Secured webpages via HTTPS are commonplace for online stores or cases where you’re accessing private information—for instance, when purchasing a book on Amazon.com or logging into to Gmail. You know you’re on a secured page when you see “HTTPS” in the address bar instead of “HTTP.” Interactions with these sites have helped visitors understand that the little lock icon in their browser bar is important for their security.
In 2014 Google revealed that HTTPS is a ranking signal and that they are advocating for “HTTPS everywhere” on the web. Since then Google has announced concrete steps in that direction (more below). Naturally, many SEO experts have recommended everyone move their sites to HTTPS to garner an advantage in ranking. While it’s true it is a ranking signal, real-world results have not yet shown this to be significant, but that doesn’t matter—you should still move your site to HTTPS.
Site are increasingly moving to HTTPS. While I don’t like to advocate following the crowd, in this case you need to consider the power of your visitors seeing that little lock icon in their browser bar. As visitors become accustomed to seeing that lock on other sites, your site could seem less trustworthy without it.
10 years ago, your IT department might have cautioned that HTTPS will be slower and advised only securing pages that have forms or other sensitive data exchange. Technology has moved forward (e.g. Google’s SPDY project) and modern web servers, browsers, and bandwidth mitigate or eliminate this concern.
Simplicity and cost
For smaller groups the added cost of procuring an SSL certificate adds up, especially if you have multiple websites. For enterprise or institutional sites this shouldn’t be a concern, however, and for smaller budgets there is now a free alternative—the Let’s Encrypt initiative—a certificate authority launched in April 2016 to provide free certificates to promote a more secure and privacy-respecting Web. Many web hosting vendors have integrated this free service into their offerings.
HTTPS was created to be secure and this has a critical impact on referral information, by design. When an HTTPS site refers traffic to an HTTP site the referral information is completely absent. Referrals to an HTTPS site are preserved, regardless of the source. So, for instance, if you have an HTTP site and are receiving referral traffic from outside HTTPS websites (like Bing, which recently secured all content) all of that traffic would show up in your analytics as “direct.” This is a distinct disadvantage, especially as more sites move to HTTPS.
This is the biggie. In January 2017, the Google Chrome browser will begin marking HTTP pages that collect passwords or credit cards as non-secure as part of a long-term plan to mark all HTTP sites as non-secure. (from Google Security Blog)
Part of a long-term plan to mark all HTTP sites as non-secure
In other words, Google will eventually start marking all non-https sites as non-secure. Their mission to make the web more secure will surely influence their other ventures like search, mapping, etc.
It’s not a simple switch to make the move, but it’s become less difficult and momentum is quickly building for the web to move to HTTPS. Bite the bullet, make the move now for all of your pages, and reap the benefits before you’re penalized later.