Last updated on July 31, 2021.
A quick guide on the difference between HTTP and HTTPS (and how it relates to SEO).
HTTPS is part of page experience signals that Google uses to quantify key areas of the user experience. Along with other signals such as Core Web Vitals, mobile-friendliness, safe browsing, and intrusive interstitials, HTTPS is also a vital search signal for measuring page experience.
HTTPS is a must for every website that wants to be trusted by both Google and its users. From this guide, you will learn about the difference between HTTP and HTTPS, the importance of HTTPS, the advantages and disadvantages of HTTP and HTTPS, HTTPS and its impact on SEO, and more.
Why is HTTPS important?
Here are a few reasons why HTTPS plays such a big role and how a site benefits from being served over HTTPS.
HTTPS is one of Google page experience signals
Google defines page experience signals as indicators of how a website’s users experience the webpage or perceive their interactions with a website, besides its core informational or content value.
HTTPS is so important not only because it influences the factors that impact a site’s page experience but also because it is indeed one of the official Google page experience ranking factors.
This is one of the reasons why dated information on obscure topics, even if it’s more accurate and precise than what newer web pages have to offer, is sometimes buried on the second SERP. These older pages often tend to offer a really bad page experience.
⚡ Check my guide to Google page experience to learn more.
HTTPS improves the web overall
HTTPS usage has been consistently on the rise, with now more than 90% of web pages being served over HTTPS. It currently enables the best performance the web offers and facilitates powerful features that benefit site conversions.
The HTTPS Google Transparency Report provides a lot of very interesting and useful data on the usage of HTTPS on the internet. HTTPS is the direction in which Google wants to go and wants the whole web to go.
Here are a few interesting stats on HTTPS from Google:
- 95% of Google products and services provide modern HTTPS by default.
- 41% of mobile traffic coming to Google is unencrypted.
- 59% of desktop traffic to Google is unencrypted.
- 100% of the 10 top sites in the world (that account for 25% of traffic worldwide) work on HTTPS.
- India is the country with the biggest percent of traffic to Google that is encrypted.
HTTPS is required for many features to work
HTTPS is so important because some of the latest features simply cannot run on HTTP. The examples include service workers for offline support and web push notifications, credit card autofill (which requires the security that HTTPS offers), and the HTML5 Geolocation API (since 2015).
You will notice that a lot of these features are associated with the exchange of Personally Identifiable Information (PII), and Google wants to prevent its users from exchanging this important information on unsecured channels.
HTTPS is essential for ads
All ads that come from Google sources such as AdSense, AdWords, and DoubleClick Ad Exchange need to be compatible with HTTPS. The same goes for those ads that are sold directly, such as DoubleClick for Publishers.
Google made over $146.9 billion from advertisement revenue in 2020, and it wouldn’t have been possible if Google was directing its users towards fishy and unsecured websites or allocating the prime real estate to the untrustworthy website ads.
HTTPS stands for security
HTTPS matters to Google because it stands for security which has been a major concern for Google for quite some time now. Since this trend is expected to continue its upward trajectory, your task is to ensure your website meets the security protocols, and more specifically, HTTPS requirements.
A quick summary of the importance of HTTPS and its impact on security:
- HTTPS helps prevent intruders from tampering with the communication between the browsers that your visitors use and your website.
- HTTPS allows the best performance with powerful features that benefit site conversion.
- Migration to HTTPS is fast becoming a no-brainer since features, such as HTML5 geo-location API and credit card auto-fill are just too powerful to run on the traditional and non-secure HTTP.
- HTTPS protects the integrity of a website.
- HTTPS is critical for app-like capabilities, such as service workers.
- HTTPS is an important component of permission workflows for new features as well as updated APIs
HTTP vs HTTPS
When Google recommended that sites switch to HTTPS back in 2014, they also indicated that the small change could result in a slight bump in a website’s ranking (while punishing those that don’t make the switch).
Besides what appears on the address bar, the difference between HTTP vs HTTPS is that:
- HTTP stands for “Hypertext Transfer Protocol” and is a protocol that was used by all early websites. The protocol preceded HTTPS, which has currently become the standard for modern websites.
- HTTPS stands for “Hypertext Transfer Protocol Secure.” Unlike its predecessor, HTTPS ensures all information flowing between the browser and server is encrypted. HTTPS does this by using the Secure Sockets Layer (SSL) certificate.
The Main Difference Between HTTP and HTTPS
The main differences between HTTP and HTTPS are as follows.
