Last week Google announced that it will start prioritising secure HTTPS URLs over regular HTTP URLs, in a bid to promote and make browsing the web more secure and provide better search experience for users. This shouldn’t be shocking news; last year Google started giving little ranking boosts to HTTPS URLs in search results. This seems like a natural progression.
Don’t panic. Firstly, it doesn’t mean that if you don’t have an HTTPS version that you’ll be penalised or will drop off search results. Google is simply altering their indexing system to look for more HTTPS pages. For example, if two URLs from the same domain seem to have the same content but are served in both the HTTP and HTTPS version, Google will typically choose to index the HTTPS version in the first instance. Interestingly, this will be the case even if the HTTPS doesn’t have any inbound links.
1. Talk to your web developer
2. Be prepared for a bit of groaning and an invoice for the work
3. Hope it all goes smoothly
Whilst I don’t want to scare anyone, I do want to impress that even though each step isn’t necessarily complicated for those familiar with the back end of their website and various tools such as Search Console, there are a lot of them (for example, this is a really comprehensive guide, but has 26 steps) and if one part doesn’t go right or is missed out, it can be a pain to fix.
So, rather than detail all the steps here (there are some really good online guides if you plan to take the task upon yourself) I do want to cover the basic, necessary SEO considerations you should take into account when switching from HTTP to HTTPS.
This is imperative and will help avoid losing rankings with organic search, as well as provide a seamless UX. Make sure you adopt a like-for-like redirect strategy from HTTP URLs to HTTPS URLs, and 301 redirect them:
http://yourwebsite.co.uk/blog –> 301 redirect –> https://yourwebsite.co.uk/blog
Ensure that you have canonical tags on all your HTTP pages which dictate that the HTTPS version is the master. These are the rel=”canonical” annotations, e.g.:
<link rel=”canonical” href=”http://yourwebsite.co.uk/blog”/>
would need to be changed to
<link rel=”canonical” href=”https://yourwebsite.co.uk/blog”/>
Thanks to that one letter, Search Console treats the HTTP and HTTPS versions as completely separate entities. To avoid any loss of data when you switch, make sure you have verified both the HTTP and HTTPS versions of your website with Search Console.
If you have a mobile version of your site then any rel=”alternate” annotations need to be updated – in the same way that you did canonical tags above. E.g.:
<link rel=”alternate” media=”only screen and (max-width: 640px)” href=”http://m.example.com/page-1”/>
would need to be changed to
<link rel=”alternate” media=”only screen and (max-width: 640px)” href=”https://m.example.com/page-1”/>
Make sure that within your XML sitemap, all HTTP references are updated to HTTPS, and resubmit in Search Console though the HTTPS verified version.
Change all your internal links to HTTPS rather than HTTP. Although your redirects should ensure that visitors still get to the right page, best practice deems that ideally the internal links themselves should be updated.
The HSTS header (HTTP Strict Transport Security header) instructs web browsers to request pages using HTTPS automatically, even when the original request was for the HTTP version. If your web server supports HSTS, ensure it’s enabled.
Failure to ensure that your HTTP website is fully switched over could result in a drop in organic traffic and a whole heap of time trying to fix the issues. If in any doubt, talk to a competent web developer about how to make the switch.
In conclusion, whilst it seems that this change to Google’s index system shouldn’t have a huge impact on ranking positions overall at the moment, it does seem like this is a path that Google will continue to edge down in future. Whilst there’s no imminent panic to switch your site to HTTPS, bear in mind the recent changes Google has been making to its indexing system and put it on your To Do list for the next few months.
Need help or advice on transferring to HTTPS? Get in touch – we’ll be glad to help.