Luke Harsel

Why You Should Move Your Site to HTTPS: SEMrush Data Study

What is HTTPS?

In Internet years, 1999 was a long time ago. That was the year that HTTP (hypertext transfer protocol) was first used to communicate across the World Wide Web.

For nearly eighteen years, HTTP has been the foundation for communication on the Internet. Everything sent between a client and server (all data, information, content, etc.) goes through HTTP. The issue now is that communication over HTTP alone is simply not as safe as it used to be.

Information on HTTP can get intercepted, manipulated or even stolen by hackers without an advanced layer of security.

Beware of hackers

This is where HTTPS comes into play.

HTTPS is the more secure version of HTTP (the “S” in HTTPS stands for secure) that adds a layer of security to the protocol by encrypting the transfer of resources.

Which Should I Use, TLS or SSL?

To migrate your website to HTTPS, a security protocol must be added between the client and server. Once they agree to use the protocol, a handshake procedure ensues. From this handshake, the server sends the client a digital certificate.

The certificate acts as an encryption key and is what makes it harder for third parties to manipulate or steal any information from your server. Two common protocols used to generate a certificate are Transport Layer Security (TLS) and Secure Socket Layer (SSL).

While both will be able to upgrade your website security, there are some important differences between the two. SSL 3.0 is the predecessor to TLS 1.0, meaning TLS is updated more regularly with stronger levels of security.

In fact, at this point, some people consider SSL 3.0 outdated after Google discovered serious vulnerabilities with the security layer. As a result, Google insists on using TLS 1.1 or 1.2 to best secure your website.

SEMrush recently added a new HTTPS Implementation report in our Site Audit tool. If you operate a website on HTTPS or are in the process of migrating to HTTPS, this report checks for any mixed content, internal links pointing to HTTP pages, missing redirects or canonicals, and pages with HTTP links the sitemap. 

HTTPS Implementation with SEMrush

Is your website secure?

Please specify a valid domain, e.g., Please specify a valid domain, e.g.,

Data Study

We wanted a closer look into exactly how popular HTTPS has become among the top domains and businesses online. Led by data scientist Qi Zhao, SEMrush conducted a study on the growth of HTTPS over the past few years. Using SEMrush Rank, sourced the top 100,000 domains in our database, top 5,000 domains in our database, and company domains for the Fortune 500 to analyze the domains of top global businesses.

HTTPS vs HTTP Usage in the Top 100,000 Domains

First we analyzed the top 100,000 domains (using SEMrush Rank) in the US database and saw that over the past three years, use of HTTPS has tripled among these websites. 

To see if the website was on HTTP or HTTPS, we looked at the first URL in each domain’s Organic Positions report and looked for "https://" in the result. This report lists URLs by their "traffic %," so the first URL is page that brings that website the most organic search traffic. Then we repeated this step using historical data from each year. 

In the graph above we can see the steady trend of HTTPS being used among the top 100,000 domains. From 2014 to 2017, the percentage of domains in this group that were found using HTTPS increased from 7.6% to 31.5%.

HTTPS vs HTTP Usage in the Top 5,000 Domains by Industry

Next we took the top 5,000 domains from SEMrush Rank and broke them into 25 industries to analyze the usage of HTTPS in 2017 by industry. We found that out of these 5,000 websites, 2,042 of them (or 41%) were using HTTPS.

Arts and Entertainment was the industry with the highest number of websites on HTTPS in our top 5,000. The industries with the highest percentage of HTTPS were Finance, Internet and Telecom, and Business and Industrial. The industries with the lowest percentages of HTTPS usage were News and Sports.

You can also see how prevalent HTTPS is among these industries on a daily rate with the SEMrush Sensor. If you scroll down the page and find where it says “SERP Structure, %” you can follow the percentage of HTTPS pages ranking on Google’s first pages. Click on any of the industries from the list to the left to populate the data showing that industry’s SERP structure.

