HTTPS is HTTP encrypted in transit using TLS (Transport Layer Security, historically called SSL). It encrypts the request URL, headers, and body between the browser and the server, preventing eavesdropping and tampering by network intermediaries. For SEO, it has been a confirmed Google ranking signal since 2014.
The ranking lift from HTTPS is small in isolation — Google has described it as a tiebreaker — but the absence of HTTPS in 2025 carries large negative consequences beyond ranking. Browsers mark HTTP pages with a "Not Secure" warning in the address bar. Mixed-content warnings degrade trust on pages that combine HTTPS and HTTP resources. Many modern web features (geolocation, service workers, HTTP/2) are restricted to HTTPS origins. Mobile browsers actively block sensitive HTTP requests.
HTTPS is part of the Trust pillar of E-E-A-T. A finance, health, or e-commerce site without HTTPS is, by current standards, untrustworthy on first impression.
Certificate acquisition is now essentially free and automated through Let's Encrypt and equivalent providers. CDN providers (Cloudflare, Fastly, Akamai) include certificate provisioning by default. There is no practical reason a public site should be HTTP-only in 2025.
Migration mechanics matter when moving an existing site from HTTP to HTTPS. The full checklist: install certificates correctly across all hostnames including www and bare-domain; configure HTTP-to-HTTPS 301 redirects at the server level (not via meta refresh); update all internal links to HTTPS to avoid redirect chains; update Canonical Tag declarations to HTTPS URLs; update XML Sitemap entries; resubmit sitemaps in Search Console; verify HTTPS property in Search Console (HTTP and HTTPS are separate properties); update Google Analytics and ad platform tracking URLs; check for mixed-content warnings on every template.
HSTS (HTTP Strict Transport Security) is the next layer — an HTTP header that tells browsers to refuse all future HTTP connections to the domain for a specified duration. Enabling HSTS after a successful HTTPS migration prevents downgrade attacks and ensures users never accidentally hit the HTTP version even if they type the URL without a protocol.
Audit periodically for certificate expiration, mixed content, and weak TLS configurations using tools like SSL Labs' Server Test.
Track domain authority for your sites
Authority Score, backlinks, and 90-day deltas — refreshed daily across every site you monitor.