{"id":36020,"date":"2020-05-07T11:43:16","date_gmt":"2020-05-07T16:43:16","guid":{"rendered":"https:\/\/ahrefs.com\/blog\/?p=36020"},"modified":"2026-03-19T12:21:33","modified_gmt":"2026-03-19T17:21:33","slug":"what-is-https","status":"publish","type":"post","link":"https:\/\/ahrefs.com\/blog\/what-is-https\/","title":{"rendered":"What is HTTPS? Everything You Need to&nbsp;Know"},"content":{"rendered":"<div class=\"intro-txt\">HyperText Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, which is the main protocol used for transferring data over the World Wide&nbsp;Web.<\/div>\n<p>HTTPS protects the communication between your browser and server from being intercepted and tampered with by attackers. This provides confidentiality, integrity and authentication to the vast majority of today\u2019s WWW traffic.<\/p>\n<p>Any website that shows a lock icon in the address bar is using&nbsp;HTTPS.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-36128\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/https-lock-ahrefs.png\" alt width=\"736\" height=\"154\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/https-lock-ahrefs.png 736w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/https-lock-ahrefs-680x142.png 680w\" sizes=\"auto, (max-width: 736px) 100vw, 736px\"><\/p>\n<p>In this article, you\u2019ll learn:<\/p>\n<ul>\n<li><a href=\"#https-vs-https\">The basics of HTTP and&nbsp;HTTPS<\/a><\/li>\n<li><a href=\"#how-tls-works\">How TLS certificates work<\/a><\/li>\n<li><a href=\"#https-and-seo\">How HTTPS helps&nbsp;SEO<\/a><\/li>\n<li><a href=\"#how-to-set-up-https\">How to set up&nbsp;HTTPS<\/a><\/li>\n<li><a href=\"#common-https-errors\">Common HTTPS errors and how to fix&nbsp;them<\/a><\/li>\n<li><a href=\"#common-https-mistakes\">How to check for potential HTTPS migration mistakes<\/a><\/li>\n<\/ul>\n<div data-mode=\"normal\" data-oembed=\"1\" data-provider=\"youtube\" id=\"arve-youtube-ab0vmbvez7g\" style=\"max-width:900px;\" class=\"arve\">\n<div class=\"arve-inner\">\n<div style=\"aspect-ratio:500\/281\" class=\"arve-embed arve-embed--has-aspect-ratio\">\n<div class=\"arve-ar\" style=\"padding-top:56.200000%\"><\/div>\n<p>\t\t\t<iframe allow=\"accelerometer 'none';autoplay 'none';bluetooth 'none';browsing-topics 'none';camera 'none';clipboard-read 'none';clipboard-write;display-capture 'none';encrypted-media 'none';gamepad 'none';geolocation 'none';gyroscope 'none';hid 'none';identity-credentials-get 'none';idle-detection 'none';keyboard-map 'none';local-fonts;magnetometer 'none';microphone 'none';midi 'none';otp-credentials 'none';payment 'none';picture-in-picture;publickey-credentials-create 'none';publickey-credentials-get 'none';screen-wake-lock 'none';serial 'none';summarizer 'none';sync-xhr;usb 'none';web-share;window-management 'none';xr-spatial-tracking 'none';\" allowfullscreen class=\"arve-iframe fitvidsignore\" credentialless data-arve=\"arve-youtube-ab0vmbvez7g\" data-lenis-prevent data-src-no-ap=\"https:\/\/www.youtube-nocookie.com\/embed\/AB0VMbvEz7g?feature=oembed&amp;iv_load_policy=3&amp;modestbranding=1&amp;rel=0&amp;autohide=1&amp;playsinline=0&amp;autoplay=0\" frameborder=\"0\" height=\"505.8\" loading=\"lazy\" name referrerpolicy=\"strict-origin-when-cross-origin\" sandbox=\"allow-scripts allow-same-origin allow-presentation allow-popups allow-popups-to-escape-sandbox\" scrolling=\"no\" src=\"https:\/\/www.youtube-nocookie.com\/embed\/AB0VMbvEz7g?feature=oembed&amp;iv_load_policy=3&amp;modestbranding=1&amp;rel=0&amp;autohide=1&amp;playsinline=0&amp;autoplay=0\" title width=\"900\"><\/iframe><\/p><\/div>\n<\/div>\n<\/div>\n<div class=\"hub-link\"><img decoding=\"async\" alt=\"Beginner's guide to technical SEO\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/svg\/4.svg\"><div class=\"hl-title\">New to technical SEO? Check out&nbsp;our<\/div><div class=\"hl-content\"><a href=\"https:\/\/ahrefs.com\/blog\/technical-seo\/\" target=\"_blank\">Beginner\u2019s guide to technical SEO<\/a><\/div><\/div>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"HTTP vs. HTTPS: Understanding the basics\" data-section=\"https-vs-https\">\n<h2>HTTP vs. HTTPS: Understanding the basics<\/h2>\n<\/div><\/div>\n<p>First, let me simplify and illustrate the communication between the client (browser) and server when there\u2019s an attacker in between.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"900\" height=\"797\" class=\"wp-image-36012\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/http-request-respons-attacker-possibilities.png\" alt=\"http request respons attacker possibilities\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/http-request-respons-attacker-possibilities.png 900w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/http-request-respons-attacker-possibilities-480x425.png 480w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/http-request-respons-attacker-possibilities-768x680.png 768w\" sizes=\"auto, (max-width: 900px) 100vw, 900px\"><\/p>\n<p>As you can see, attackers can get hold of sensitive data like login and payment details or inject malicious code into the requested resources.<\/p>\n<p>Potential network attacks can happen anywhere with an untrusted router or ISP. Any public WiFi network is therefore vulnerable to such attacks. Fortunately, it seems that the general public is getting aware of this fact (increasing usage of&nbsp;VPNs).<\/p>\n<p>However, the burden of making everyone\u2019s browsing experience secure is and should be on webmasters.<\/p>\n<p>That\u2019s where the adoption of HTTPS comes into&nbsp;play.<\/p>\n<p>HTTPS encrypts HTTP requests and responses so an intercepting attacker would only see random characters instead of credit card details, for example.