HTTP vs. HTTPS - How Making Your Website Secure Helps with Ranking on Google

On August 6th, 2014 Google released a "minor" update to tell all webmasters to update their website with better security. By changing your website from HTTP to HTTPS, Google will start giving your website a minor ranking boost.

What is The Difference Between HTTP and HTTPS?

  • HTTP (http://) stands for Hypertext Transfer Protocol. It is the method of communication between your web browser and the server that stores information about the webpage you are trying to access. HTTP is the protocol used when your computer’s browser tries to communicate with the World Wide Web (WWW). HTTP makes the connection to retrieve the website you typed into the browser.
  • HTTPS (https://) on the other hand is a secure way to access the World Wide Web through your browser. It has the add-on of Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Just think of it as adding a lock on a door. When the browser and the server are exchanging information, they will transcript their code into a "secret language". This language cannot be interpreted by anyone else except the two parties that are exchanging this secured information. Websites using HTTPS are less prone to hackers and can keep customer’s information such as personal data and payment accounts safe.

What is an SSL Certificate?

HTTP combines with SSL/TLS to create a secure channel of communication between a browser and the requested server, the website. In order for the secured transcription to happen, an SSL Certificate containing encrypted "secret language" is required from both the browser and the server.

The SSL Certificate is much like the key to open the lock of HTTPS in order for the recipient to understand the encrypted language. This Key is owned by the server and can be shared with any browser that needs to access information from this server.

Public Key Infrastructure Explained

Public Key Infrastructure (PKI) is the protocol that identifies and allows the secure transfer of encrypted data from a server to browser utilizing SSL Certificate. Imagine PKI as the lock box that contains a“key” which is the SSL Certificate, and it is being transported by a safeguard. Sort of like an armored truck delivering money from merchants to banks.

How to Purchase an SSL Certificate

There are different types of SSL certificates, it is a good idea to consult a web developer regarding the type of SSL certificate best suited for your business needs. Most web hosting services offer options to purchase SSL certificates. We will cover a high-level introduction of the most common types of SSL certificates you will likely encounter.

  • Shared SSL Certificate: This type of certificate has no individual SSL for your own domain. Most likely you are on a shared server with a shared IP address. It is a very cost conservative solution if you are just getting started. For instance, SiteGround and HostGator even provide free shared SSL for their clients per account.
  • Dedicated Certificate: Services a specific domain and you will have your own dedicated IP address. It is the most secure solution, however, it can get very expensive.
  • Single SSL Certificate: Services one domain only. It is suitable for smaller scaled businesses such as websites that are not extremely data heavy. It is the recommended certificate if you are just getting started.
  • Multi-domain SSL Certificate: Services multiple domains. Many e-commerce, service provider companies and businesses that handle a large amount of online transactions utilize this type of certificate.
  • Wildcard Certificate: This is like the in-between of a shared SSL and a dedicated SSL depends on the server setup. The Wildcard Certificate is ideal for websites that want to treat and operate their multiple subdomains separately.

How to set up HTTPS

Below are 7 important technical tips straight from Google for your reference.

  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Changing your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible
  • Avoid the noindex robot meta tag

The bottom line is that Google encourages webmasters to adopt HTTPS so that websites can be more secure. It is a joint effort to support a better, safer, and more reliable online community for everyone.

Also See