SEMrush Sensor can track the presence of HTTPS in Google's top search results

HTTPS usage among Fortune 500 Companies (by sector)

Next we took a look at the Fortune 500 to see how HTTPS is being adopted by the top global companies. Again, with each company domain, we ran the Organic Positions report and looked for “https://” in the beginning of the URL to identify if it was using HTTPS or not. Below you can see the percentage of Fortune 500 companies that have domains on HTTPS, organized by sector.

The Financial (70%) and Business Service (73%) sectors had the highest HTTPS usage among Fortune 500 sectors. If you operate a website in one of these sectors and haven’t moved to HTTPS yet, you might want to think about catching up.

The sectors with the lowest usage were Aerospace & Defense (8%) and Chemicals (9%). If you operate a website in one of these sectors, moving to HTTPS could be a great way to really distance yourself ahead of the competition.

Position and HTTPS

Next we sampled 100,000 random keywords using SEMrush data to look for any correlation between SERP positions and usage of HTTPS. We found that nearly 45% of results in the first position used HTTPS and nearly 50% of results in the second position used HTTPS.

There was a clear trend from this data supporting the idea that HTTPS usage on a website can correlate to better search engine rankings.

It seems strange that the top position had a lower percentage of usage than positions 2 and 3 on average, considering the rest of the downward trend through the first page. Perhaps there are more important ranking factors than HTTPS that influence that top result on the SERP.

So there you have it - the data doesn’t lie. HTTPS definitely appears to correlate to better rankings on Google.

Benefits of HTTPS

Still not convinced? Here are a few more reasons why moving to HTTPS will be rewarding for your website.


Security was also the number one benefit we heard from experts during our #SEMrushchat on HTTPS. Websites in e-commerce or banking that process private payment information on a daily basis simply can’t afford to mishandle information or suffer from an attack. With HTTPS, you will protect more information and maintain a solid reputation, which is crucial as an online business that handles personal information.


GlobalSign, an SSL and Internet company, conducted a European web security survey that discovered over 9 out of 10 Internet users were more likely to trust a website if it displays security indicators and more likely to leave details or make a purchase when they know that their data is sent over a secure connection. One of the findings from the GlobalSign study was the point that the green “https” lock sign that appears in your browser on an HTTPS site provides a sense of security and reassurance to users that their personal information is safe on the Internet.

Starting in January 2017, Chrome 56 has been labelling HTTP pages with password fields or credit card forms as “not secure.” For an example of how this will appear, look at this website. See the “Not Secure” label?

This is an attempt to curb web users away from HTTP sites and encourage webmasters and developers to build sites on the “secure” HTTPS. To avoid your pages from this label, this Google Developers post suggests making sure all input fields and forms containing<input type=password> on your site are served over HTTPS. Ideally, your entire site should be on HTTPS, but you can avoid the “not secure” label by serving credit card and password form pages on a secure layer.

Better Referral Data

Another reason why you should switch to HTTPS is because HTTPS to HTTP referral data being blocked in Google Analytics.

So let’s say your site is on HTTP, and there’s a link back to your site from a popular site like Reddit that uses HTTPS.You will not be able to see this referral data in your Google Analytics, and it might even appear under “direct traffic” which won’t really be valuable.

For these reasons and more, HTTPS usage has been increasing among website owners. To look deeper, we conducted research using SEMrush data to see exactly how popular this protocol is among the top domains on the web.


Google recommends the usage of HTTPS and confirmed that it is a ranking factor in 2014. Since Google tends to favor more secure and better performing sites, it makes sense that they would factor the use of HTTPS into their ranking algorithm.

Since Google itself has already confirmed their support of HTTPS, it’s in your best interest to follow the trend. Be sure to read up on best practices before planning your move to HTTPS.

Remember to test out the new HTTPS report in Site Audit to see if your website has any issues migrating completely to HTTPS and check out new research about 10 HTTPS Implementation Mistakes.