<\/p>\n<p>An analogy to how HTTPS works would be sending valuables in an indestructible locked combination box. Only the sending and receiving parties know the combination and if attackers get hold of it, they won\u2019t get inside.<\/p>\n<p>Now, a lot of things happen when a HTTPS connection is formed. Mainly, HTTPS relies on TLS (Transfer Layer Security) encryption to secure the connections.<\/p>\n<h3>Attacks HTTPS prevents<\/h3>\n<p>Without HTTPS, your site is vulnerable to several well-known attacks:<\/p>\n<ul>\n<li><strong>Man-in-the-middle (MITM)<\/strong>: Attacker intercepts communication between browser and server<\/li>\n<li><strong>Session hijacking<\/strong>: Stealing session cookies sent over unencrypted connections<\/li>\n<li><strong>SSL stripping<\/strong>: Downgrading HTTPS to HTTP without user knowledge<\/li>\n<li><strong>Credential theft<\/strong>: Capturing login credentials sent in plaintext<\/li>\n<\/ul>\n<p>HSTS (HTTP Strict Transport Security) specifically prevents SSL stripping by forcing HTTPS connections\u2014we\u2019ll cover that&nbsp;later.<\/p>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"How TLS certificates work\" data-section=\"how-tls-works\">\n<h2>How TLS certificates work<\/h2>\n<\/div><\/div>\n<p>The only way to enable HTTPS on your website is to get a TLS certificate and install it on your server. You\u2019ll also encounter it as an SSL or SSL\/TLS certificate but don\u2019t worry, it\u2019s all the same thing. SSL is still widely used terminology even though we all technically use its successor TLS.<\/p>\n<p>TLS certificates are issued by Certificate Authorities (CA). The role of CA is to be a trusted third-party in the client-server relationship. Basically, anyone can issue TLS certificates but only the publicly trusted CAs are supported by browsers.<\/p>\n<p>You can check every website\u2019s TLS certificate and its issuing CA by clicking on the lock icon in your browser\u2019s address bar.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"854\" height=\"646\" class=\"wp-image-36017\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/1-tls-issued-to.png\" alt=\"1 tls issued to\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/1-tls-issued-to.png 854w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/1-tls-issued-to-562x425.png 562w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/1-tls-issued-to-768x581.png 768w\" sizes=\"auto, (max-width: 854px) 100vw, 854px\"><\/p>\n<p>You can click through the certificate to learn more. The important thing here is the \u201cIssued to:\u201d line. This is when we get into different types of validation standards for TLS certificates, which is what mainly sets the free and paid certificates apart.<\/p>\n<h3>TLS versions: Why 1.3 matters<\/h3>\n<p>Not all TLS is created equal. Here\u2019s what you need to know about TLS versions:<\/p>\n<ul>\n<li><strong>TLS 1.3 (2018)<\/strong>: Current standard. Faster handshakes, stronger encryption, removes vulnerable ciphers<\/li>\n<li><strong>TLS 1.2 (2008)<\/strong>: Still acceptable and widely supported<\/li>\n<li><strong>TLS 1.0\/1.1<\/strong>: Deprecated. Major browsers dropped support in 2020, and Microsoft deprecated these versions in February 2026<\/li>\n<\/ul>\n<p>Best practice: Configure servers to support TLS 1.3 with TLS 1.2 fallback. Disable older versions entirely.<\/p>\n<h3>DV, OV and EV: What does it mean and which one to choose?<\/h3>\n<p>Free TLS certificates that come with your hosting and <a href=\"https:\/\/en.wikipedia.org\/wiki\/Content_delivery_network\" target=\"_blank\" rel=\"noopener noreferrer\">CDN<\/a> plans only do domain validation (DV). This validates that a certificate owner controls a given domain name. Such a basic validation technique is good enough for blogs and websites that don\u2019t handle sensitive information, but isn\u2019t ideal for those that&nbsp;do.<\/p>\n<p>Websites using a DV TLS certificate appear secure but you won\u2019t see the \u201cIssued to:\u201d line when you click the lock&nbsp;icon.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"758\" height=\"624\" class=\"wp-image-36014\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/2-tls-dv.png\" alt=\"2 tls dv\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/2-tls-dv.png 758w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/2-tls-dv-516x425.png 516w\" sizes=\"auto, (max-width: 758px) 100vw, 758px\"><\/p>\n<p>The most common DV TLS certificate comes from a non-profit CA called <a href=\"https:\/\/letsencrypt.org\/\" target=\"_blank\" rel=\"noopener noreferrer\">Let\u2019s Encrypt<\/a>, which holds about 64% market share among SSL certificate authorities. That\u2019s what most companies offering free automatically renewable TLS certificates use.<\/p>\n<p>There\u2019s nothing wrong with DV-only certificates, after all it\u2019s the only type of TLS certificate that can be automatically issued at scale. However, HTTPS is only as strong as the underlying certificate that authenticates the server you\u2019re talking to.<\/p>\n<p>If your website allows logins or payments, you should invest in a TLS certificate that offers organization validation (OV) or extended validation (EV). These two types differ in the verification process with the EV being more rigorous.<\/p>\n<p>If you\u2019re looking to buy just one, I\u2019d recommend going straight for the EV TLS certificate. It\u2019s the most trustworthy one and it doesn\u2019t cost much more than&nbsp;OV.<\/p>\n<h3>Wildcard and SAN TLS certificates<\/h3>\n<p>Leaving validation standards behind, let\u2019s move onto another category of TLS certificates.<\/p>\n<p>Wildcard and SAN certificates are used to secure multiple (sub)domains at once. If you bought a standard EV TLS certificate for example.com, you\u2019d need a separate certificate for blog.example.com.