searchmetrics email facebook github gplus instagram linkedin phone rss twitter whatsapp youtube arrow-right chevron-up chevron-down chevron-left chevron-right clock close menu search

Unwrapping the Secrets of SEO: An Industry Analysis of HTTPS Security

Our analysis of the prevalence of HTTPS across different industries in US search results reveals a number of interesting findings: Whilst 46 percent of finance websites communicate with web browsers over HTTPS, only 23% of travel pages and only 12% of publishers use encrypted data transfer. In our latest installment of Unwrapping the Secrets of SEO, we’ll delve into why nearly every modern marketer seeking to build trust with online customers and browser kings should be getting more serious about HTTPs.



Encrypting browser connections using an HTTPS protocol is beginning to feature prominently in the security and design execution of many websites. It’s no wonder: the largest browser providers are making it very clear that unsecure connections are an infraction that could have an affect on visibility and conversions.

Browsers mark pages as “not secure”

Google Chrome marks many websites that are not encrypted, but that include areas for users to enter data, as “not secure.” The same is now true for Mozilla Firefox. In this browser, many connections to websites that include the potential for submission of personal data are declared unsafe. According to Statcounter, these are the two most widely used browsers worldwide.


Whilst Chrome differentiates between three degrees of encryption (a green padlock for a secure connection, a red triangle with an exclamation mark for non-secure connections, and a gray exclamation mark for somewhere in between), Firefox has four levels.

In addition to a green padlock for secure HTTPS connections, Firefox also has a red padlock to symbolize connections that are not secure. For websites in between and to display so-called “mixed content” problems – when parts of the page are managed via non-secure connections – Firefox has a green lock with a gray exclamation mark and a gray lock with a yellow exclamation mark.

The choice of which websites are “worst” and assigned a red symbol depends on the browser, operating system and the user’s individual settings.


The same warnings are displayed on desktop and mobile. However, because of the smaller screen size for mobile users, the warnings are much more visible and have a greater impact than for desktop users. This has to be considered by webmasters who work with client logins or sensitive data and have not yet incorporated encryption into their pages.

Without HTTPS, users can lose trust in a website, which makes itself felt in a higher bounce rate and – as a logical consequence – a lower conversion rate. On the other hand, the use of HTTPS encryption can boost a site’s rankings because, as we already demonstrated in an analysis in 2015, HTTPS is a ranking factor.

An Analysis HTTPS Security in Key Industries

For some branches, almost half of the landing pages appearing in’s search results offer encrypted connections. Our analysis of HTTPS encryption looks at industries that will be the focus of our upcoming Searchmetrics Ranking Factors whitepapers. Measuring industry-specific ranking factors paints a much more precise picture of the demands of a website, because user demands vary from industry to industry and Google now evaluates user needs on a granular basis.

The following image provides a detailed look at the usage of HTTPS across different industries in the US search results for


The Race to HTTPS in Finance and eCommerce

Our analysis shows significant differences between industries. Amongst finance and eCommerce websites – at least when considering the landing pages on the first search results page – the rate of HTTPS usage is 46% (finance) and 36% (eCommerce). HTTPS is much less common in the other three industries we analyzed.

In the following, we will look at some examples. Anyone wondering why the examples include more encrypted pages than in our analysis should know that our keyword set for the analysis includes thousands of search queries, and provides the resulting average. Nevertheless, these examples highlight the overall trends observed – as in the following SERP for a finance keyword.

On the first search results page for the keyword “tax calculator,” we see that the top eight URLs use HTTPs. The remaining two unencrypted results, at positions 9 and 10, could potentially be threatened by a drop down the rankings off Google’s first page.

(NB: Some other URLs on do use HTTPS encryption, e.g. when users are asked to submit their social security number. The ranking landing page, however, is not HTTPS.)


One industry where HTTPS is far less prevalent is travel, with only 23% websites ranking for travel-related keywords using encrypted data transfer. The following example search results page, for the query “arctic cruise,” has just four of 10 results that use HTTPS. In fact, none of the top 5 results offer a secure connection on the ranking landing page.


The top-ranking pages are therefore not (completely) encrypted. In this example, the ranking landing pages at and do not provide a secure connection, but HTTPS is provided at the login section of the website. The result in second position,, however, fails to offer HTTPS even when the user is asked to submit their data:


Waving a Stop Sign at Online Shoppers

In the area of eCommerce, where users are asked to submit bank details or credit card information to conduct a transaction, the provision of HTTPS is particularly important. Depending on a user’s operating system and browser settings, they may receive a warning when opening a product landing page which is not encrypted.

For example, when searching for “buy logitech keyboard,” the tenth-placed result is from, without HTTPS.


When opening this link in Google Chrome, a gray exclamation mark is displayed in front of the URL in the address bar. In Mozilla Firefox, we see the red warning symbol.


Even though the actual online shopping transaction is usually secured with HTTPS (as it is on, red warning signs like this can have a negative impact on a site’s conversion rate, particularly given a growing awareness among consumers for the importance of secure connections.

The use of HTTPS amongst publishers and news sites also leaves room for improvement. The New Yorker, Reuters and other large media outlets still do not provide encryption on their content pages. Whilst publisher pages do not usually handle sensitive data, encryption is advisable for reasons of personal privacy. Anyone interested in the relevance of encryption for news sites may also like to look at the twitter account Secure the News, which tracks the uptake of HTTPS by media domains.

Average Rate of HTTPS for Top 10 Search Results by Industry

  • Finance: 46%
  • eCommerce: 36%
  • Media: 12%
  • Health: 24%
  • Travel: 23%

The ‘S’ Stands for Secure

TLS (Transport Layer Security) serves as the encryption protocol for HTTPS websites. This is also known by its previous title SSL, which stands for Secure Sockets Layer. This certificate uses a session key that encrypts the flow of data between the server and the client of a static domain. This ensures – at least in theory – that only the user’s and the visited website’s computers know what the user is doing on the page and which data is being entered.

Conversely, non-encrypted data can be read by any server that the traffic between the user and the website passes through. As many common browsers mark websites that lack HTTPS as “not secure,” users are given an increasingly negative impression of sites that do not use encryption. At the same time, the execution of HTTPS increases data security and privacy – and prevents user data from falling into the wrong hands. The seal of trust brought by adding an ‘S’ to HTTP helps online customers understand that the site they meant to go to is likely the one they’re on, and that sensitive data such as credit card information, social security numbers and the like don’t fall into the hands of nefarious characters.

Of course, depending on the content being provided and the user intention – switching to HTTPS may not be essential for every single website, particularly given the effort required for a changeover. For larger sites, however, and wherever the submission of user data is requested, HTTPS is usually recommended. Its implementation should, wherever it has not yet been executed, certainly be considered in the near future.


Online Reputation Management – Managing online brand experience through Search and Content Optimization

Unwrapping the Secrets of SEO: The Battle To Rank As A Direct Answer