What is HTTPS?
In Internet years, 1999 was a long time ago. That was the year that HTTP (hypertext transfer protocol) was first used to communicate across the World Wide Web.
For nearly eighteen years, HTTP has been the foundation for communication on the Internet. Everything sent between a client and server (all data, information, content, etc.) goes through HTTP. The issue now is that communication over HTTP alone is simply not as safe as it used to be.
Information on HTTP can get intercepted, manipulated or even stolen by hackers without an advanced layer of security.
This is where HTTPS comes into play.
HTTPS is the more secure version of HTTP (the “S” in HTTPS stands for secure) that adds a layer of security to the protocol by encrypting the transfer of resources.
Which Should I Use, TLS or SSL?
To migrate your website to HTTPS, a security protocol must be added between the client and server. Once they agree to use the protocol, a handshake procedure ensues. From this handshake, the server sends the client a digital certificate.
The certificate acts as an encryption key and is what makes it harder for third parties to manipulate or steal any information from your server. Two common protocols used to generate a certificate are Transport Layer Security (TLS) and Secure Socket Layer (SSL).
While both will be able to upgrade your website security, there are some important differences between the two. SSL 3.0 is the predecessor to TLS 1.0, meaning TLS is updated more regularly with stronger levels of security.
In fact, at this point, some people consider SSL 3.0 outdated after Google discovered serious vulnerabilities with the security layer. As a result, Google insists on using TLS 1.1 or 1.2 to best secure your website.
SEMrush recently added a new HTTPS Implementation report in our Site Audit tool. If you operate a website on HTTPS or are in the process of migrating to HTTPS, this report checks for any mixed content, internal links pointing to HTTP pages, missing redirects or canonicals, and pages with HTTP links the sitemap.
We wanted a closer look into exactly how popular HTTPS has become among the top domains and businesses online. Led by data scientist Qi Zhao, SEMrush conducted a study on the growth of HTTPS over the past few years. Using SEMrush Rank, sourced the top 100,000 domains in our database, top 5,000 domains in our database, and company domains for the Fortune 500 to analyze the domains of top global businesses.
HTTPS vs HTTP Usage in the Top 100,000 Domains
First we analyzed the top 100,000 domains (using SEMrush Rank) in the US database and saw that over the past three years, use of HTTPS has tripled among these websites.
To see if the website was on HTTP or HTTPS, we looked at the first URL in each domain’s Organic Positions report and looked for "https://" in the result. This report lists URLs by their "traffic %," so the first URL is page that brings that website the most organic search traffic. Then we repeated this step using historical data from each year.
In the graph above we can see the steady trend of HTTPS being used among the top 100,000 domains. From 2014 to 2017, the percentage of domains in this group that were found using HTTPS increased from 7.6% to 31.5%.
HTTPS vs HTTP Usage in the Top 5,000 Domains by Industry
Next we took the top 5,000 domains from SEMrush Rank and broke them into 25 industries to analyze the usage of HTTPS in 2017 by industry. We found that out of these 5,000 websites, 2,042 of them (or 41%) were using HTTPS.
Arts and Entertainment was the industry with the highest number of websites on HTTPS in our top 5,000. The industries with the highest percentage of HTTPS were Finance, Internet and Telecom, and Business and Industrial. The industries with the lowest percentages of HTTPS usage were News and Sports.
You can also see how prevalent HTTPS is among these industries on a daily rate with the SEMrush Sensor. If you scroll down the page and find where it says “SERP Structure, %” you can follow the percentage of HTTPS pages ranking on Google’s first pages. Click on any of the industries from the list to the left to populate the data showing that industry’s SERP structure.
HTTPS usage among Fortune 500 Companies (by sector)
Next we took a look at the Fortune 500 to see how HTTPS is being adopted by the top global companies. Again, with each company domain, we ran the Organic Positions report and looked for “https://” in the beginning of the URL to identify if it was using HTTPS or not. Below you can see the percentage of Fortune 500 companies that have domains on HTTPS, organized by sector.
The Financial (70%) and Business Service (73%) sectors had the highest HTTPS usage among Fortune 500 sectors. If you operate a website in one of these sectors and haven’t moved to HTTPS yet, you might want to think about catching up.
The sectors with the lowest usage were Aerospace & Defense (8%) and Chemicals (9%). If you operate a website in one of these sectors, moving to HTTPS could be a great way to really distance yourself ahead of the competition.
Position and HTTPS
Next we sampled 100,000 random keywords using SEMrush data to look for any correlation between SERP positions and usage of HTTPS. We found that nearly 45% of results in the first position used HTTPS and nearly 50% of results in the second position used HTTPS.
There was a clear trend from this data supporting the idea that HTTPS usage on a website can correlate to better search engine rankings.
It seems strange that the top position had a lower percentage of usage than positions 2 and 3 on average, considering the rest of the downward trend through the first page. Perhaps there are more important ranking factors than HTTPS that influence that top result on the SERP.
So there you have it - the data doesn’t lie. HTTPS definitely appears to correlate to better rankings on Google.
Benefits of HTTPS
Still not convinced? Here are a few more reasons why moving to HTTPS will be rewarding for your website.
Security was also the number one benefit we heard from experts during our #SEMrushchat on HTTPS. Websites in e-commerce or banking that process private payment information on a daily basis simply can’t afford to mishandle information or suffer from an attack. With HTTPS, you will protect more information and maintain a solid reputation, which is crucial as an online business that handles personal information.
GlobalSign, an SSL and Internet company, conducted a European web security survey that discovered over 9 out of 10 Internet users were more likely to trust a website if it displays security indicators and more likely to leave details or make a purchase when they know that their data is sent over a secure connection. One of the findings from the GlobalSign study was the point that the green “https” lock sign that appears in your browser on an HTTPS site provides a sense of security and reassurance to users that their personal information is safe on the Internet.
Starting in January 2017, Chrome 56 has been labelling HTTP pages with password fields or credit card forms as “not secure.” For an example of how this will appear, look at this website. See the “Not Secure” label?
This is an attempt to curb web users away from HTTP sites and encourage webmasters and developers to build sites on the “secure” HTTPS. To avoid your pages from this label, this Google Developers post suggests making sure all input fields and forms containing<input type=password> on your site are served over HTTPS. Ideally, your entire site should be on HTTPS, but you can avoid the “not secure” label by serving credit card and password form pages on a secure layer.
Better Referral Data
Another reason why you should switch to HTTPS is because HTTPS to HTTP referral data being blocked in Google Analytics.
So let’s say your site is on HTTP, and there’s a link back to your site from a popular site like Reddit that uses HTTPS.You will not be able to see this referral data in your Google Analytics, and it might even appear under “direct traffic” which won’t really be valuable.
For these reasons and more, HTTPS usage has been increasing among website owners. To look deeper, we conducted research using SEMrush data to see exactly how popular this protocol is among the top domains on the web.
Google recommends the usage of HTTPS and confirmed that it is a ranking factor in 2014. Since Google tends to favor more secure and better performing sites, it makes sense that they would factor the use of HTTPS into their ranking algorithm.
Since Google itself has already confirmed their support of HTTPS, it’s in your best interest to follow the trend. Be sure to read up on best practices before planning your move to HTTPS.
Remember to test out the new HTTPS report in Site Audit to see if your website has any issues migrating completely to HTTPS and check out new research about 10 HTTPS Implementation Mistakes.
Do you have any tips on website security, or how to make a smooth transition from HTTP to HTTPS? Share your thoughts in the comments!