<\/p>\n<p>Wildcard certificates can secure unlimited subdomains (example.com, blog.example.com, docs.example.com) while SAN certificates also have the option to secure other domains as well (example.com, blog.example.com, different.org).<\/p>\n<p>These types are combined with the validation types so you\u2019ll see all sorts of combinations when you browse through the options CAs offer. They will also guide you through the validation process.<\/p>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"How HTTPS helps SEO\" data-section=\"https-and-seo\">\n<h2>How HTTPS helps&nbsp;SEO<\/h2>\n<\/div><\/div>\n<p>Pretty much all the benefits of HTTPS tie back to&nbsp;SEO:<\/p>\n<ul>\n<li>Lightweight ranking signal<\/li>\n<li>Better security and privacy<\/li>\n<li>Preserves referral data<\/li>\n<li>Enables the use of modern protocols that enhance security and site&nbsp;speed<\/li>\n<\/ul>\n<h3>Lightweight ranking signal<\/h3>\n<p>Google <a href=\"https:\/\/webmasters.googleblog.com\/2014\/08\/https-as-ranking-signal.html\" target=\"_blank\" rel=\"noopener noreferrer\">announced<\/a> that HTTPS is a lightweight <a href=\"https:\/\/ahrefs.com\/blog\/google-ranking-factors\/\">ranking factor<\/a> way back in 2014. It\u2019s more like a tiebreaker than something that would skyrocket your rankings if other ranking factor variables remained unchanged.<\/p>\n<p>This is basically Google\u2019s contribution to faster worldwide HTTPS adoption.<\/p>\n<h3>Better security and privacy<\/h3>\n<p>We already talked about this one. But how is this connected to&nbsp;SEO?<\/p>\n<p>When you land on an unsecure website, you\u2019ll see something like&nbsp;this:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"854\" height=\"534\" class=\"wp-image-36016\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/3-not-secure-browser.png\" alt=\"3 not secure browser\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/3-not-secure-browser.png 854w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/3-not-secure-browser-680x425.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/3-not-secure-browser-768x480.png 768w\" sizes=\"auto, (max-width: 854px) 100vw, 854px\"><\/p>\n<p>It doesn\u2019t really build trust, right? I\u2019m aware of my professional bias but I personally pay attention to this and quickly form a bad first impression if I see that on any website.<\/p>\n<p>My guess is that migrating to HTTPS <a href=\"https:\/\/ahrefs.com\/seo\/glossary\/dwell-time\" data-ahr=\"https:\/\/ahrefs.com\/blog\/dwell-time\/\">can improve dwell time<\/a> and prevent pogo sticking. While these are only theorised (not confirmed) ranking factors, making people \u2018stick\u2019 when they land on your website is something you want regardless of&nbsp;SEO.<\/p>\n<p><strong>Important update for 2026:<\/strong> Google Chrome is rolling out \u201cHTTPS-by-default\u201d starting October 2026 (Chrome 154). This means Chrome will automatically attempt HTTPS connections and display a warning before loading any HTTP site. The rollout begins April 2026 for Enhanced Safe Browsing users. If your site still uses HTTP, you have until late 2026 before Chrome actively warns visitors away.<\/p>\n<h3>Preserves referral data<\/h3>\n<p>If your website is still on HTTP and you\u2019re using web analytics services like Google Analytics, I have bad news for you: No referral data is passed from HTTPS to HTTP&nbsp;pages.<\/p>\n<p>As the vast majority of the web now runs on HTTPS (89% of all websites as of 2026, <a href=\"https:\/\/w3techs.com\/technologies\/details\/ce-httpsdefault\">according to W3Techs<\/a>), the source of most referral traffic (clicks on links from other websites) will be labeled as direct in most analytics software.<\/p>\n<p>One disadvantage of this is that it makes your data messy and skewed. Another is that you\u2019re unable to see your best referral sources\u2014which is a wasted <a href=\"https:\/\/ahrefs.com\/blog\/link-building-strategies\/\">link building opportunity<\/a>.<\/p>\n<h3>Enables the use of modern protocols that enhance security and site&nbsp;speed<\/h3>\n<p>On paper, HTTPS is slower than HTTP because of the added security features. However, having HTTPS is the prerequisite for using the latest security and web performance technology.<\/p>\n<p>In other words, besides security, HTTPS also enables your website to improve its <a href=\"https:\/\/ahrefs.com\/blog\/core-web-vitals\/\" data-ahr=\"https:\/\/ahrefs.com\/blog\/advanced-pagespeed-guide\/\">page speed<\/a> when you use protocols like <a href=\"https:\/\/kinsta.com\/blog\/tls-1-3\/\" target=\"_blank\" rel=\"noopener noreferrer\">TLS 1.3<\/a>, <a href=\"https:\/\/www.distilled.net\/resources\/an-introduction-to-http2-for-seos\/\" target=\"_blank\" rel=\"noopener noreferrer\">HTTP\/2<\/a>, and HTTP\/3.<\/p>\n<p><strong>HTTP\/3 and QUIC:<\/strong> HTTP\/3 is the latest HTTP protocol version, using QUIC instead of TCP for transport. Key benefits include faster connection establishment (0-RTT handshakes), better performance on unreliable networks like mobile and WiFi, and built-in encryption since QUIC requires TLS 1.3. HTTP\/3 has reached about 35% global adoption as of&nbsp;2025.<\/p>\n<p>And apart from better user experience, Google considers page speed as a lightweight ranking factor similar to&nbsp;HTTPS:<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Ranking wise it\u2019s a teeny tiny factor, very similar to https ranking boost. That particular one is not surprising. You do that primarily to enable users to convert.