Https on top sites

HTTPS

HyperText Transfer Protocol Secure (abbreviated as HTTPS) is a mechanism that allows a web browser or app to securely connect with a websiteThe main objective of HTTPS is to authenticate the visited website and protect privacy and integrity of the exchanged data.

For Google, HTTPS has become a very important mission especially in recent years.

As the company explains:

"Security is a top priority at Google. We are investing and working to make sure that our sites and services provide modern HTTPS by default. We're committed to making the web a safer place not only for Google users, but for all users. HTTPS makes it difficult for Internet Service Providers, governments and others to watch what you're doing online."

In brief, Google wants HTTPS not only at Google but in the world!

How Google Motivates HTTPS Migration?

By SEO

On 06/08/2014 Google announced that HTTPS would become a ranking signal which made a huge impact on the Internet and motivated many websites to move from HTTP to HTTPS. Since then Google constantly showed it's will in order to create an HTTPS world.

Big and established websites were hesitating about moving to HTTPS because of 30x redirects due to Pagerank dilution. Therefore recently Google's Gary Illyes confirms 301, 302, 30x redirects do not lose any Pagerank value anymore.

By Chrome

Supporting HTTP2 on Chrome only if encrypted 

HTTP/2 requires the use of encryption consequently a website should support HTTPS in the first place to be able to serve HTTP/2. This requirement is due to major browsers (Mozilla Firefox and Google Chrome) which have stated that they will only support HTTP/2 when it is used over an encrypted connection. 

Marking HTTP sites as Non Secure on Chrome

Chrome’s security team announced on 08/09/2016 as a short-term plan that the browser will  start marking HTTP sites that transmit passwords or credit cards as non-secure, beginning in January 2017. As part of a long-term plan they will mark all HTTP sites as non-secure. 

Chrome HTTP Not Secure

Eventual treatment of all HTTP pages in Chrome will be 

Chrome HTTP Future

HTTPS Across Google

According to Google's statistics, 85 percent of requests sent from around the world to Google's servers used encrypted connections by the end of July 2016. That was 47 percent at the end of 2013. It seems google has done a good job in terms of HTTPS at it's own side.

HTTPS requests to Google Servers

This chart represents the percentage of requests to Google’s servers that used encrypted connections.

Handout/Google from https://www.google.com/transparencyreport/https/

HTTPS On Google

Below are Google's as well as some top sites HTTPS migration dates

Google       18/10/2011

Twitter        13/02/2012

Facebook   01/08/2013

Wikipedia   12/06/2015

Although Google moved to HTTPS long before many top websites such as Twitter, Facebook or Wikipedia, it was the last bringing HTTP Strict Transport Security(HSTS) to Google among them. Besides, as announced on Google Blog, HSTS is brought for the moment only to www.google.com. You can find more about HSTS and Google in this article HSTS on Google.com.

HTTPS On Top Sites

Google shared the data concerning a list of top 100 non Google sites on the Internet and their HTTPS states in February 2016. According to Google the sites in this list accounts for approximately 25% of all website traffic worldwide.

It is pointed out that the sites in the list will not be changed till the end of 2016 but their HTTPS states are updated regularly. I checked the report on 11/09/2016.

Out of  top 100 non Google sites

  • 46 Top Sites Work On HTTPS
  • 39 Top Sites Have Modern TLS Configuration
  • 36 Top Sites Have Default HTTPS

The results are not very promising in terms of HTTPS migration in the world. Google wishes HTTPS on top 100 most trafficked (non Google) sites on the Internet by the end of 2016. Unfortunately it will not become real however, for sure  migration will be accelerated after Chrome will be marking as "Not Secure" insecure HTTP sites beginning in January 2017 and then eventually all http sites.

Please find Google's HTTPS report at https://www.google.com/transparencyreport/https/grid/

Thanks for taking time to read this post. I offer consulting, architecture and hands-on development services in web/digital to clients in Europe & North America. If you'd like to discuss how my offerings can help your business please contact me via LinkedIn

Have comments, questions or feedback about this article? Please do share them with us here.

If you like this article

Follow Me on Twitter

Follow Searchdatalogy on Twitter

Related Tags: HTTPS  

Comments

Legal Terms Privacy

Python SEO

Learn Programming for SEO on Dataizer: Learn Python for SEO

Data SEO

Walid Gabteni: Consultant SEO

Vincent Terrasi: Data Scientist SEO

Remi Bacha: Data Scientist SEO

Recent Posts

SEO data distribution analysis 5 years, 2 months ago
SEO Forecasting 6 years, 1 month ago
SEO data analysis 6 years, 1 month ago
BrightonSEO conference 6 years, 2 months ago
HTTP2 on top sites 6 years, 5 months ago
Desktop & mobile performances 6 years, 9 months ago
Alexa top 1 million sites 6 years, 10 months ago
1 million #SEO tweets 7 years, 10 months ago
SEO, six blind men & an elephant 7 years, 11 months ago
3 ways for free https 8 years, 1 month ago
Crawl dictionary 8 years, 2 months ago
Https on top sites 8 years, 2 months ago
SEO web server log files 8 years, 3 months ago
Hsts on google.com 8 years, 4 months ago

Recent Tweets