HTTPS Uses the SSL certificate
HTTPS uses the SSL certificate that creates a secure line between the server and browser by encrypting the data. This extra layer of security that HTTPS provides is crucial.
HTTPS is critical for sites dealing with sensitive data
HTTPS is a must-have for those sites which have to handle sensitive data, such as personal user information, passwords, bank information, contact information, etc.
Any website that deals with financial transactions needs the security that only the HTTPS protocol can provide. This relates to Your Money Your Life (YMYL) websites in particular.
Here is what Google says about the YMYL sites.
HTTPS uses Public Key Infrastructure
- Public Key Infrastructure (PKI) is a way to authenticate devices and users and in the digital sphere after the browser sends a user agent. At its core, the idea is that one or multiple trusted parties need to sign documents digitally, thus certifying that a certain cryptographic key belongs to a certain device.
- Public Key Infrastructure (PKI) is used mainly because, as opposed to private keys that can only be used by a single website’s web server, several web browsers can use public keys. These public keys are distributed via certificates. The certificates are maintained and kept by the browser.
Other differences between HTTP and HTTPS
The HTTPS protocol is essential for a secure website, but there are quite a few lesser-known differences between the HTTP and HTTPS protocols that you need to know.
- HTTP works on the Application Layer, while HTTPS works with Transport Layer.
- HTTP does not need to use certifications, while HTTPS does use SSL certification.
- HTTP uses port number 80 for all of its communication while the HTTPS protocol uses port number 443.
- One area where HTTP outshines in HTTP vs HTTPS is that the former is faster since it takes less computation power with no encryption.
- Both security protocols are indicated in the address bar.
Is HTTP or HTTPS more secure?
In terms of security, the HTTPS protocol is obviously the better option in keeping data secure, thanks to the use of the SSL certificate.
- HTTP means that all data between servers and the browser is transmitted in plain text. This makes it easy for hackers to see sensitive information.
- HTTPS encrypts all data that’s being transmitted so that sensitive information remains secure. This means that if attackers were to intercept data while it’s in transit between the browser and server (or vice versa), in what is known as a man in the middle attack, they could not view that information unless they put in the extra effort.
- The high level of security that HTTPS offers is why ads sold directly, such as those through DoubleClick for Publishers, still need to be designed to be HTTPS-friendly.
- It should also be noted here that HTTP 2 is a major revision of the HTTP network protocol used by the World Wide Web.
Is HTTP or HTTPS faster?
When it comes to the performance of HTTP vs HTTPS, HTTP is considered to be a lot faster simply because it does not provide the additional encryption that is provided by the HTTPS protocol.
Using Transport Layer Security (or SSL for that matter) means there is more processing for encrypting and decrypting data, which makes HTTPS more time-consuming.
However, the speed of both protocols mainly depends on other factors as well, such as:
- the length of a session,
- the ratio of static vs dynamic content,
- the caching behavior of the hardware, client, and server software.
While HTTPS is slower as compared to HTTP, much work has been done to improve HTTPS speed in Chrome browser to secure data transfer.
⚡ Check my Core Web Vitals audit to learn how to optimize for Core Web Vitals to make your site faster and more efficient.
HTTP Vs HTTPS: advantages and disadvantages
The following are some of the advantages and disadvantages of both HTTP to HTTPS for web pages.
✔️ Other protocols on the internet or other networks can be used to implement the HTTP protocol.
✔️ Since HTTP messages are stored on the PC and the internet caches, they can be accessed quickly.
✔️ HTTP also does not require any Runtime support.
✔️ The protocol is also usable over firewalls.
❌ The most glaring disadvantage of the HTTP protocol is that it does not offer any privacy.
❌ Any third party who intercepts the request in a man-in-the-middle attack can get your username and password.
❌ HTTP is considered to be an insecure method of transferring data between servers and computers.
❌ “Not secure” label in Chrome and Firefox.
❌ Less trustworthy.
✔️ Secure connection
✔️ Highly advised and promoted by Google
✔️ Better user experience
✔️ Compliance with Google page experience signals
✔️ Better rankings in Google
✔️ Essential for ads
✔️ Essential for most web features and services
✔️ Essential for any Your Money Your Life (YMYL) website
❌ Certain countries, as well as organizations, have been known to block or otherwise degrade HTTPS traffic.
❌ Some companies and organizations lack the technical resources to implement HTTPS or don’t see it as a priority.
❌ SSL data can be encrypted only during transmission on the network.
❌ The costs associated with encrypting the transferred data can add up to a significant amount for larger sites.
