In March 2014, Matt Cutts stated at the SMX West that site security was going to be a ranking factor and that they were giving more considerations to sites working with HTTPS. Websites using SSL (Secure Sockets Layer) encryption get a ranking boost compared to sites using TLS (Transport Layer Security). HTTPS websites ranking signal is not as strong as quality content for example but still matters for Google.

A study has shown that 20% of first pages in the SERPs are now HTTPS websites. But when it comes to updates, there are also drawbacks.

What HTTPS means for your SEO

  • 301 redirects

When switching your basic HTPP to an HTPPS website, in most cases, this change comes with many 301 redirects which means you are meeting a loss of link equity. Unlike Google said, moving to HTTPS can lead to a loss of rankings and have the total opposite effect of what you were expecting.
Even if in many cases, this change is going well, it can be a tough job to do. Moz has stated that when they updated their HTTP to an HTTPS to be more secure, they met a loss of 9% in their organic search traffic.

  • referral data

With HTTPS comes a loss of referral data. Actually, you can get informations about where you traffic comes from. If a site sends traffic to another, you can access data on where this traffic comes from. This has a beneficial impact for your SEO because most of the time people will want to see from where their traffic is coming and will click on your website when checking their analytics. But this technique has been used to much by spammers who used it for referral spamming.
But this is not working anymore when the traffic comes up an HTTPS site to a HTTP one. You will not have access to the referrer data anymore and so will not know anymore from where the traffic is sent. This is translate by the “not provided”.

But also be careful with you rel=canonical, external linkings, etc. If you need all the details of the impact of HTTPS on your SEO, you can check this article from iZooto.

How the meta referrer tag can help

Moving to HTTPS is a fact. Security has largely become a criteria to rank well so you can’t avoid it. But to avoid this loss of referral data it exists a simple trick to install, it is call the meta referrer tag and let you control your referrer informations.
In other words, you can still take advantages of the HTTPS and of the referrer data but in a more secure way. Traffic stays encrypted but you can pass this referrer data to all websites even if they are under HTTP.
Moz have shared the HTML code on how to implement it in your <head> section and the 5 differents ways to control how browsers are sending the information from your site:

  • None: Never pass referral data

<meta name=”referrer” content=”none”>

  • Unsafe URL: Always passes the URL string as a referrer. Note if you have any sensitive information contained in your URL, this isn’t the safest option. By default, URL fragments, username, and password are automatically stripped out.

<meta name=”referrer” content=”unsafe-url”>

  • Origin Only: Sends the scheme, host, and port stripped of the full URL as a referrer, i.e. https://moz.com/thispage.html would simply send https://moz.com

<meta name=”referrer” content=”origin”>

  • None When Downgrade: Sends referrer information to secure HTTPS sites, but not insecure HTTP sites

<meta name=”referrer” content=”none-when-downgrade”>

  • Origin When Cross-Origin: Sends the full URL as the referrer when the target has the same scheme, host, and port (i.e. subdomain) regardless if it’s HTTP or HTTPS, while sending origin-only referral information to external sites.