Migrating Your Website to HTTPS is Recommended for SEO
This article describes how to change the URLs of existing pages on your site with minimal impact on your Google Search results. Examples of this kind of site move include:
- URL changes from
HTTP
toHTTPS
- Domain name changes such as
example.com
toexample.net
or merging multiple domains or hostnames - URL paths changes:
example.com/page.php?id=1
>example.com/widget
, orexample.com/page.html
>example.com/page.htm
FAQs for all site moves with URL changes
- Should I move everything together, or is it fine to move in sections?
Moving in sections is fine. - How can I test how many pages were indexed?
Verify data for each property separately in Search Console. Use the Index Status report for a broad look, or the sitemaps indexed count on the Sitemaps report for sitemap URLs. - How long will it take for Google to recognize my URL changes?
There are no fixed crawl frequencies; it depends on the size of your site, and the speed of crawling that’s possible. The move takes place on a per-URL basis. - Do I lose credit for links when I redirect to new URLs?
No, 301 or 302 redirects do not cause a loss in PageRank.
What is HTTPS?
HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connections to your website, regardless of the content on the site.
Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
Best practices when implementing HTTPS
Use robust security certificates
You must obtain a security certificate as a part of enabling HTTPS for your site. The certificate is issued by a certificate authority (CA), which takes steps to verify that your web address actually belongs to your organization, thus protecting your customers from man-in-the-middle attacks. When setting up your certificate, ensure a high level of security by choosing a 2048-bit key. If you already have a certificate with a weaker key (1024-bit), upgrade it to 2048 bits. When choosing your site certificate, keep in mind the following:
- Get your certificate from a reliable CA that offers technical support.
- Decide the kind of certificate you need:
- Single certificate for single secure origin (e.g.
www.example.com
). - Multi-domain certificate for multiple well-known secure origins (e.g.
www.example.com, cdn.example.com, example.co.uk
). - Wildcard certificate for a secure origin with many dynamic subdomains (e.g.
a.example.com, b.example.com
).
- Single certificate for single secure origin (e.g.
Use server-side 301 redirects
Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.
Verify that your HTTPS pages can be crawled and indexed by Google
- Do not block your HTTPS pages by robots.txt files.
- Do not include meta
noindex
tags in your HTTPS pages. - Use Fetch as Google to test that Googlebot can access your pages.
Move your site
- Review basic information about site moves. Know what to expect, and how it might affect your users and rankings. If moving from HTTP to HTTPS, review the best practices for HTTPS.
- Prepare the new site and test it thoroughly.
- Prepare a URL mapping from the current URLs to their corresponding new format.
- Start the site move by configuring the server to redirect from the old URLs to the new ones.
- Monitor the traffic on both the old and new URLs.
FAQs for all site moves with URL changes
- Should I move everything together, or is it fine to move in sections?
Moving in sections is fine. - How can I test how many pages were indexed?
Verify data for each property separately in Search Console. Use the Index Status report for a broad look, or the sitemaps indexed count on the Sitemaps report for sitemap URLs. - How long will it take for Google to recognize my URL changes?
There are no fixed crawl frequencies; it depends on the size of your site, and the speed of crawling that’s possible. The move takes place on a per-URL basis. - Do I lose credit for links when I redirect to new URLs?
No, 301 or 302 redirects do not cause a loss in PageRank.
Migrating from HTTP and HTTPS
- Review the best practices for HTTPS.
- Be sure to add the HTTPS property to Search Console. Search Console treats HTTP and HTTPS separately; data for these properties is not shared in Search Console. So if you have pages in both protocols, you must have a separate Search Console property for each one.
- Here are additional FAQs for migrating pages from HTTP to HTTPS:
HTTP to HTTPS migration FAQs
Will this migration affect my ranking?
As with all migrations, you may experience some ranking fluctuation during a migration. However, you should also review the best practices information for HTTPS pages to avoid HTTPS-specific pitfalls.
HTTPS sites receive a small ranking boost, but don’t expect a visible change. Google uses HTTPS as a positive ranking signal.
This signal is one amongst many others, and currently carries less weight than high-quality site content; you should not expect a major SEO advantage for moving to HTTPS in the short term. In the longer term, Google may increase the strength of the HTTPS boost.
Is it OK to move just some pages to HTTPS?
Yes, no problem! Start with a part, test it, then move more, as you like.
If you are migrating from HTTP to HTTPS in pieces, and you want to avoid early indexing of the staged URLs, we recommend using rel=canonical
rather than redirects. If you use redirects, you won’t be able to test the redirected pages.
Which certificate do I need?
For Google Search, any modern certificate that’s accepted by modern browsers is acceptable.
Will I see search keywords for my HTTPS site?
This won’t change with HTTPS; you can still see search queries in Search Console.
We reference our HTTP sitemaps in robots.txt. Should we update the robots.txt to include our new HTTPS sitemaps?
We recommend separate robots.txt files for HTTP and HTTPS, pointing to separate sitemap files for HTTP and HTTPS. We also recommend listing a specific URL in only one sitemap file.
Which sitemap should map the section in the HTTPS trial?
You can create a separate sitemap just for the updated section of your site. This will enable you to track indexing of the trial section more precisely. Be sure not to duplicate these URLs in any other sitemaps, though.
What URLs should our sitemaps list if we have redirects (from HTTP to HTTPS or the reverse)?
List all HTTP URLs in your HTTP sitemap, and all HTTPS URLs in your HTTPS sitemap, regardless of redirects when the user visits the page. Having pages listed in your sitemap regardless of redirects will help search engines discover the new URLs faster.
Are there any other specific things we need to add to the robots.txt for the HTTPS version?
No.
Send an enquiry to Nina
This information is taken from Google’s Webmaster Tools blog posts: Post One, Post Two, Post Three
Photo by Sarah Pflug from Burst