searchmetrics email facebook github gplus instagram linkedin phone rss twitter whatsapp youtube arrow-right chevron-up chevron-down chevron-left chevron-right clock close menu search

HTTPS as a ranking factor – how to handle it

On August 6th, Google publicly announced HTTPS being a ranking signal / giving websites a boost in rankings. I’d like to quote the article because it implies a few important points:

“[…] we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

webmaster central blog https ranking factor

This is the first time that Google has ever explicitly called something a ranking factor. Even though they mentioned some factors to have an impact on ranking, such as site speed (where we saw a significant increase in importance in our 2014 Ranking Factors study), this direct tone is new. 1) On one hand Google tries out new communication styles all the time, but 2) this implies a certain seriousness.

They also mention the ranking signal to be rather lightweight (for now).  I’ll come back to this at the end of this article when talking about whether the effort is worth the benefit. Just keep in mind that the benefit might be relatively small.

Their statement also implies that high-quality content is more important. Google even provides an explanation within one of their courses ( In it they explicitly recommend content to be “useful and informative“, “more valuable and useful than other sites“, “credible“, “high quality” and “engaging“. On the other hand they warn of broken links, bad grammar and spelling, excessive amount of ads (what’s excessive though?) and spam. They clearly say that high-quality content is a ranking factor, but this should not be news to you.

In the final point they make, notice how they say “we may” see this ranking signal become stronger. Google is a company that is using its enormous data to improve the rankings over time and will see how pushing webmasters to migrate to HTTPS will affect the search landscape. For now, you find mostly trustworthy and strong sites using SSL. Personally, I guess they want to hold the door open to change the effect of SSL if more spammy and untrustworthy sites begin using it.

Google’s (self stated) main goal is making the internet more secure, which comes at the perfect timing. Moving to HTTPS also takes away more data from webmasters: even though you as a surfer can see the query in the url when connected via https, the sites between your browser and Google can’t. It is not possible to read out the referrer (meaning what URL you came from) and therefore what keyword you used, for example. After Google implemented HTTPS on their site – basically causing webmasters to lose keyword data over night – asking them to follow is the next logical step. Pushing webmasters to use SSL will enforce not provided  even more. According to, the average percentage of not provided traffic has been around 85% for quite some time now.

Bing implemented HTTPS as well, but unlike Google, they give you the keyword data back when you use HTTPS. Google actively avoids returning keyword data, arguing it would be a violation of privacy.

What is SSL and HTTPS?

If you’re already experienced with SSL, you might want to skip this section.

SSL stands for Secure Sockets Layer and is a protocol that provides a secure connection when accessing a website. It is important to understand that you don’t encrypt a website with SSL, but you encrypt the connection. An SSL certificate is used to correspond to a static domain via a session key that encrypts the data flowing between server and client.

An encrypted domain would be:

An unencrypted domain would be:

Normal HTTP website traffic is unencrypted. Every server that your traffic flows through on the way to the website’s server can read that data. This is how analytics tools get the keyword query for example. If a website you visit uses HTTPS, the data is encrypted, so in theory only you and the website you visit can see what you’re doing on that website.

There are three types of certificates: single domain (, multi-domain (,, or wildcard (,,,, etc.). A basic SSL certificate will only be valid for a specific domain name, so if the certificate is for the and someone follows a link to a warning will be displayed. Certificate prices range from $9 to $500,000+. Amongst others and not trying to prefer anyone, providers could be GoDaddy, Thawte, VeriSign, GeoTrust or Comodo.

The thought of giving websites using SSL a ranking boost is nothing new.

John Mueller mentioned the possibility on G+ in April 2013.

john mueller ssl

Additionally, Barry Schwartz wrote about Matt Cutts giving some signals about it at SMX West 2014 ( in March 2014.

“At the end of the session, I asked Matt if this means Google is looking to give sites that enable SSL a ranking boost. Matt Cutts shrugged his shoulders and explained that if it was his choice, he would make it so. But he said, it is far from happening and there are people at Google that do not want this to happen. On one hand, if Google announced they would give a ranking boost to SSL sites, it would encourage a ton of sites to go SSL, which would be a good thing. On the other hand, some older sites are hard to make SSL and they would feel at a disadvantage.”