\u2014 Socially distant Gary Illyes (@methode) <a href=\"https:\/\/twitter.com\/methode\/status\/1255224116648476675?ref_src=twsrc%5Etfw\">April 28,&nbsp;2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"Common HTTPS errors and how to fix them\" data-section=\"common-https-errors\">\n<h2>Common HTTPS errors and how to fix&nbsp;them<\/h2>\n<\/div><\/div>\n<p>Before we dive into migration mistakes, here\u2019s a quick reference for common HTTPS errors users encounter and what causes them:<\/p>\n\n<table id=\"tablepress-529\" class=\"tablepress tablepress-id-529 tablepress-responsive tablepress-ahrefs-width-720px\">\n<thead>\n<tr class=\"row-1 odd\">\n\t<th class=\"column-1\">Cause<\/th><th class=\"column-2\">Error<\/th><th class=\"column-3\">Fix<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr class=\"row-2 even\">\n\t<td class=\"column-1\">Certificate expired<\/td><td class=\"column-2\">NET::ERR_CERT_DATE_INVALID<\/td><td class=\"column-3\">Renew certificate immediately<\/td>\n<\/tr>\n<tr class=\"row-3 odd\">\n\t<td class=\"column-1\">Domain name doesn\u2019t match certificate<\/td><td class=\"column-2\">NET::ERR_CERT_COMMON_NAME_INVALID<\/td><td class=\"column-3\">Reissue certificate with correct domain<\/td>\n<\/tr>\n<tr class=\"row-4 even\">\n\t<td class=\"column-1\">Certificate not in CT&nbsp;logs<\/td><td class=\"column-2\">NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED<\/td><td class=\"column-3\">Use a CT-compliant Certificate Authority<\/td>\n<\/tr>\n<tr class=\"row-5 odd\">\n\t<td class=\"column-1\">Server using outdated TLS version<\/td><td class=\"column-2\">ERR_SSL_VERSION_OR_CIPHER_MISMATCH<\/td><td class=\"column-3\">Enable TLS 1.2 and TLS 1.3 on server<\/td>\n<\/tr>\n<tr class=\"row-6 even\">\n\t<td class=\"column-1\">HTTP resources loaded on HTTPS&nbsp;page<\/td><td class=\"column-2\">Mixed content warning<\/td><td class=\"column-3\">Update all resource URLs to&nbsp;HTTPS<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<!-- #tablepress-529 from cache -->\n<p>Most of these errors stem from misconfigured servers or expired certificates. If you\u2019re seeing these on your own site, address them immediately\u2014browsers will warn visitors away.<\/p>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"How to set up HTTPS\" data-section=\"how-to-set-up-https\">\n<h2>How to set up&nbsp;HTTPS<\/h2>\n<\/div><\/div>\n<p>This depends on your scenario.<\/p>\n<h3>1. You\u2019re launching a new website<\/h3>\n<p>You\u2019ve won the lottery. Go with HTTPS from the beginning and you won\u2019t ever have to worry about HTTP and errors associated with the <a href=\"https:\/\/ahrefs.com\/blog\/website-migration\/\">migration<\/a>.<\/p>\n<p>All you need to do is to have a good hosting provider that will guide you through the process, and that supports the latest HTTP and TLS protocol versions. After all is up and running, <a href=\"https:\/\/https.cio.gov\/hsts\/\" target=\"_blank\" rel=\"noopener noreferrer\">implement HSTS<\/a> as the last step to seal the security.<\/p>\n<h3>2. You already have an HTTPS-enabled website<\/h3>\n<p>The fact that you\u2019re reading this article tells me that it\u2019s probably not set up correctly. Follow the advice in the <a href=\"#common-https-mistakes\">next section<\/a> to check for common errors.<\/p>\n<h3>3. You still have a website running on&nbsp;HTTP<\/h3>\n<p>It will take a while to get everything prepared and done. The complexity of the migration depends on:<\/p>\n<ul>\n<li>The size and complexity of your website<\/li>\n<li>What kind of CMS you&nbsp;use<\/li>\n<li>Your hosting\/CDN providers<\/li>\n<li>Your technical abilities<\/li>\n<\/ul>\n<p>While I believe that owners of small websites running on popular CMS and solid hosting can do the migration themselves, there are a lot of variables at&nbsp;play.<\/p>\n<p>I suggest you check the documentation of your CMS\/server\/hosting\/CDN and proceed accordingly\u2014and with caution. There are quite a lot of steps you need to execute so <a href=\"https:\/\/searchengineland.com\/http-https-seos-guide-securing-website-246940\" target=\"_blank\" rel=\"noopener noreferrer\">create or follow a migration checklist<\/a> and don\u2019t try to fit in other activities.<\/p>\n<p>If all of this sounds too technical for you, hire a professional. It will save you hours of your time, save your nerves, and ensure future-proof implementation.<\/p>\n<div class=\"post-nav-link clearfix\" id=\"section1\"><a class=\"subhead-anchor\" data-tip=\"tooltip__copielink\" rel=\"#section1\"><svg width=\"19\" height=\"19\" viewBox=\"0 0 14 14\" style><g fill=\"none\" fill-rule=\"evenodd\"><path d=\"M0 0h14v14H0z\" \/><path d=\"M7.45 9.887l-1.62 1.621c-.92.92-2.418.92-3.338 0a2.364 2.364 0 0 1 0-3.339l1.62-1.62-1.273-1.272-1.62 1.62a4.161 4.161 0 1 0 5.885 5.884l1.62-1.62L7.45 9.886zM5.527 5.135L7.17 3.492c.92-.92 2.418-.92 3.339 0 .92.92.92 2.418 0 3.339L8.866 8.473l1.272 1.273 1.644-1.643A4.161 4.161 0 1 0 5.897 2.22L4.254 3.863l1.272 1.272zm-.66 3.998a.749.749 0 0 1 0-1.06l2.208-2.206a.749.749 0 1 1 1.06 1.06L5.928 9.133a.75.75 0 0 1-1.061 0z\" style \/><\/g><\/svg><\/a><div class=\"link-text\" data-anchor=\"How to check for potential HTTPS migration mistakes\" data-section=\"common-https-mistakes\">\n<h2>How to check for potential HTTPS migration mistakes<\/h2>\n<\/div><\/div>\n<p>Even if you ticked off the whole HTTPS migration checklist, chances are that you\u2019ll still encounter some issues.<\/p>\n<p>While HTTPS adoption has improved dramatically,&nbsp;implementation errors remain common\u2014particularly during migrations. Our 2016 study of 10,000 domains found widespread issues at the time, and many of the same mistake patterns persist today.<\/p>\n<p>I\u2019d recommend that you check for the five common HTTPS migration mistakes below. It won\u2019t take long, and most of them aren\u2019t that hard to&nbsp;fix.