HTTP vs. HTTPS: Key Differences & SEO Impact in 2024

Scott Stockdale
Scott Stockdale
hero image

The astute observer will notice that HTTP and HTTPS are basically the same thing with one crucial difference:

http vs https

Yep, HTTPS has an added ‘s’ which means that it's more secure. Obviously though, there’s a little more to it than this.

Which is why in this guide, I’ll break down:

  • What HTTP and HTTPS are
  • The problem with HTTP
  • Why and how HTTPS is more secure, and finally,
  • The potential SEO difference

So let’s dive in…

Sidenote: If you’re interested in SEO, maybe for work or building your own site / side hustle, then be sure to check out my SEO Bootcamp course.

learn SEO in 2024

Learn SEO best practices from scratch, and get simple, actionable steps to implement to efficiently rank your website (or your clients’) on the first page of Google and start driving organic traffic to your website!

Check it out here or watch the first videos for free.

I cover a lot of ‘technical SEO’ topics in there, including HTTPS, site architecture, Core Web Vitals and more.

With that out of the way, let’s dive into this guide!

What does HTTP mean?

What does HTTP mean

HTTP stands for ‘HyperText Transfer Protocol’, and is the language browsers and servers use to communicate with one another.

How HTTP works

Most of the information that is sent over the Internet, such as website content and API calls, uses the HTTP protocol.

How HTTP works

Understanding requests and responses

There are two main kinds of HTTP messages:

  • Requests, and
  • Responses

HTTP requests are generated by a user's browser as the user interacts with web properties.

For example

If a user clicks on a hyperlink on a website, the browser will then send a series of "HTTP GET" requests for the content that appears via that hyperlink.

Understanding requests and responses

These HTTP requests all go to either an origin server or a proxy caching server, and that server will then generate a HTTP response, and send what was requested. (So that the new link loads up).

HTTP response

The problem with HTTP

The main problem with a standard HTTP connection is security.

http is insecure

So let me explain:

An HTTP request is just a series of lines of text that follow the HTTP protocol. This section of text is generated by the user's browser, and then gets sent across the Internet.

HTTP plaintext issue

The problem is that this HTTP code is in plaintext, which means that anyone monitoring the connection can read it.

Plaintext can be hacked

Not great right?

This is especially an issue when users submit sensitive data via a website or a web application, such as a password, a credit card number, or any other data entered into a form.

Incidentally, when a user submits a form, the browser translates this into an HTTP POST request instead of an HTTP GET request.

Anyways, back to the issue with HTTP.

No one wants their credit card details being intercepted and missued, so what can we do about it?

Well, that’s where HTTPS comes in to save the day…

The HTTPS solution

As we mentioned up top, the S in HTTPS stands HyperText Transfer Protocol Secure.

It is a little more complex than simply adding an S to the URL string though! HTTPS achieves this security because it uses either TLS or SSL to encrypt HTTP requests and responses, so that they can’t be read in plain text.

For example

Here you can see the difference between 2 identical websites with the exact same HTTP request.

The key difference is the information on site 1 goes through standard HTTP, while the exact same information on site 2 goes through HTTPS.

The HTTPS solution

With HTTP, a hacker could easily read the plain text code and steal your users information. But with HTTPS, that exact same data has been encoded instead, and so can’t be read.

How HTTPS works

How HTTPS works

So how does TLS and SSL encrypt HTTP requests and responses to make them secure?

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL), uses a technology called public-key encryption, and it works like this.

Step 1: SSL session request and public key response

There are two keys - a public key and a private key.

SSL session request and public key response

The public key is shared with the client devices via the server's SSL certificate, when a session request is made.

Step 2: Session keys

When a client opens a connection with a server, the two devices use the public and private keys to agree on new keys, called session keys, to then encrypt further communications between them.

Session keys

The client device generates a session key and encrypts it with the server's public key. This is then sent back to the server.

The server then decrypts the session key using the private key, also held by the server.

Step 3: HTTP request encryption

Finally, all further HTTP requests and responses are then encrypted with these session keys.

HTTP request encryption

This means that anyone who intercepts communications now, can only see a random string of characters, and not the plaintext.

HTTP request encryption example

As a result, HTTPS is far more secure than HTTP.

What does HTTPS mean for User Experience and sales?

Because of the security issues present with HTTP, each web browser has been pushing for a more secure user experience.

Then, in 2018, Google Chrome released their ‘site insecure’ warning, which alerts when a visitor visits a site that's not on HTTPS.

site not secure

Not long after, all the other major web browsers followed and implemented something similar.

This push for HTTPS is great for user safety, but also hugely increases the bounce rate on your site.

As you can imagine, this warning can put a few people off! The visitor feels unsafe or as if the page doesn't work, and leaves, meaning lost traffic and sales, and then affected your core web vitals.

It goes further though, with some payment provider options not even working without an HTTPS connection in place...

tl;dr: If you want to stop losing traffic, get a secure connection.

What does HTTPS mean for SEO?

Because of this focus on security, Google has also started to give preference to sites that meet their security standards. In fact, HTTPS has been a confirmed Google ranking factor since 2014.

If you know much about Google and SEO, it's incredibly rare for them to outright state what their specific ranking factors are, so you know it must be important.

Google even stated that their HTTPS ranking boost may serve as a tie-breaker if the quality signals for two different search results are equal in everything else.

https as a ranking signal

This means that if your website is equal to your competitor’s website in terms of speed, title tags, and content freshness, but your competitor’s website is HTTPS and yours isn’t, Google will most likely rank theirs ahead of yours.

Add HTTPS to your own sites today!

HTTPS is the de facto solution required for new and current websites if they want to be secure. However, it’s estimated that anywhere between 5-10% of total sites online are still not running on HTTPS.

5 million insecure sites

That's approximately somewhere between 56-112 million websites that are at risk of user information being stolen, spied on, or worse.

That's crazy!

Don’t get caught in the same position!

If you’re planning on building a new site, or want to improve a current one, then you need to convert it to HTTPS and add either SSL or TLS encryption to it.

The process is fairly simple, but if you’re not 100% sure, I show you all this and more in my SEO bootcamp. Better still, I walk you through it step-by-step, while also helping you audit and fix any other issues, before helping you scale, rank, and build backlinks.

It’s your one stop spot for all you need to know, for doing in-house SEO. Watch the first videos here for free.

And as an added bonus, you have access to me, students, and other full-time SEO’s via our private Discord channel on ZTM. Ask questions, get answers, and scale your traffic!

More from Zero To Mastery

Beginners Guide To International SEO preview
Beginners Guide To International SEO

Thinking of scaling your site traffic to new audiences and languages? In this guide, we walk you through the 4 major steps to get started with International SEO.

How To Use Schema Markup For SEO To Get More Traffic preview
How To Use Schema Markup For SEO To Get More Traffic

Want more traffic to your site? (DUH!) In this guide, we teach you step-by-step one technique that helped us scale to 2 million impressions per month on Google.

AI + SEO: How To Use ChatGPT For SEO Success preview
AI + SEO: How To Use ChatGPT For SEO Success

Everyone's talking ChatGPT. Is it replacing us? Or can it help us? I'll show you 11 ways you can master the AI (before it masters you) to improve your SEO.