❌ Migration to HTTPS may hurt SEO if implemented incorrectly.
HTTP vs HTTPS and SEO
There are also quite a few differences between HTTP and HTTPS in terms of SEO.
The security HTTPS offers and the way Google demotes the websites that are still on the dark side of the security HTTPS offers are enough to make users wary of HTTP websites.
A lot of web developers see Google’s SEO guidelines through a technical lens, sometimes forgetting that SEO is about ensuring that a website’s target audience finds and trusts the website and its content.
While the security aspect of HTTPS plays a significant role in improving a website’s SEO from the background, it also offers a few targeted SEO benefits.
⚡ If you are new to SEO, make sure to read my guide on how long it takes to learn SEO.
1. Ranking boost
Going from HTTP to HTTPS helps with SEO. While this is not a major boost, it is significant, which is why HTTPS is a part of ranking factors that are analyzed to measure page experience.
- From an SEO perspective, making the switch to HTTPS does not have a negative impact on the ranking of a website.
- However, if the implementation of the secure switch is done incorrectly, it could possibly hurt the SEO of a website, leading to a loss in website traffic.
Studies indicate that HTTPS can result in higher search rankings. More than 95% of page one results feature an HTTPS site.
⚡ If you are learning how the SEO game works, make sure to read my guide on how long SEO takes to work.
2. Improves foot traffic
According to data, 84% of users would abandon a purchase if data was sent over an insecure connection. Google labels HTTP sites as insecure, which can hurt a site’s reputation.
Even if your target audience is comfortable reading the information from an unsecured site, they might not be comfortable sharing any personal data and might actively be on the lookout for a secure alternative to your website.
So without HTTPS, your traffic (and your probability of generating viable leads) is likely to decline over time.
3. Better user and page experience
HTTPS might not be a sizeable ranking factor by itself, but it controls a very large “umbrella” which covers a lot of important factors, such as user experience (UX) and the above-mentioned Google page experience.
A good example of how a lack of HTTPS can have a negative impact on a site’s UX is Chrome showing the warning sign “Not secure” for websites that aren’t using HTTPS, which may be enough to make the user suspicious right away.
Not surprisingly, it’s very difficult to generate trust when Google tells the website’s user that this website is not secure and untrustworthy.
Table comparing HTTP and HTTPS
Here is the table comparing the main differences between HTTP and HTTPS.
[table id=1 /]
HTTPS best practices
Here are some of the HTTPS best practices. Check Google article on HTTPS to learn even more.
Purchase an appropriate SSL certificate
Always make sure that you are purchasing an SSL certificate that is appropriate for your website. This is because SSL certificates come in different types in terms of their validation and functionality.
Another factor to consider is knowing who you purchase the SSL certificate from. It is important to purchase the SSL certification from a reputable certification authority to ensure your security is not compromised.
Consider using a free SSL certificate
Most website hosts currently offer free SSL certificates that usually can be installed with just one click. If you do not have the budget to invest in buying an SSL for your site, this is the solution you want to use.
You can also boost the efficiency of the SSL certificate by implementing HSTS (HTTP Strict Transport Security).
Use a valid certificate
Another factor to consider to ensure that the SSL certificate is efficient is by making sure that it is valid. This is an important step since SSL certificates that are expired can result in outages or downtime and can also be the cause of damage to your reputation.
Avoid mixed content
Make sure that the site does not have mixed content which occurs when a site is served over HTTPS but some of its resources are served over HTTP. Chrome currently blocks sites with mixed content.
Any website crawler like Sitebulb or Screaming Frog SEO Spider will let you check if the site has mixed content.
⚡ HTTPS and its correct implementation are one of 200+ things I check whenever I do a technical SEO audit.
GET ACCESS TO PREMIUM SEO CONTENT
Members of SEOSLY Pro get access to Olga’s SEO audit video guide where she documents her 500+ step SEO audit process, Olga’s mini video SEO audits, SEO audit templates, pro SEO auditing tips, and much more!
Join SEOSLY Pro to become a technical SEO expert in no time.
Olga Zarzeczna is a senior SEO specialist with 8+ years of experience. She has been doing SEO for both the biggest brands in the world and small businesses. She has done more than 150+ SEO audits so far. Olga has completed SEO courses and degrees at universities, such as UC Davis, University of Michigan, and Johns Hopkins University. She also completed Moz Academy! And, of course, has Google certifications. She keeps learning SEO and loves it. Olga is also a Google Product Expert specializing in areas, such as Google Search and Google Webmasters.