HTTPS (HyperText Transfer Protocol Secure) is the secure version of HTTP — the protocol used to transfer data between a web browser and a web server. HTTPS encrypts the connection using TLS (Transport Layer Security), protecting data from interception or tampering during transmission. Since 2014, Google has used HTTPS as a lightweight ranking signal, and it has since become a baseline requirement for trust, security, and modern web performance features.

How HTTPS Works

HTTPS works by establishing an encrypted connection between the user's browser and the web server using a SSL/TLS certificate. When a user visits an HTTPS site, the browser and server perform a "handshake" that authenticates the server's identity and establishes an encrypted session. All data exchanged — including form submissions, login credentials, and payment information — is encrypted and cannot be read by third parties intercepting the traffic. Browsers display a padlock icon in the address bar to indicate a secure HTTPS connection, and show security warnings for non-HTTPS pages.

Key point: Since 2018, Google Chrome marks all HTTP pages as "Not Secure" in the browser address bar. This visible warning can significantly reduce user trust and increase bounce rates on non-HTTPS sites.

HTTPS as an SEO Ranking Signal

Google officially confirmed HTTPS as a ranking signal in August 2014. While it is described as a "lightweight" signal (content quality remains far more important), HTTPS is also a component of Google's Page Experience ranking signals. HTTPS has additional indirect SEO benefits:

  • Improves user trust, reducing bounce rates from security warnings
  • Required for HTTP/2 and HTTP/3 — faster protocols that improve Core Web Vitals
  • Ensures referral data is preserved when linking from HTTPS to HTTPS sites
  • Required for modern browser APIs used in progressive web features

Why It Matters for SEO

HTTPS is now a baseline expectation for any professional website. The SEO benefit is real but modest — it will not overcome poor content or weak backlinks. However, running an HTTP site in 2025 is a meaningful disadvantage: browser security warnings deter users, referral data is lost when linking to HTTP destinations, and newer web performance features are unavailable. Migrating to HTTPS requires obtaining an SSL certificate (available free through Let's Encrypt), configuring 301 redirects from all HTTP to HTTPS versions, and updating all internal links and canonical tags.