Do you have any tips on website security, or how to make a smooth transition from HTTP to HTTPS? Share your thoughts in the comments!

HTTPS Implementation with SEMrush

Is your website secure?

Please specify a valid domain, e.g., Please specify a valid domain, e.g.,
My site [link removed by moderator] does nothing that requires security. I just display my articles and links to others' websites. Is there any reason for me to move to https?
Mike Vandeman
Hey Mike! Cool website. If you want to improve your SEO so more people can find your articles from search engines, then you should move to HTTPS because Google prefers ranking HTTPS sites/pages. The study I mentioned in the article claims that people will also trust websites on HTTPS more, so you could also experience more return visitors that trust your website if it appears secure. I'm on your website now and if I hover my mouse over the (i) icon in the search bar, my browser gives me a message that says "Your connection to this site is not secure." That could potentially scare some people away from staying on your website.
Luke Harsel
If I enter "[link removed by moderator]" in my browser (Chrome), it takes me to my site and says "Secure" after the padlock icon. Is that all I need to do to make use of https - just add "s" to my link?
Mike Vandeman
Mike, it looks like you have 2 live versions of your website - one is http and one is on https. You need to set your https version as your preferred domain and implement the proper 301 redirects so that google knows to show your https version to people.

You can read these article for more help on actually setting things up properly and how to redirect (it depends on your website's hosting):
Luke Harsel
I don't think that is possible. I have never created an https version. Apparently, something is sending https requests to my http web site automatically.
Mike Vandeman
Hey Mike, it looks like there is an SSL Certificate set up for your site. I would reach out to your hosting provider for more clarification. From here, I can see that there is an SSL certificate set up for your site
There was a Webinar on https and they said they would leave the Trello board for download - is this done?
Neil Davey
Hi Neil, are you referencing the "HTTPS Migration Roundtable" webinar? I found the slideshare available here:

I did not attend this webinar personally, so I'm not sure what was available in trello. Maybe you could try reaching out to one of the hosts for more help? Hope that helps!
Amazing article. After reading i moved my blog. Check my website its on https now Codingular
Excellent insights Luke. Lots of people have experienced huge traffic drops when moving to https. In one way Google wants you to move to https then they slap you. It seems unfair. I know clients who are too afraid to make these changes in fear of losing traffic.
Thank you! That's an interesting point you bring up. Maybe someone should do a study on the average time it takes for rankings to come back if there's a drop period after moving to https.
Luke Harsel
Excellent article Luke, i own an e-commerce site and debating if to go over to https just in case i lose a lot of traffic but if the mighty Google say they like it id better make my mind up quickly
Carl Harvey
Thank you, Carl! Yeah, I would say the mighty Google definitely likes HTTPS better :D
wonderful post and excellent article. In 2017, shifting your site from http to https is quite simple as far as search engines and SEO is concerned, Google takes at most 3 weeks for a normal sized website, to completely shift to https, the most important part, your backlinks remains as it was, good improvements from Google. Although your ranking might drop for few weeks but will be reindexed for fresh keywords and at most after one month, you can see your ranking boost and excellent flow of traffic to your website.
Jyoti Thapa
Thanks Sandeep! It's interesting to think why Google might reindex one website faster than another. How did you learn that it takes at most 3 weeks for a normal website?
Great article, Luke!

Want to add here something regarding the transition part. When you move your website from http to https version, some good tips to follow ---> make it a 301 redirect, replace internal links with https version, keep new version URLs in sitemap and as canonical ones.

Allow Google to replace old URLs with new URLs automatically, it will take time so have some patience.
Saw someone who de-indexed http after moving to https anticipating that this will allow Google to index https faster, but that de-indexed the website completely. Horrible mistake that was, should be avoided.

Praveen Sharma
Hey Praveen, thanks for sharing! That sounds like a pretty unfortunate case. Yeah, hopefully more people are patient with Google when going through the process.
Add a comment