Over the last 18 months, Google has been working to give its users a better understanding of websites and how secure they are, either with an icon in the browser or with “Not Secure”, giving more information when clicked.

July 24, with the release of Chrome 68, Chrome will now be marking all HTTP sites as “not secure”. This means that if you’ve not yet taken the plunge and invested in an SSL certificate, your visitors are going to know about it.


Google previously incentivized the use of HTTPS, announcing that HTTPS is a ranking factor, which is taken into consideration when determining how to rank web pages within its search results.

Originally, it was advised that only websites requiring users to log into their site or make any kind of online payment should use HTTPS. However, Google has now made it crucial for all websites to make the switch.

An update posted on Google’s blog earlier this year showed that over 68% of Chrome traffic on both Android and Windows is now protected (78% on Chrome OS and Mac) and over 80% of the top 100 sites on the web use HTTPS by default.

Moving to HTTPS

If you’re now convinced and ready to take the leap, be sure to make the necessary preparations to make it a smooth transition, avoiding any potential loss of traffic by making sure your visitors and bots are aware of your updated URLs.

1. Redirect all HTTP URLs to their HTTPS equivalent

This will allow any value or traffic pointing to the old URLs to be passed over to the new, making it the most important thing to get right.

Avoid including any unnecessary jumps in your redirects with simple one-to-one redirects. This can be done using your .htaccess file, which allows a simple rule to be created, replacing HTTP with HTTPS.

While your redirects will ensure that your users always land on the correct version of your URLs, redirects cause a slight lag, affecting page load time. Slower pages lead to a bad user experience and can also affect your SEO. Be sure to update all links within your content and navigation/footer links.

3. Update your hreflang tags

This only applies to multilingual websites using hreflang tags to handle which version is displayed depending on the users. These URLs will also need to be updated to HTTPS.

4. Create new Google Search Console & Bing Webmaster Tools properties

Be sure to keep your HTTP version to retain the history

5. Update your XML Sitemaps

Once your URLs have been updated, update your XML sitemaps and re-upload via Google Search Console and Bing Webmaster Tools.

6. Update Social Profiles

Update links from your social media profiles and any other external links that you have control over.

7. Move your assets to https

This is known as 'mixed content' and occurs when pages are loaded over a secure HTTPS connection, but other resources are loaded over an insecure HTTP connection. This includes images, videos, stylesheets and scripts that you may be hosting on an external server.

Google has also published best practice guides that can be found in its help center.


Moving to HTTPS is now easier and cheaper than ever before, allowing you to improve performance as well as gain access to other developer features that are not available on HTTP. Check out Google’s set-up guides to find out more.