<\/p>\n<p>You can also enable <a href=\"https:\/\/ahrefs.com\/blog\/always-on-audit\/\">Always-on Audit in Ahrefs Site Audit<\/a>. It monitors your site 24\/7 and alerts you about critical issues\u2014like HTTP pages slipping through or broken redirects\u2014as soon as they pop up. This is especially useful after an HTTPS migration when issues can surface unexpectedly.<\/p>\n<h3>Mistake 1: HTTP pages&nbsp;left<\/h3>\n<p>First and foremost, you need to make sure that all pages on your site are already on&nbsp;HTTPS.<\/p>\n<p>You can discover leftover HTTP pages by thoroughly crawling the website. This shouldn\u2019t be anything new if you stuck to any HTTPS migration checklist. Just make sure that the crawler has all the required URL sources so it doesn\u2019t leave pages behind.<\/p>\n<p>To do that, you can use <a href=\"https:\/\/ahrefs.com\/webmaster-tools\">Ahrefs Webmaster Tools<\/a> for free with the following setup:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1006\" height=\"834\" class=\"wp-image-36008\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/sa_crawl_setup.png\" alt=\"sa crawl setup\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/sa_crawl_setup.png 1006w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/sa_crawl_setup-513x425.png 513w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/sa_crawl_setup-768x637.png 768w\" sizes=\"auto, (max-width: 1006px) 100vw, 1006px\"><\/p>\n<p>After it\u2019s done, open the latest crawl, go to Page Explorer and apply the following filter:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"952\" class=\"wp-image-36013\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/4-http-pages-site-audit.png\" alt=\"4 http pages site audit\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/4-http-pages-site-audit.png 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/4-http-pages-site-audit-680x405.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/4-http-pages-site-audit-768x457.png 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/4-http-pages-site-audit-1536x914.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>Export the list of HTTP URLs and redirect them to finish the migration.<\/p>\n<div class=\"recommendation\"><div class=\"recommendation-title\">TIP<\/div><div class=\"recommendation-content\">\n<p>You can also enable <a href=\"https:\/\/help.ahrefs.com\/en\/articles\/9317209-how-to-submit-pages-to-indexnow-within-site-audit\">IndexNow auto-submit<\/a> in your Site Audit settings. After you fix redirect issues or update pages, Site Audit will automatically notify Bing and other search engines about the changes\u2014so they recrawl your updated pages faster.<\/p>\n<\/div><\/div>\n<p>Remember: pages that are not in your <a href=\"https:\/\/ahrefs.com\/blog\/how-to-create-a-sitemap\/\">sitemap<\/a> and have zero links pointing to them are impossible to discover by crawling. This can often happen with dedicated PPC landing pages. One way to find these is to export the URL list from your ads managers like Google Ads or FB Business Manager.<\/p>\n<p>From there, make sure the orphaned pages were migrated properly. And don\u2019t forget to update them in your campaign dashboards to the newer HTTPS format.<\/p>\n<h3>Mistake 2: HTTPS pages with HTTP content<\/h3>\n<p>This mistake occurs when the initial HTML file is loaded using HTTPS but its resource files (images, CSS, JavaScript) haven\u2019t been updated to HTTPS&nbsp;yet.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"1523\" class=\"wp-image-36019\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/5-https-with-http-content-site-audit.jpg\" alt=\"5 https with http content site audit\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/5-https-with-http-content-site-audit.jpg 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/5-https-with-http-content-site-audit-446x425.jpg 446w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/5-https-with-http-content-site-audit-768x731.jpg 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/5-https-with-http-content-site-audit-1536x1462.jpg 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>If this is an issue on your website, you\u2019ll see it both in the crawl overview and Internal pages report. All errors, warnings and notices in the free Ahrefs Webmaster Tools contain a description of the issue and advice on how to fix&nbsp;it.<\/p>\n<h3>Mistake 3: Internal links not updated to&nbsp;HTTPS<\/h3>\n<p>Not updating your <a href=\"https:\/\/ahrefs.com\/blog\/internal-links-for-seo\/\">internal links<\/a> to HTTPS causes unnecessary redirects. That\u2019s obviously better than landing on an HTTP page but we\u2019ve already gone through this mistake. It\u2019s easy to spot these links and fix&nbsp;them.<\/p>\n<p>You\u2019ll find this issue under the Links report in Site Audit within <a href=\"https:\/\/ahrefs.com\/webmaster-tools\">Ahrefs Webmaster Tools<\/a>:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"701\" class=\"wp-image-36011\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/6-internal-links-to-http-site-audit.png\" alt=\"6 internal links to http site audit\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/6-internal-links-to-http-site-audit.png 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/6-internal-links-to-http-site-audit-680x298.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/6-internal-links-to-http-site-audit-768x336.png 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/6-internal-links-to-http-site-audit-1536x673.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>Just rewrite the URLs to https:\/\/ and you\u2019re done. This is only applicable if you\u2019ve already made sure that no HTTP pages are left using the advice under mistake #1.<\/p>\n<h3>Mistake 4: Tags not updated to&nbsp;HTTPS<\/h3>\n<p>There are two types of tags you might be using on your website that also need their URLs updating to HTTPS: Canonical tags and Open Graph&nbsp;tags.