HTTPS (HyperText Transfer Protocol Secure) is a secure encrypted protocol for transferring data on the internet.
Since all actions on the web imply data transmission (that is, there’s always a request to the server and a response from it), we need some rules for such transmission, as well as a channel and a mechanism for transmission. The HTTP protocol combined it all -- it became a standard and was used everywhere. It was HTTP that let the browser of a personal computer or mobile device download and display web content.
However, HTTP has one (major) flaw: no transmitted data is protected or encrypted. If an intruder controls a spot on the way from the server and back, he’ll easily intercept the data. That issue had to be fixed, and HyperText Transfer Protocol Secure came to change.
HTTPS is secured by a standard cryptographic protocol SSL/TLS that doesn’t let third parties access the data.
Every time a user visits and browses a website on HTTPS, this protocol generates a random secret code. It’s impossible to guess that code because it has more than 100 symbols. Only the server and the user’s computer have access to it. Thanks to this key, all transmitted data is encrypted, i.e. based on this key, keys are generated for all the data. Thus, the browser and server can display a message or transfer a sum.
If you order a pizza online on the HTTP website, your payment information is transferred via a public channel, so it can be captured. If a website runs on HTTPS, the data is encrypted.
To provide additional security, a digital certificate is used to identify the server of the resource. A user doesn’t need this certificate on its own, but if the website or server want to connect to the user, a certificate is needed to:
This digital certificate is a critical document for a website. It’s released in certification centers. The authenticity of this certificate is the first thing that the browser checks when it connects to the site on HTTPS; only if the certificate is valid, the data transfer begins.
HTTPS is extremely important for websites that process various private information, for example, payment systems, banking sites, and sites where the user enters their personal information in general.
As mentioned above, Google treats HTTPS as a signal to a higher ranking. The company’s position on this matter is crystal clear: Google wants to bring the whole internet to a “safety standard” -- HTTPS must become a rule, and they need to warn the users when they face any exceptions. That’s why Google removed the green badge from secure websites and marked insecure ones with red instead.
So if you promote your HTTP website on Google, you need to move to HTTPS.
If you want to keep your site’s ranking, an SEO specialist should control moving your site to HTTPS:
In Search Console (Google Webmaster Tools), moving to HTTPS is governed according to recommendations in their Help Center, and you can also get help in the Webmaster Help Forum.