Back in the spring of 2017, I wrote that HTTPS results made up half of page-one Google organic URLs. In over three years, I haven’t posted an update, which might lead you to believe that nothing changed. The reality is that a whole lot changed, but it changed so gradually that there was never a single event or clear “a-ha!” moment to write about.
Now, in the fall of 2020, HTTPS URLs make up 98% of page-one organic results in the MozCast 10,000-keyword tracking set. Here’s the monthly growth since April 2017:
There was a bump in HTTPS after October 2017, when Google announced that Chrome would be displaying more warnings to users for non-secure forms, but otherwise forward momentum has been fairly steady. While browsers have continued to raise the stakes, there have been no announced or measured algorithm updates regarding HTTPS.
I scoff at your data!
So, why am I writing this update now? While the MozCast 10,000-keyword set is well-suited for tracking long-term trends (as it’s consistent over time and has a long history), the data is focused on page-one, desktop results and is intentionally skewed toward more competitive terms.
Recently, I’ve been gifted access to our anonymized STAT ranking data — 7.5M keywords across desktop and mobile. Do these trends hold across devices, more pages, and more keywords?
The table above is just the page-one data. Across a much larger data set, the prevalence of HTTPS URLs on page one is very similar to MozCast and nearly identical across desktop and mobile. Now, let’s expand to the top 50 organic results (broken up into groups of ten) …
Even at the tail end of the top 50 organic results, more than 92% of URLs are HTTPS. There does seem to be a pattern of decline in HTTPS prevalence, with more non-secure URLs ranking deeper in Google results, but the prevalence of HTTPS remains very high even on page five of results.
Does this increase in HTTPS prevalence at the top of the rankings suggest that HTTPS is a ranking factor? Not by itself — it’s possible that more authoritative sites tend to be more sensitive to perceived security and have more budget to implement it. However, we know Google has stated publicly that HTTPS is a “lightweight ranking signal”, and this data seems to support that claim.
You can’t make me switch!
I don’t know why you’re being so combative, but no, I can’t really make you do anything. If you’re not convinced that HTTPS is important when 97-98% of the top ten organic results have it, I’m not sure what’s left to say. Of course, that’s not going to stop me from talking some more.
When we focus on rankings, we sometimes ignore core relevance (this is a challenge in large-scale ranking studies). For example, having relevant keywords on your page isn’t going to determine whether you win at rankings, but it’s essential to ranking at all. It’s table stakes — you can’t even join the game without relevant keywords. The same goes for HTTPS in 2020 — it’s probably not going to determine whether you rank #1 or #10, but it is going to determine whether you rank at all. Without a secure site, expect the bouncer to send you home.
As importantly, Google has made major changes around HTTPS/SSL in the Chrome browser, increasingly warning visitors if your site isn’t secure. Even if you’re still lucky enough to rank without HTTPS URLs, you’re going to be providing a poor user experience to a lot of visitors.
There’s not much left between 97% and 100%, and not many blog posts left to write about this particular trend. If you’re not taking HTTPS/SSL seriously in 2020, this is your final wake-up call.