<\/p>\n<p><a href=\"https:\/\/ahrefs.com\/blog\/canonical-tags\/\">Canonical tags<\/a> tell Google what you consider to be the most authoritative page from a bunch of similar or duplicate pages. Pointing that to an HTTP version can definitely send a bad signal to Google and will be most likely ignored.<\/p>\n<p>If you use <a href=\"https:\/\/ahrefs.com\/blog\/open-graph-meta-tags\/\">Open Graph tags<\/a> to optimize your social media posts, then URL tags are required by Facebook. They should be the same as canonical URLs.<\/p>\n<p>To find pages with HTTP canonical and OG tags, set up this custom filter in Page Explorer:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"595\" class=\"wp-image-36010\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/7-canonical-open-graph-https.png\" alt=\"7 canonical open graph https\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/7-canonical-open-graph-https.png 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/7-canonical-open-graph-https-680x253.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/7-canonical-open-graph-https-768x286.png 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/7-canonical-open-graph-https-1536x571.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>Again, all that\u2019s left is to rewrite them to https:\/\/ given a completely finished migration.<\/p>\n<div class=\"recommendation\"><div class=\"recommendation-title\">TIP<\/div><div class=\"recommendation-content\">\n<p>You can fix canonical tags directly in Site Audit using <a href=\"https:\/\/ahrefs.com\/patches\">Patches.<\/a> Click \u201cPatch it\u201d on any affected URL, update the canonical to the correct HTTPS version, and publish the change\u2014no developers needed. You can even test your edits first and roll them back if something goes&nbsp;wrong.<\/p>\n<\/div><\/div>\n<h3>Mistake 5: Failed redirects<\/h3>\n<p>Redirects can be tricky. There\u2019s quite a lot that could go wrong\u2014from broken redirects, to redirect chains and&nbsp;loops.<\/p>\n<p>Fortunately, it\u2019s easy to spot these errors with Site Audit. Just check the Redirects report and go through all the issues.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"1505\" class=\"wp-image-36009\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/8-failed-redirects.jpg\" alt=\"8 failed redirects\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/8-failed-redirects.jpg 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/8-failed-redirects-452x425.jpg 452w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/8-failed-redirects-768x722.jpg 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/8-failed-redirects-1536x1445.jpg 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>After you click on the \u201cView affected URLs\u201d button, you\u2019ll see a report similar to this, just with more default columns and metrics:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"490\" class=\"wp-image-36018\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/9-redirect-chains.png\" alt=\"9 redirect chains\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/9-redirect-chains.png 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/9-redirect-chains-680x208.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/9-redirect-chains-768x235.png 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/9-redirect-chains-1536x470.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>The best thing here is that you\u2019ll really see all the affected URLs\u2014the redirected ones, ones inside the redirect chain, and those that link to the redirected ones.<\/p>\n<p>There are two things you should do&nbsp;here.<\/p>\n<p>The first one is splitting up the redirects, in this&nbsp;case:<\/p>\n<p><em>https:\/\/blog.example.com\/123\/&gt; -&gt; 301 redirect -&gt; &gt;https:\/\/example.com\/blog\/987\/<\/em><\/p>\n<p>This would ensure that all backlinks pointing to both https:\/\/blog.example.com\/123\/ and https:\/\/example.com\/blog\/123\/ would be redirected only once. That\u2019s fine for external backlinks as reaching out to webmasters with link edit requests would be highly ineffective and quite annoying.<\/p>\n<p>We can do better internally though.<\/p>\n<p>You should strive for the least number of redirects. That\u2019s when the number of inlinks column comes into&nbsp;play.<\/p>\n<p>Inlinks are URLs that link to the URL affected by the redirect chain. You\u2019ll want to swap the links on those pages for URLs that return a <a href=\"https:\/\/ahrefs.com\/blog\/http-status-codes\/\">200 HTTP status code<\/a>. If you click through the number of inlinks, you\u2019ll see all of&nbsp;them:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"1600\" height=\"443\" class=\"wp-image-36015\" src=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/10-inlinks-site-audit.png\" alt=\"10 inlinks site audit\" srcset=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/10-inlinks-site-audit.png 1600w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/10-inlinks-site-audit-680x188.png 680w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/10-inlinks-site-audit-768x213.png 768w, https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/10-inlinks-site-audit-1536x425.png 1536w\" sizes=\"auto, (max-width: 1600px) 100vw, 1600px\"><\/p>\n<p>Of course, again, the next step would be checking the inlinks of the URLs within the redirect chain. However, that\u2019s of a lower priority as we already broke the redirect chain. These would be tagged as standard 301 redirects in the 3XX Redirects report upon the next&nbsp;crawl.