John Mueller, as well as Matt Cutts, mentioned it would be very unlikely for HTTPS to become a ranking factor, but the folks at Google must have changed their minds. Cutts even dedicated a blog post on the topic in May 2010 (, when Google integrated “search over SSL”. Cutts stated in the article: “I believe encrypted search is an important option for Google searchers.” Even the Wall Street Journal reported about it (

What are the benefits of using SSL aside from the ranking boost?

Generally it comes down to two major benefits: trust and security. When SSL is in place, users are actively made aware of its presence by the green notification in front of the URL. This not only creates trust, but it can even support conversions and therefore be a revenue driver.

bank of america ssl

I already mentioned security in times of huge hacks, data steals, frauds and phishing. But security also implies fighting spam and pushing SSL would help that. Yoast formulated this in a nice way: “From a spam fighting perspective I think I can see why Matt would like it. I don’t think many spam network creators would go through the hassle of setting up SSL for all their sites and buying certificates for all of them. The cost would soon become higher than the profit in many niches.”

But of course, there are also some downsides of SSL usage.

Acquiring an SSL certificate means you have to pay for it, which as I mentioned previously can be very expensive.

Also, using SSL can imply a loss of page speed. This could be a potential problem for sites with massive traffic like social networks or heavily trafficked new sites. In the next section I will also hand you a tool (SPDY) that helps you when optimizing page speed while using SSL. The page speed issue should not keep you from migrating to SSL, if you have the chance, so don’t overrate this.

Let’s get to the nitty gritty:

What to regard and what to avoid when migrating to SSL.

These recommendations are assembled from our own expertise, Matt Cutts, John Mueller, the Google Webmaster Central Blog, the Google Support Forum and partially other bloggers:


  • Redirects & canonicals should be in place. If you run on Apache, you can use the .htaccess file in order to set domain-wide redirects from HTTP to HTTPS. Whenever you implement redirects, use 301 redirects only. Also ensure all of your canonicals are pointing at the HTTPS version of the URL. This will also avoid link juice from external backlinks being wasted
  • Internal linking must be changed, so that they point to the HTTPS version of the URL
  • Use HSTS (HTTP Strict Transport Security), a protocol securing websites even more by avoiding so called “men-in-the-middle” attacks (intercepting data during the transfer between server and client). In very simple terms HSTS makes sure the connection to the server happens only via SSL for future requests, even when the HTTP URL is linked
  • List the https site separately in The Google and Bing Webmaster tools, since it’s a different site
  • In accordance with this, make sure your analytics / tracking tool is setup for the HTTPS version
  • Be aware that HTTPS caching can be controlled with response headers just like HTTP, but it needs to be changed for all resources
  • Make sure the infrastructure can handle the higher load, caused by SSL, caching, etc.
  • Use SPDY, a networking protocol developed by Google for transporting web content. It manipulates HTTP traffic, with particular goals of reducing web page load latency and improving web security, but you can also enable it for SSL. In the end, it might make your SSL connected website faster than the HTTP version of it
  • Upgrade your CDN to use HTTPS
  • Every element of your site needs to start using HTTPS (CSS, JS, images, videos, etc.)
  • Use relative URLs for resources that are located on the same domain, so you don’t run into trouble with HTTP vs. HTTPS

Do not:

  • Avoid expired or old certificates. Any type (single, multiple, wildcard) of SSL certificate is fine at the moment. If you have an older certificate, make sure to have 2048 bit keys
  • Don’t forget to ensure server indication and browser support
  • Avoid incorrectly registered websites name
  • Avoid crawling issues, like blocking the HTTPS version in the robots.txt
  • Don’t keep HTTPS URLs from being indexed
  • Have no different content on HTTP and HTTPS URLs
  • Stay clear of status code errors for HTTPS URLs

Some personal recommendations to take along:

Firstly, don’t panic about implementing SSL. It might be a ranking factor, but Google explicitly mentioned it to be a relatively weak one and that they give webmasters time to implement it. Take your time to plan the implementation, estimate the costs and plan the resources.

Secondly, measure efforts against benefits. The ranking boost might be relatively small. Implement SSL when you have a chance and when it fits (as long as it’s not in five years), don’t force it with all means. You might be disappointed by the ROI.

