search Console
  6. Optional step: Set up HTTP Strict Transport Security (HSTS)

Common Questions About HTTPS

How long do I need to keep the redirects?

Redirects should remain in place forever. There’s never a reason not to redirect from HTTP to HTTPS.

Can I move just a few pages?

Technically it’s possible to move just a few pages to HTTPS. In practice, Mueller says it’s not much more work to move the whole site over, which is what should be done anyway.

Which HTTPS certificate should I use?

Any certificate that’s supported by a modern web browser is fine. Mueller specifically suggests free certificates from the non-profit organization Let’s Encrypt.

How long does a migration take?

Google has a lot of experience with HTTPS migrations, Mueller says, so they can usually be processed within a week.

Will the migration hurt my site’s ranking?

“Usually not,” Mueller says. After all, it’s still the same site. If anything, rankings may benefit from the slight boost mentioned earlier.

Can I revert if needed?

Technically, yes. But it’s not recommended. Instead of moving back, Mueller recommends fixing any issues you have and moving forward.

For more detail on any of the above sections, see the full video below:

Category News Web Dev SEO
ADVERTISEMENT
SEJ STAFF Matt G. Southern Senior News Writer at Search Engine Journal

Matt G. Southern, Senior News Writer, has been with Search Engine Journal since 2013. With a bachelor’s degree in communications, ...