Using https is an SEO best practice

Published:
by Wayne Smith

Over the years Google has pushed sites to adopt HTTPS. HTTPS is a secure connection and is an important technical SEO feature. It shows the site is concerned about user security and provides a SEO trust signal. For a static site using Business sites prefer to use HTTPS, which in the past also had a fee associated with the security certificate.

An SEO Best Practices

Google lists sites in their search results that are not HTTPS with a "not secure," warning! Although it does not specifically bury them in the search results. The Chrome browser also notes site which are not HTTPS as not secure in the address bar.

It is basic marketing that a business be concerned about user security. The client is putting trust in the business and the business needs to be trustworthy.

Search engines want to present clients with trusted business sources for commercial search intent. And, informational sites that exist long term on the internet need to be of the same standard.

Technical details

... letsencrypt provides a free certificate ...

Let's Encrypt sponsored in part by Google related entities provides a free SSL security certificate for HTTPS. So while in the past an SSL may indicate that owner of the site was more invested into the website ... vs a much smaller investment ... and by extension the site that invested more into the site should be of better quality. Today adding a security certificate to a website can be done without an additional cost for the certificate.

... Cerfificates with HTTP/1, HTTP/2 and HTTP/3

HTTPS over HTTP/1 a connection is made to the host requesting the specific file from the host. Both the host (site name), and requested file are requested in plan text. The host then responds that encrypted data can be used and begins the negotiation with the browser as to what type of encryption to use. Time is spent while the messages go back and forth. But a secret encryption key is generated for the connection that will be used.

HTTP/1 once a file is sent from the host the connection is closed, for a new file or page asset the process starts over. If the content being requested is not based on the user logging into the system or is basically static files which are the same for all requests from any browser ... there is no benefit; the requested file is asked for in plain text and any request for that file to the host will show the same information. The only difference is the static file was encrypted which is not private information.

HTTPS over HTTP/1.1 connections can stay open, and the encrypted channel can be used to request more files. So the time used to negotiate the description does not need to keep repeating and the file being requested is not in plain text. However, the connection is based on one request at a time. Generally requesting one file at a time instead of 4, 6, 8 files results in a longer wait time for an entire web page to download ... most of the time up to 6 connections are made and each connection needs to spend the time to negotiate the encryption.

HTTP/2 the connection remains open and the browser can request a group of files over the HTTPS connection. However, the host delivers the files in the order they were requested, (HTTP/3 addresses this issue), and rendering can be delayed if the files are requested in an order where an important file is last on the list. The negotiation time for encryption remains the same but it only needs to happen once.

HTTP/3 a hint is sent when the DNS record that points to the HTTPS host telling the browser HTTPS is available. The browser can ask for the encrypted connection without waiting to be told by the host. The connection remains open in both directions and the browser can request files while it is receiving files. Both encryption negotiation and requests for files are improved, and the host sends files as they are available ... so if the browser requests a large file before the request for a small file it needs before it can start rendering the browser does not need to wait for the large file.

With HTTP/3 the only information not encripted is the site name which was not encripted for the DNS record used to locate the website.

... HTTP/2 or HTTP/3 with SSL should be best SEO practice ...

Both HTTP/2 and HTTP/3 are faster for HTTPS ... HTTP/2 to be optimized needs the page properly coded so resources are requested in the proper order ... HTTP/3 also uses a different protocol for data over the internet which gives it an additional speed improvement. But legacy support for HTTP/2 needs to be maintained.

HTTP/3 server options 2023

HTTP/3 is still considered by some to be in the development/experimental stage. It has not been vetted over time like HTTP/1 and HTTP/2. Some of the features it may ultimately include such as WebTransport requiring a self-signed TLS certificate IE OpenSSL ... are still being worked on.

Apache Web Server supports QUIC for H3 but not HTTP/3 at this point. Usage of HTTP/2, according to w3techs, is used by 35.6% of all the websites in September 2023. HTTP/3 is used by 26.8% of all websites.