Thirdly, it is more important to get the basics right. I wouldn’t push a client to implement SSL from a ranking factor perspective, if he hasn’t used at least 80% of his optimization potential.

These three points are strongly related to each other and should be made clear when migrating to SSL – it’s not a 1-2 days type of move.

PS – 2014 Ranking Factors Study

While Google may have just announced this ranking factor, our newest study on the 2014 ranking factors is almost here. We’ll discuss everything you need to know and what the most important ranking factors really are. To be one of the first people to receive the study, you can sign up early. The new study is the largest study ever made to analyze and reverse engineer ranking factors through correlating rankings and features. This year we included also user signals to bring some light how Google handles websites with a high stickiness and high user satisfaction.

PSS – CTO Marcus Tober is analyzing what impact this ranking factor has. Similar to past analysis we have done, check back soon to find out if there is a measurable impact of SSL to rankings. We’ll be discussing it in our next upcoming post.


Kevin Indig

Kevin Indig has been an SEO Consultant for the Searchmetrics Pro Services team. He helps enterprise companies implement critical SEO Strategies.

49 thoughts on “HTTPS as a ranking factor – how to handle it

  • More testing is definitely needed to see the impact of SSL. I believe it will still be a minor factor.

  • I find it interesting that although SSL doesn’t necessarily improve your ranking it says something to me that I tend to expect certain websites to have SSL because I expect them to be decent sites, such as online banking sites and the like. You would think that having this would mean people would visit these sites more and make the ranking better, however, maybe people are just unaware of what that section in green actually means.

  • I agree, John, more testing is definitely needed. We are working on that ;-).

    James, I’m sure websites will be treated differently with SSL. Does it make sense for a blog to switch to https? Probably not. A bank? Probably yes! My personal opinion is that people are aware of it subconsciously. I’d find it very interesting to read a study about the impact of the “section in green”. Anyone who can share something?

  • Hi Kevin – good write up. I agree with John more testing is definitely needed although in the long run in can’t be a bad thing to implement for most sites. But if you’re looking to improve a sites rankings there must be dozens of things most webmasters can do before getting round to including HTTPS.

  • Bartosz Goralewicz 2014/08/24 at 6:09 pm

    Myself- I moved to https already. What I see now is only loading time going up 😉 I am waiting for you guys to create some interesting stats about HTTPS sites!

  • It’s in the making, Bartosz ;-).
    What site are you using HTTPS for now?
    Are you using SPDY?

  • Bartosz Góralewicz 2014/08/25 at 12:07 am

    No, I don’t use SPDY but will look it up for sure.

    I use HTTPS for my own domain and to be honest some of my rankings went up last week. Especially my Penguin page but that may be just a coincidence.

    I am really interested to see the results of your global study. It is quite easy to say when the HTTPS become a ranking factor, as I remember John Mueller saying it is not a ranking factor around 2 months ago 😉 If you guys see a spike for HTTPS between those 2 hangouts it would be a clear sign!

  • Yes, as always it’s difficult to isolate factors in SEO ;-).
    But interesting to hear you implemented it and have seen some spikes. Let’s what the outcome of the study is and if really all types of websites benefit from SSL. My personal opinion is: no, but that’s just me.

  • Bartosz Góralewicz 2014/08/25 at 5:51 pm

    Now everyone waits for Penguin to update anyways so I think HTTPS and stuff like that is not their top priority 🙂 As an example, I’ve published many guest posts and few case studies last few weeks and only the one about Penguin ( ) is getting traction IMHO only because so many websites are under the water due to Penguin.

    Anyways – I would publish the HTTPS results after Penguin release, otherwise it can be unnoticed 🙂

  • True and I also think Penguin gets more attention because it’s much more destructive than HTTPS ;-). SSL is a luxury for a few types of websites, but Penguin can end your business over night.

  • Bartosz Goralewicz 2014/08/28 at 11:25 pm

    I’ve ran some test and I am more and more sure that SSL is really helping a lot. I think that you can be surprised with your SSL study Kevin…

  • I think you’ll be surprised, too ;-). Just got the results of it and it’s… quite interesting! We’ll publish a blog post about it tomorrow.