<\/p>\n<h2>Final thoughts<\/h2>\n<p>HTTPS is essential for website security and is now expected by users and search engines alike. With Chrome\u2019s 2026 HTTPS-by-default rollout approaching, there\u2019s no better time to ensure your site is properly configured.<\/p>\n<p>The migration process can be complex, but the benefits\u2014improved security, better SEO signals, preserved referral data, and access to modern protocols like HTTP\/3\u2014make it worthwhile.<\/p>\n<p>Use <a href=\"https:\/\/ahrefs.com\/webmaster-tools\">Ahrefs Webmaster Tools<\/a> to audit your HTTPS implementation and catch common migration mistakes before they impact your site\u2019s performance. And with features like<a href=\"https:\/\/ahrefs.com\/blog\/always-on-audit\/\"> Always-on Audit<\/a> and <a href=\"https:\/\/ahrefs.com\/patches\">Patches<\/a>, you can monitor issues continuously and fix them without waiting on developers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HTTPS protects the communication between your browser and server from being intercepted and tampered with by attackers. This provides confidentiality, integrity and authentication to the vast majority of today\u2019s WWW traffic. Any website that shows a lock icon in the<span class=\"ellipsis\">\u2026<\/span><\/p>\n<div class=\"read-more\">Read more \u203a<\/div>\n<p><!-- end of .read-more --><\/p>\n","protected":false},"author":149,"featured_media":36036,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"wp_typography_post_enhancements_disabled":false,"footnotes":""},"categories":[329],"tags":[],"coauthors":[375],"class_list":["post-36020","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-seo","odd"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>What is HTTPS? Everything You Need to Know<\/title>\n<meta name=\"description\" content=\"HyperText Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, which is the main protocol used for transferring data over the World Wide Web.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/ahrefs.com\/blog\/what-is-https\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is HTTPS? Everything You Need to Know\" \/>\n<meta property=\"og:description\" content=\"Learn why HTTPS is important\u2014especially for SEO\u2014and how to set it up.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/ahrefs.com\/blog\/what-is-https\/\" \/>\n<meta property=\"og:site_name\" content=\"SEO Blog by Ahrefs\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Ahrefs\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-05-07T16:43:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-19T17:21:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"990\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Michal Pec\u00e1nek\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:description\" content=\"Learn why HTTPS is important\u2014especially for SEO\u2014and how to set it up.\" \/>\n<meta name=\"twitter:creator\" content=\"@michalpecanek\" \/>\n<meta name=\"twitter:site\" content=\"@ahrefs\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/\"},\"author\":{\"name\":\"Michal Pec\u00e1nek\",\"@id\":\"https:\/\/ahrefs.com\/blog\/#\/schema\/person\/b66ba944c48e71d0abac1af2f11265ec\"},\"headline\":\"What is HTTPS? Everything You Need to&nbsp;Know\",\"datePublished\":\"2020-05-07T16:43:16+00:00\",\"dateModified\":\"2026-03-19T17:21:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/\"},\"wordCount\":3017,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png\",\"articleSection\":[\"Technical SEO\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/ahrefs.com\/blog\/what-is-https\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/\",\"url\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/\",\"name\":\"What is HTTPS? Everything You Need to Know\",\"isPartOf\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png\",\"datePublished\":\"2020-05-07T16:43:16+00:00\",\"dateModified\":\"2026-03-19T17:21:33+00:00\",\"description\":\"HyperText Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, which is the main protocol used for transferring data over the World Wide Web.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/ahrefs.com\/blog\/what-is-https\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage\",\"url\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png\",\"contentUrl\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png\",\"width\":1920,\"height\":990},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/ahrefs.com\/blog\/#website\",\"url\":\"https:\/\/ahrefs.com\/blog\/\",\"name\":\"SEO Blog by Ahrefs\",\"description\":\"Link Building Strategies &amp; SEO Tips\",\"publisher\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/ahrefs.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/ahrefs.com\/blog\/#organization\",\"name\":\"Ahrefs\",\"url\":\"https:\/\/ahrefs.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/ahrefs.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2023\/06\/ahrefs-logo.png\",\"contentUrl\":\"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2023\/06\/ahrefs-logo.png\",\"width\":2048,\"height\":768,\"caption\":\"Ahrefs\"},\"image\":{\"@id\":\"https:\/\/ahrefs.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Ahrefs\/\",\"https:\/\/x.com\/ahrefs\",\"https:\/\/www.linkedin.com\/company\/ahrefs\/\",\"https:\/\/www.youtube.com\/c\/ahrefscom\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/ahrefs.com\/blog\/#\/schema\/person\/b66ba944c48e71d0abac1af2f11265ec\",\"name\":\"Michal Pec\u00e1nek\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=gd907208e0da9767ada4256cffbd6f311\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=g\",\"caption\":\"Michal Pec\u00e1nek\"},\"description\":\"SaaS SEO consultant with over 6 years of experience. Before going freelance, Michal was an SEO &amp; Marketing Educator at Ahrefs\u2013creating content for the blog and managing a team of guest writers.