By Charlie Nock

Google Chrome’s security updates are trying to make information encryption an internet standard. “HTTPS everywhere” is forcing brands to take browsing safety seriously. We’ll be looking at how keeping customers safe online can pay dividends for organic search and improve user-experience across all digital channels.

Back to blog home

Security online

Public trust in brands is continuing to fall, especially in the western world. When people can’t trust a brand, they’re likely to leave in search of safer pastures. If these customers were acquired through a paid social or paid search channel, then the resultant bounce rate has a tangible wastage cost. For SEO, HTTP sites have been penalised with minor ranking penalties since 2014, but the lasting damage is being inflicted by not-secure sites driving incrementally fewer and shorter clicks. It is always helpful to remember that what isn’t good for user-experience, isn’t good for organic ranking.

diagram showing HTTP brand damage

A secure site should lie at the heart of a brand's online offering

HTTPS Everywhere: Encryption as standard

Chrome, the Google operated browser used by 58% of us globally, will now alert visitors to HTTP sites which require payment information that they are ‘’Not secure’’ and accompany this with a frightening red icon to the left of the site’s URL. Pages that adopt an encrypted HTTPS protocol will appear as being visibly ‘’Secure’’. The July 24th, 2018 update to Chrome 68 came as part of a larger push by Google towards encryption everywhere becoming an internet standard. Here’s what this looks like…

Chrome not-secure warning icons

A brief history of Google Chrome's scary not-secure warning icons

How does HTTPS keep searching safe?

HTTP/S works by protecting the information passing from your servers to a users’ browser, combining the HTTP protocol with an encrypting Transport Layer Security (a TLS, for short) or Secure Socket Layer (an SSL). This serves three interlinking purposes, namely:

  1. Server authentication confirms to a customer that they are dealing with the legitimate and intended site.
  2. Data integrity allays user fears by certifying that this is the original site and its information has not been tampered with by a third party.
  3. Encryption protects both the user and the domain owner’s information from nefarious actors.

Community reaction

As can be seen below, the trend has quickly swept across the internet. In fact, February 2018 saw between 68-78% of Google Chrome traffic being protected by TLS, varying slightly between operating systems and devices. Mobile enhanced AMP pages, for example, require HTTPS encryption and naturally guide users to secure pages.

The HTTPS Migration

Chart showing HTTPS google results

More than 90% of Google search results lead to secure sites

Despite having been a stated aim of Google for the past four years and embraced by over 83 of the web’s 100 most popular sites, some large brands are yet to migrate their entire domain to secure sites. Whilst only pages which require personal or payment information currently display the dreaded ‘’Not secure’’ icon, it is expected that this will spread to all remaining HTTP pages imminently. and are among the UK’s top-100 most popular websites and are set to be named and shamed by the ongoing changes. Moz is reporting that more than 90% of the pages occupying Google’s SERPs are now HTTPS, supporting the business case for migration. Google’s message here is clearly: if your users aren’t safe, neither is your brand.

Some smaller developers and bloggers, however, are angered by the changes. Seemingly unreasonable costs and a temporary - but nonetheless feared - dip in traffic are often associated with poorly managed site migrations.

Common failures include:

  • Poor redirect mapping can result in both the secure and not-secure versions of a page remaining live and indexed, causing duplicate pieces of content to cannibalise one another’s ranking efforts. 
  • Mixed content is also commonly the downfall of sites with aspirations to become secure. The term refers to secure pages containing not secure image or .css resources, which undermine the page's security certificate. 
  • Structured data can also become ineffectual if webmasters fail to update its contents to reference the secure version of the site.
  • Paid channels don't communicate with SEO and continue to send traffic to the old, not-secure site. This traffic is then redirected. Redirections add to the site's load speed, likely increasing bounce rates as brands pay for clicks which do not convert as frustrated users search for a smoother experience elsewhere.

Merkle’s experience emphatically proves that a carefully implemented migration to HTTPS can build solid foundations for a site’s organic performance. The small price of SSL certification and migration management is dwarfed in comparison to the cost of potential data breaches, a loss of brand trust, or a site vanishing into the nether regions of the SERP. As such, our work with clients has enabled them to pre-empt and successfully navigate these security-focused algorithm changes; the data generated from this experience show that security is being rewarded by Google across the board.

SEO data showing HTTPS traffic increase

Merkle's data proves that correctly managed migrations pay dividends

Merkle advises that the migration to HTTPS is made early. If implemented correctly, then any dip in traffic should prove short-lived and minimally impactful. In the longer term, security-concerned customers and Google’s algorithms will continue to reward trustworthy brands. Rankings, traffic, and conversions, in our experience, soon follow suit as part of a virtuous cycle. The unnerving "not-secure" message in Chrome will also be fixed.

To find out how Merkle can help you achieve site security, please get in touch.

Share this article