Why HTTPS is a Google Ranking Factor
HTTPS encrypts data between the user and your server. Google confirmed it as a ranking signal in 2014 and Chrome marks HTTP sites as "Not Secure." It is table stakes for any website.
Last updated: February 20, 2026
Quick Summary
- HTTPS is a confirmed Google ranking factor since 2014
- Chrome displays "Not Secure" warnings on HTTP pages
- SSL certificates are free from Let's Encrypt and most hosting providers
- Mixed content (HTTP resources on HTTPS pages) breaks the secure connection
Does your site have this issue?
Run a free scan to find out.
What is HTTPS?
HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP. It uses SSL/TLS certificates to encrypt all data transmitted between a user's browser and your web server.
The difference is visible in the URL bar:
- HTTP: http://example.com (shows "Not Secure" in Chrome)
- HTTPS: https://example.com (shows lock icon)
HTTPS protects against: - Eavesdropping: Attackers cannot read the data being transmitted - Tampering: Data cannot be modified in transit - Impersonation: Users can verify they are connected to the real site
HTTPS as a ranking factor
In August 2014, Google officially announced HTTPS as a ranking signal. While described initially as a "lightweight" signal, its importance has grown:
Page Experience signal: HTTPS is part of Google's Page Experience ranking factors alongside Core Web Vitals.
Tiebreaker effect: When two pages are otherwise equal in relevance and quality, Google gives the edge to the HTTPS version.
Crawl priority: Google has indicated a preference for crawling HTTPS URLs over HTTP equivalents.
Trust signals: While not directly measured by Google, HTTPS contributes to user trust signals. Users who see "Not Secure" are more likely to bounce, which can indirectly hurt rankings.
How to implement HTTPS
Step 1: Get an SSL certificate - Most hosting providers include free SSL (Let's Encrypt) - Vercel, Netlify, and Cloudflare provide automatic SSL - For custom setups, use Certbot with Let's Encrypt
Step 2: Install the certificate on your server or hosting platform
Step 3: Update all internal links from http:// to https://
Step 4: Set up 301 redirects from HTTP to HTTPS for all pages
Step 5: Update your sitemap and robots.txt with HTTPS URLs
Step 6: Update Google Search Console to add the HTTPS property
Step 7: Fix mixed content - ensure all resources (images, scripts, CSS) load via HTTPS
Mixed content issues
Mixed content occurs when an HTTPS page loads resources (images, scripts, CSS) over HTTP. This is a common issue after migrating to HTTPS.
Types of mixed content: - Active mixed content (scripts, iframes): Blocked by browsers entirely - Passive mixed content (images, audio): May load but trigger warnings
To fix mixed content: 1. Update all resource URLs to use HTTPS or protocol-relative URLs (//) 2. Use Content-Security-Policy headers to catch issues 3. Run a scan to identify all HTTP resource references
Official Google Sources
Frequently Asked Questions
Is HTTPS really a ranking factor?
Yes. Google officially confirmed HTTPS as a ranking signal in 2014. It is part of the Page Experience signals that Google uses to rank pages.
How much does an SSL certificate cost?
SSL certificates are free from Let's Encrypt. Most modern hosting providers (Vercel, Netlify, Cloudflare, most shared hosts) include free SSL automatically.
Will switching to HTTPS hurt my rankings temporarily?
It can cause temporary fluctuations if redirects are not set up properly. Use 301 redirects from every HTTP URL to its HTTPS equivalent and update your sitemap.
What is mixed content and why does it matter?
Mixed content occurs when an HTTPS page loads images, scripts, or other resources over HTTP. This weakens security, triggers browser warnings, and can hurt your SEO.
Related Guides
Ready to fix this on your site?
Our scanner checks for this and 150+ other ranking factors automatically.
Get Started Free