\",\"sameAs\":[\"https:\/\/www.michalpecanek.com\/\",\"michalpecanek\",\"https:\/\/x.com\/michalpecanek\",\"joshua.hardwick@ahrefs.com\"],\"url\":\"https:\/\/ahrefs.com\/blog\/author\/michal-pecanek\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"What is HTTPS? Everything You Need to Know","description":"HyperText Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, which is the main protocol used for transferring data over the World Wide Web.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/ahrefs.com\/blog\/what-is-https\/","og_locale":"en_US","og_type":"article","og_title":"What is HTTPS? Everything You Need to Know","og_description":"Learn why HTTPS is important\u2014especially for SEO\u2014and how to set it up.","og_url":"https:\/\/ahrefs.com\/blog\/what-is-https\/","og_site_name":"SEO Blog by Ahrefs","article_publisher":"https:\/\/www.facebook.com\/Ahrefs\/","article_published_time":"2020-05-07T16:43:16+00:00","article_modified_time":"2026-03-19T17:21:33+00:00","og_image":[{"width":1920,"height":990,"url":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png","type":"image\/png"}],"author":"Michal Pec\u00e1nek","twitter_card":"summary_large_image","twitter_description":"Learn why HTTPS is important\u2014especially for SEO\u2014and how to set it up.","twitter_creator":"@michalpecanek","twitter_site":"@ahrefs","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/#article","isPartOf":{"@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/"},"author":{"name":"Michal Pec\u00e1nek","@id":"https:\/\/ahrefs.com\/blog\/#\/schema\/person\/b66ba944c48e71d0abac1af2f11265ec"},"headline":"What is HTTPS? Everything You Need to&nbsp;Know","datePublished":"2020-05-07T16:43:16+00:00","dateModified":"2026-03-19T17:21:33+00:00","mainEntityOfPage":{"@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/"},"wordCount":3017,"commentCount":0,"publisher":{"@id":"https:\/\/ahrefs.com\/blog\/#organization"},"image":{"@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage"},"thumbnailUrl":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png","articleSection":["Technical SEO"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/ahrefs.com\/blog\/what-is-https\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/","url":"https:\/\/ahrefs.com\/blog\/what-is-https\/","name":"What is HTTPS? Everything You Need to Know","isPartOf":{"@id":"https:\/\/ahrefs.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage"},"image":{"@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage"},"thumbnailUrl":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png","datePublished":"2020-05-07T16:43:16+00:00","dateModified":"2026-03-19T17:21:33+00:00","description":"HyperText Transfer Protocol Secure (HTTPS) is an encrypted version of HTTP, which is the main protocol used for transferring data over the World Wide Web.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/ahrefs.com\/blog\/what-is-https\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ahrefs.com\/blog\/what-is-https\/#primaryimage","url":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png","contentUrl":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2020\/05\/fb-what-is-https.png","width":1920,"height":990},{"@type":"WebSite","@id":"https:\/\/ahrefs.com\/blog\/#website","url":"https:\/\/ahrefs.com\/blog\/","name":"SEO Blog by Ahrefs","description":"Link Building Strategies &amp; SEO Tips","publisher":{"@id":"https:\/\/ahrefs.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/ahrefs.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/ahrefs.com\/blog\/#organization","name":"Ahrefs","url":"https:\/\/ahrefs.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/ahrefs.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2023\/06\/ahrefs-logo.png","contentUrl":"https:\/\/ahrefs.com\/blog\/wp-content\/uploads\/2023\/06\/ahrefs-logo.png","width":2048,"height":768,"caption":"Ahrefs"},"image":{"@id":"https:\/\/ahrefs.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Ahrefs\/","https:\/\/x.com\/ahrefs","https:\/\/www.linkedin.com\/company\/ahrefs\/","https:\/\/www.youtube.com\/c\/ahrefscom"]},{"@type":"Person","@id":"https:\/\/ahrefs.com\/blog\/#\/schema\/person\/b66ba944c48e71d0abac1af2f11265ec","name":"Michal Pec\u00e1nek","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=gd907208e0da9767ada4256cffbd6f311","url":"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/08c8f97481700ebb7fa875d1c0ce2a09bacba7ec4e37d19883377184bc111f03?s=96&d=mm&r=g","caption":"Michal Pec\u00e1nek"},"description":"SaaS SEO consultant with over 6 years of experience. Before going freelance, Michal was an SEO &amp; Marketing Educator at Ahrefs\u2013creating content for the blog and managing a team of guest writers.","sameAs":["https:\/\/www.michalpecanek.com\/","michalpecanek","https:\/\/x.com\/michalpecanek","joshua.hardwick@ahrefs.com"],"url":"https:\/\/ahrefs.com\/blog\/author\/michal-pecanek\/"}]}},"_links":{"self":[{"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/posts\/36020","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/users\/149"}],"replies":[{"embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/comments?post=36020"}],"version-history":[{"count":0,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/posts\/36020\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/media\/36036"}],"wp:attachment":[{"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/media?parent=36020"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/categories?post=36020"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/tags?post=36020"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/ahrefs.com\/blog\/wp-json\/wp\/v2\/coauthors?post=36020"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}