When Google pushing webmasters to adopt HTTPS with their announcement in August that it would be a ranking signal, it prompted many webmasters to rush to get their websites secured. And it would appear that the announcement had a huge impact on the number of websites that chose to switch from HTTP to HTTPS. So large that in the week after the announcement, the number of pages requested over HTTPS jumped 3%.
On August 1, 2014, The HTTP Archive found that 9% of webpages were over HTTPS. On August 8, 2014, Google made their announcement that HTTPS would be used as a ranking signal. When the data was run by The HTTP Archive on August 15, 2014, that number had jumped to 12%. To put that into perspective, in the previous 9 months, that number only grew by a mere 1%.
Since the announcement, that number has continued to grow, although not with the same burst we initially saw immediately following Google’s announcement. But it has gone up another 2%, with the mid-December numbers showing 14% of all webpages being requested being served over HTTPS. So while there was that jump, it has continued to go up as more and more sites continue making the move to HTTPS.
The HTTP Archive gathers data from the top 1,000,000 websites, according to Alexa. The sample size is not only very large but also covers a huge diversity in the types of sites used for analysis.
Google declaring HTTPS as a ranking signal seemed to do more for increasing the number of secured websites than anything else previously. In 2010, when The HTTP Archive began tracking the data, only 2% of the top 1,000,000 websites were secure.
There was also an earlier spike in the number of sites switching to HTTPS in 2013, which coincides with the PRISM email surveillance program becoming known along with the controversy surrounding Wikileaks and the related Snowden leaks, when more people were becoming aware and concerned about repercussions of unsecured websites.
It will be interesting to see if there is an event in the future – like the idea Google Chrome is considering where they will warn users of any site they try to visit that is unsecure – will see another jump like the one with the original HTTPS as a ranking boost announcement.
Jennifer Slegg
Latest posts by Jennifer Slegg (see all)
- 2022 Update for Google Quality Rater Guidelines – Big YMYL Updates - August 1, 2022
- Google Quality Rater Guidelines: The Low Quality 2021 Update - October 19, 2021
- Rethinking Affiliate Sites With Google’s Product Review Update - April 23, 2021
- New Google Quality Rater Guidelines, Update Adds Emphasis on Needs Met - October 16, 2020
- Google Updates Experiment Statistics for Quality Raters - October 6, 2020
Doc Sheldon says
If those warnings do materialize, I think a resurgence of conversion to SSL/TLS is almost certain. The problem I have with that is that by doing so, those webmasters will be contributing to the Internet shaped by Google, rather than a Google shaped by the Internet.
Michael Martinez says
The Chrome team’s decision about marking sites as “unsecure” is controversial and is viewed by some in the security community as unnecessarily alarmist (not to mention misleading).
These Websites are not “secure”. All HTTPS does is encrypt your packets but they are unencrypted at whatever stopping point they hit, whether that is a proxy you connect to or a Website. The Websites remain as unsecure and vulnerable to hacking as they always did and user data ultimately is no more protected via HTTPS than by HTTP.
Security experts want people to use encrypted connections to log in to networks and Websites (if they do that) especially over public wifi (restaurants, malls, airports) because sniffer software can be used to grab the logins and passwords (although this is a really inefficient attack methodology from the perspective of anyone trying to grab user credentials).
However, in 2014 researchers released detailed instructions on how to create rogue routers and proxies in public wifi areas (you create your own wifi hotspot). These proxies would have to use their own security certificates to fool browsers into NOT displaying a warning about an invalid certificate, but two research teams announced they had devised means of compromising wifi routers (turning them into slaves) via malware (which up until 2014 was thought impossible). So far as I am aware the details for those methods have NOT been disclosed to the public but now that hackers know it can be done some may already have figured out how to do it.
Google’s push for greater use of HTTPS did not prevent multiple large-scale man-in-the-middle attacks from succeeding against Google, Apple, and other large service users in 2014.
This is an ineffective method for protecting user data on the Web.
Thom Craver says
Is there actual causation here, or merely two statistical correlations?