  • Bartosz Góralewicz 2014/08/29 at 12:07 am

    cant wait 😉 Finally some cool non-penguin and non-panda news 😀

  • Totally agree 😀

  • So finally we got one sure factor that helps in ranking. Time to setup SSL on all sites now 😀

  • Secure all the connections! No, just kidding ;-). BTW, Site speed definitely is another ranking factor Google confirmed. And you might want to have a look in our upcoming ranking factor analysis, to find out the other ones.

  • Bartosz Goralewicz 2014/08/29 at 6:18 pm

    When do you think it is gonna be live Kevin?

  • It’s actually live in German already, and we’re currently working on the translation to get it out asap

  • Kamera Sistemleri 2014/09/03 at 5:36 pm

    I agree, thanks Kevin.

  • Bartosz Goralewicz 2014/09/06 at 12:14 am

    Kevin, when do you think 2014 ranking factors are gonna be released? I would love to see the correlations after all the recent changes 😀

  • Everybody is kinda waiting for that study ;-). It’s gonna finally come out on Monday! If you don’t want to have to download it, check this page

  • Bartosz Goralewicz 2014/09/08 at 2:06 pm

    Just got an email 🙂 It is finally published!

  • YES!

  • facebooklikesmozblog 2014/09/09 at 12:36 am

    Yes i have used this tools, is really helps in a great way. Thanks for sharing this post. Helpful for new online provider.

  • I think HTTPS should be deployed across every single website today. The security and privacy it offers is immeasurable.

  • In theory you are right, but in reality it’s a big cost, time and manpower factor for many sites.

  • Keeping users’ data safe is important, and one of the thoughts behind adding HTTPS as a ranking signal in Google’s web-search. HTTPS protects the connection to the website through authentication and encryption.

  • Great – I must indeed utter I’m impressed with your website. I had no bug navigating through each and every one tabs as satisfactorily as related in rank. The locate wrecked up consciousness accurately painless to access. Polite job..

  • Hi kevin, you wrote an ultimate post here. Thanks for sharing such a great post..I would like to implement your tips on my blog.

  • tas ransel wanita 2014/11/01 at 11:21 pm

    I am not positive where you are getting your info, however good topic.
    I must spend a while learning more or understanding more.
    Thank you for fantastic information I was on the lookout for this info for my mission.

  • Boris Scheiderer 2014/11/02 at 7:18 pm

    Aw, this was an incredibly good post. Spending some time and actual effort to create a really good article… but what can I say… I put things off a lot and never manage to get anything done.

  • Remarkable! Its actually amazing post, I have got much clear idea about from this article.

  • practice management system 2014/11/05 at 9:14 am

    Undeniably consider that which you stated. Your favourite justification appeared to be on the internet the simplest thing to bear in mind of. I say to you, I definitely get annoyed whilst people consider issues that they plainly do not know about. You controlled to hit the nail upon the top and defined out the whole thing without having side effect , other folks can take a signal. Will probably be back to get more. Thank you

  • I like it

  • Thanks a lot for the wonderful collection. Do not wish to send new merry Christmas images 2014 to your friends and family members.

  • Everything is very open with a very clear description of the challenges.

    It was truly informative. Your site is extremely helpful.

    Thanks for sharing!

  • Thanks for the post.Really thank you! Much obliged.

  • it is actually of course wise to often use recycled products simply because you can constantly help the environment**

  • I think moving to HTTPS is a good move in general. I really don’t see it as being an absolute game changer for SEO but for those extremely competitive keywords it may give you that tiny edge that you need.

  • Really when somene doesn’t understand then its up to other users that
    they will help, so here it happens.

  • It’s aan amazing article for all the online
    visitors; they will take advantage from it I am sure.

Write a Comment

Note: If you enter something other than a name here (such as a keyword), or if your entry seems to have been made for commercial or advertising purposes, we reserve the right to delete or edit your comment. So please only post genuine comments here!

Also, please note that, with the submission of your comment, you allow your data to be stored by To enable comments to be reviewed and to prevent abuse, this website stores the name, email address, comment text, and the IP address and timestamp of your comment. The comments can be deleted at any time. Detailed information can be found in our privacy statement.