Posted by Adrienne Porter Felt and Emily Schechter, Chrome Security
Security has always been critical to the web, but challenges involved in site
migration have inhibited HTTPS adoption for several years. In the interest of a
safer web for all, at Google we've worked alongside many others across the
online ecosystem to better understand and address these challenges, resulting in
real change. A web with ubiquitous HTTPS is not the distant future. It's
happening now, with secure browsing becoming standard for users of Chrome.
Today, we're adding a new section to the HTTPS Report Card in our Transparency
Report that includes data on how HTTPS usage has been increasing over time. More
than half of pages loaded and two-thirds of total time spent by Chrome desktop
users occur via HTTPS, and we expect these metrics to continue their strong
Percentage pages loaded over HTTPS in Chrome
As the remainder of the web transitions to HTTPS, we'll continue working to
ensure that migrating to HTTPS is a no-brainer, providing business benefit
beyond increased security. HTTPS currently enables the best performance
the web offers and powerful features that benefit site conversions,
including both new features such as service
workers for offline support and web
push notifications, and existing features such as credit
card autofill and the HTML5
geolocation API that are too
powerful to be used over non-secure HTTP.
As with all major site migrations, there are certain steps webmasters should
take to ensure that search ranking transitions are smooth when moving to HTTPS.
To help with this, we've posted two FAQs to
help sites transition correctly, and will continue to improve our web
We've seen many sites successfully transition with negligible effect on their
search ranking and traffic. Brian Wood, Director of Marketing SEO at Wayfair, a
large retail site, commented "we were able to migrate Wayfair.com to HTTPS with
no meaningful impact to Google rankings or Google organic search traffic. We are
very pleased to say that all Wayfair sites are now fully HTTPS." CNET, a large
tech news site, had a similar experience. "We successfully completed our move of
CNET.com to HTTPS last month," said John Sherwood, Vice President of Engineering
& Technology at CNET. "Since then, there has been no change in our Google
rankings or Google organic search traffic."
Webmasters that include ads on their sites also carefully monitor ad performance
and revenue during large site migrations. The portion of Google ad traffic
served over HTTPS has increased dramatically
over the past 3 years. All ads that come from any Google source always support
HTTPS, including AdWords, AdSense or DoubleClick Ad Exchange; ads sold directly,
such as those through DoubleClick for Publishers, still need to be designed to
be HTTPS-friendly. This means there will be no change to the Google-sourced ads
that appear on a site after migrating to HTTPS. Many publishing partners have
seen this in practice after a successful HTTPS transition. Jason Tollestrup,
Director of Programmatic Advertising for the Washington
Post, "saw no material impact to AdX revenue with the transition to SSL."
As migrating to HTTPS becomes even easier, we'll
continue working towards a web that's secure by default. Don't hesitate to
start planning your HTTPS migration today!