09.11.2016

HTTPS, SSL and SEO: Security Ranks Better [Update]

As of January 1, 2017, Google Chrome will mark websites without SSL encryption as unsafe! We show you how to act proactively and how SSL encryption works.


+++ Update: December 16, 2016 +++

Every year, the German SEO specialists of Searchmetrics analyze the most significant ranking factors according to the 10,000 most relevant search terms on Google.de. This year „HTTPS“ made it to the second spot of all technical factors, outperforming others such as page loading speed and the existence of heading tags (H1 und H2).

+++ Update: December 2, 2016 +++

WordPress – with a market share of 58,8 % the leading content management system provider – acts in an exemplary manner: The founder Matt Mullenweg announced that HTTPS relevant changes will come into effect in the next year. WordPress intends to introduce new features that will only be made enabled for HTTPS encrypted websites. Also, only hosting partners that provide a SSL certificate by default in their accounts will be promoted in the future.

Google Chrome Browser Warnings

Browserverteilung weltweit
Browserverteilung weltweit

With a market share of about 73% Google Chrome is the most used browser worldwide; about 16% use Mozilla Firefox. Currently, non-encrypted websites in the address bars of both browsers are displayed with an encircled "i". By clicking on this icon, the user receives a warning that "the connection to this website is not secure". The green lock means that the page is secure. Here, "secure" means that the data transferred on this website is encrypted and protected from the access and manipulation by a third party.

Starting from January 2017, Version 56 of Google Chrome browser should also display a warning as soon as a website requires the input of sensitive data without a SSL certificate. Google Chrome users can already now enable this feature in their browser: To do this, you only need to call the chrome://flags settings page and deselect default settings under "Mark origin as non-secure". But this is just the beginning: In the near future, users should also be warned of unencrypted websites in additional areas. However, nobody knows yet what exactly this should look like.

The green lock as a signal for safety

Green Browser Bar
Green Browser Bar

The green lock means that the page is secure. Here, "secure" means that the data transferred on this website is encrypted and protected from the access and manipulation by a third party. Whether a website is encrypted with a protocol is marked not only with the lock icon but also with the HTTPS acronym. If there is something wrong with a website, this will be shown in the browser bar with a red "X". 

The initiative „HTTPS Everywhere“ shows positive results

Two years after the security initiative has been kicked-off the first signs of success are becoming visible. This year in October it has been announced that 50% of all websites are currently SSL encrypted. 

Percentage of page loades over HTTPS
Percentage of page loades over HTTPS

This was the result of the analysis of telemetric data by Google und Mozilla Firefox. The transparency report by Google shows that 49 of the 100 most visited websites worldwide, such as amazon.de, facebook.com and linkedin.com, display their content with HTTPS by default. Further seven website operators are also using modern HTTPS but not yet as standard. For those sites HTTPS:// still needs to be typed into the browser bar in order to visit the encrypted version of the site. 12 of the top 100 websites are currently working on the complete encryption of their online presences: Apple.com, ebay.com and bing.com are only using the encryption protocol for their login areas. Amazonaws.com in fact uses HTTPS as standard but redirects to a landing page.

A Global Player with a lot of catch-up work to do

Auch große Player haben kein SSL-Zertifikat
Auch große Player haben kein SSL-Zertifikat

The big news portals cnn.com, forbes.com and dailymail.co.uk constitute the negative examples: They show no encryption at all. It’s still a long way to Google Chromes imposed goal. Especially small and medium sized companies have a need for improvement. About 50% are using an SSL encryption. The reasons for this moderate use of an encryption protocol lie in the high license fees for SSL certificates, the lack of company compliance policies and in employees’ application problems. But there is a basic risk awareness: About three thirds of the surveyed companies encrypt data on their storage systems, about two third of them use a software to encrypt emails. In most parts the use of encryption is still inconsistent.

This is how SSL works

When a user enters an SSL encrypted website the addressed server replies at first with a certificate. This enables the user to check the identity of the server and the validity of the encryption. The encryption itself is always carried out with the public key method: The data is coded with a pubic key that subsequently can be decoded with a private key. If both keys match, the connection between the browser and the addressed site is established. 

Advantages of SSL Encryption

SSL encryption makes a company page more secure and strengthens customer confidence in the accessed website. Finally, except for the customer and the server, no third party will be able to read or manipulate the communication. The encryption icon corresponds to a quality seal. Users stay longer on the page, which in turn decreases the bounce rate. This has a positive effect on SEO visibility and results in a better ranking in search engines. Google has regarded the SSL encryption as a ranking factor already since 2014. With a market share of 92,45% among all search engines Google shapes the agenda.

Verteilung der Suchmaschinen
Verteilung der Suchmaschinen


Another benefit for Internet users is the increasing data quality. If a user switches from an HTTPS page to an unencrypted page, the HTTP referer will be lost. That is, the initial URL call will be deleted and only the visit of the unencrypted page will be counted as direct visit in Web analytics tools such as Google Analytics. However, if you switch from an encrypted website to a different SSL encrypted website, the HTTP referer will remain, which increases the data quality. Thus, the implementation of an SSL certificate has important benefits that should not be brushed aside.


comments powered by Disqus