HTTPS + SSL for SEO

HTTPS encrypts traffic between your visitors and your site. In 2026, non-HTTPS sites are nearly extinct outside legacy systems. Google treats HTTPS as a ranking signal (minor but real), browsers flag non-HTTPS sites as "Not Secure," and users bounce before seeing your content. This page walks through why HTTPS matters, how to migrate if you haven't, and the common mistakes that leave the migration half-finished.

Why HTTPS matters

Getting HTTPS

Free via Let's Encrypt. Most modern hosts (Cloudflare, Netlify, Vercel, AWS) ship HTTPS by default. For legacy hosts, use Certbot to generate free certificates.

The HTTP to HTTPS migration

After migration, expect minor ranking fluctuation for a few weeks while Google re-crawls and re-indexes. A well-executed migration generally fully recovers within 6 weeks.

Mixed content

When an HTTPS page loads resources (images, scripts, fonts) over HTTP, browsers block or warn about "mixed content." Fix by updating all asset URLs to HTTPS or to protocol-relative URLs (//example.com/image.jpg).

HSTS (HTTP Strict Transport Security)

An HTTP header that tells browsers to always use HTTPS for your domain, even if a user types http:// manually. Prevents downgrade attacks.

Strict-Transport-Security: max-age=31536000; includeSubDomains

Set it once HTTPS is stable. The max-age is how long browsers remember (1 year here).

Certificate types

Renewal

Let's Encrypt certificates expire every 90 days. Automate renewal (Certbot, most hosting providers do this automatically). An expired certificate = site instantly flagged as insecure. Set up monitoring.

Common mistakes

SSL Labs test

Run your domain through ssllabs.com/ssltest. You should get an A or A+ grade. Anything lower usually means deprecated protocols or ciphers are still enabled. Fix those in your server config.

What to do with this

Open your site in a fresh browser. Check the lock icon in the address bar. Is it locked? Good. Then open Chrome DevTools, Console tab, reload the page. Any "mixed content" warnings? Fix those now. Then run the SSL Labs test for a grade. If you're under A, that's this week's work.

Next: site architecture, how the structure of your URL tree directly affects rankings.