Migrating Your Website to HTTPS is Recommended for SEO

This article describes how to change the URLs of existing pages on your site with minimal impact on your Google Search results. Examples of this kind of site move include:

• URL changes from HTTP to HTTPS
• Domain name changes such as example.com to example.net or merging multiple domains or hostnames
• URL paths changes: example.com/page.php?id=1 > example.com/widget, or example.com/page.html > example.com/page.htm

FAQs for all site moves with URL changes

• Should I move everything together, or is it fine to move in sections?
  Moving in sections is fine.
• How can I test how many pages were indexed?
  Verify data for each property separately in Search Console. Use the Index Status report for a broad look, or the sitemaps indexed count on the Sitemaps report for sitemap URLs.
• How long will it take for Google to recognize my URL changes?
  There are no fixed crawl frequencies; it depends on the size of your site, and the speed of crawling that’s possible. The move takes place on a per-URL basis.
• Do I lose credit for links when I redirect to new URLs?
  No, 301 or 302 redirects do not cause a loss in PageRank.

---

What is HTTPS?

HTTPS (Hypertext Transfer Protocol Secure) is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. Users expect a secure and private online experience when using a website. We encourage you to adopt HTTPS in order to protect your users’ connections to your website, regardless of the content on the site.

Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

1. Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
2. Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
3. Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

Best practices when implementing HTTPS

Use robust security certificates

You must obtain a security certificate as a part of enabling HTTPS for your site. The certificate is issued by a certificate authority (CA), which takes steps to verify that your web address actually belongs to your organization, thus protecting your customers from man-in-the-middle attacks. When setting up your certificate, ensure a high level of security by choosing a 2048-bit key. If you already have a certificate with a weaker key (1024-bit), upgrade it to 2048 bits. When choosing your site certificate, keep in mind the following:

• Get your certificate from a reliable CA that offers technical support.
• Decide the kind of certificate you need:
  • Single certificate for single secure origin (e.g. www.example.com).
  • Multi-domain certificate for multiple well-known secure origins (e.g. www.example.com, cdn.example.com, example.co.uk).
  • Wildcard certificate for a secure origin with many dynamic subdomains (e.g. a.example.com, b.example.com).

Use server-side 301 redirects

Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.

Verify that your HTTPS pages can be crawled and indexed by Google

• Do not block your HTTPS pages by robots.txt files.
• Do not include meta noindex tags in your HTTPS pages.
• Use Fetch as Google to test that Googlebot can access your pages.

---

Move your site

0. Review basic information about site moves. Know what to expect, and how it might affect your users and rankings. If moving from HTTP to HTTPS, review the best practices for HTTPS.
1. Prepare the new site and test it thoroughly.
2. Prepare a URL mapping from the current URLs to their corresponding new format.
3. Start the site move by configuring the server to redirect from the old URLs to the new ones.
4. Monitor the traffic on both the old and new URLs.

FAQs for all site moves with URL changes

• Should I move everything together, or is it fine to move in sections?
  Moving in sections is fine.
• How can I test how many pages were indexed?
  Verify data for each property separately in Search Console. Use the Index Status report for a broad look, or the sitemaps indexed count on the Sitemaps report for sitemap URLs.
• How long will it take for Google to recognize my URL changes?
  There are no fixed crawl frequencies; it depends on the size of your site, and the speed of crawling that’s possible. The move takes place on a per-URL basis.
• Do I lose credit for links when I redirect to new URLs?
  No, 301 or 302 redirects do not cause a loss in PageRank.

Migrating from HTTP and HTTPS

• Review the best practices for HTTPS.
• Be sure to add the HTTPS property to Search Console. Search Console treats HTTP and HTTPS separately; data for these properties is not shared in Search Console. So if you have pages in both protocols, you must have a separate Search Console property for each one.
• Here are additional FAQs for migrating pages from HTTP to HTTPS:

This information is taken from Google’s Webmaster Tools blog posts: Post One, Post Two, Post Three

Photo by Sarah Pflug from Burst