But rather the fact that ****https links are going to be different from http links and momentarily create another negative SEO pressure on a lot of websites****.

That's more of an opinion, certainly not a fact. Do you have any evidence, or anything more than a wild theory? You don't seem to be convincing anyone so far. Why would it work the way you say it does? It doesn't make sense.

and momentarily create

Any change of anything anywhere will create a “momentary” alteration. That’s why, for example, you will periodically see those “via this intermediate figment of the imagination” links in GSC. A week later, they’re gone again. Ripples in a pool.

There exist forums that are all about how to cash in on “momentary” changes while giving no thought to the long term. I’m just not entirely certain that it’s a useful discussion here. It makes me think of a brick-and-mortar business vociferously arguing against street maintenance because, during the week the repairs are taking place, nobody will be able to get to their store, so obviously the idea is harmful to business.

I'm still trying to figure out how there could be two strikes when the redirect is a one time REPLACEMENT for the old page served by an old protocol with the same page now served by a new protocol.

6 month check on all sites I've moved to HTTPS (about 30 including my own) shows:

• No drop in ranking for most, in fact since they are also all mobile responsive, I see ranking gains in the mobile index for several & one slight drop in the desktop index ranking for specific keywords but there are several new players in that SERP.

• No loss in traffic. Modest gains for most.

• No aparent backlink penalties as some have argued. On all but 4 I have removed the disallow.txt file from the server & GSC.

Google really does seem to favor HTTPS websites.

I do run a few, my live db has several tables with over million rows , live on a website gets hit 6 times per page (page returning in a quarter of a second live) and has been running like that since early 2000-th. It's SQL Server. I don't keep too much adding to it and truncate data.

I suppose that running a little site with 1,798,949,302 rows of data in just the primary tables and some of those tables having tens of millions of rows doesn't compare to that. It monitors the transactions on approximately 212 active million domain names each month and has historical data back to 2000 covering approximately 517 million domain names. And that's just part of the web facing side of things. There are historical databases here that are larger.

So I have a slight idea.

And that seems to be the problem that a lot of people have with Search. You never said that you built a search engine and all you seem to be doing is quoting the work of others. I have built country level search engines and have designed search algorithms. It was not easy to determine which sites (thousands) out of tens of millions of sites in the gTLDs were associated with particular countries and Google, at the time, was particularly useless at doing this. It managed, at the time, to place the entire country of Cuba in Italy. I also get to see the web in a way that people like you and other web developers do not. I run web usage and development surveys over entire TLDs to measure the rates of usage and development of websites in the TLDs. That allows me to see how HTTPS uptake is progressing in a way that you and others cannot because HTTPS usage is one of the metrics in these surveys.

Here's Google's own explanations on Search and what it involves:
[google.com...]

But rather the fact that ****https links are going to be different from http links and momentarily create another negative SEO pressure on a lot of websites****.

Do you not think that the people in Google are smart enough to be aware of that issue and come up with a simple fix for it? That "negative SEO pressure" may be simply the lag caused by the switch to HTTPS using 30x redirects. These may be considered to be new links that have to be recrawled and reprocessed. And Google uses a lot more than 1,000 machines. All those nicely coloured charts are great for Powerpoint presentations to middle management but the reality is often a lot more complex (there are key sections that are missing from that chart) and often quite fluid. The shift from ordinary HTTP sites to HTTPS is part of that but it is nowhere near as large as people in the SEO business seem to think and the people in most well designed and run search engine operations are probably capable of dealing with such a shift. After all, Google is one of the prime motivators behind the "let's all switch to HTTPS" propaganda.

Regards...jmcc

6 month check on all sites I've moved to HTTPS (about 30 including my own) shows:

• No drop in ranking for most, in fact since they are also all mobile responsive, I see ranking gains in the mobile index for several & one slight drop in the desktop index ranking for specific keywords but there are several new players in that SERP.

• No loss in traffic. Modest gains for most.

Did you see any short-term drops during those 6 months?

Same as keyplyr. No "negative" change in traffic (it's been a year now that I switched). I can't tell if there is a benefit, my traffic is slightly increasing from year to year. But no negative impact, is already a benefit :)

(using nginx with HTTP/2)

Did you see any short-term drops during those 6 months?

No, not that was a direct result of switching to HTTPS.

not that was a direct result of switching to HTTPS

No, no, you don't get it. Everything that happens within three months of any change you make--of any kind whatsoever--can only be a direct consequence of that change.

Lucy24, it's been documented that switching from HTTP to HTTPS has no effect in ranking currently.

Google has said that HTTPS sites will get a slight boost in ranking at some point, but it seems either that hasn't happened yet, or it is so subtle that it doesn't amount to visible ranking factor.

I'm pretty sure lucy24 was being facetious. If, unfortunately, given far too many in our business, accurate.

I switched my info sites over last June-July to HTTPS because I decided to go HTTP/2. There was a slight dip in traffic volume from all SEs during the changeover but it recovered quickly, again true with all SEs.

Where I have seen the switch to HTTPS have a ranking loss is when the site is not completely, fully, 100% HTTPS. Any page that calls a non-secure element (image, js, css, fonts, plugins, etc.) will not be secure. Even worse, a few ecom sites I helped had done everything right, except make their check out module HTTPS compliant (served from a different location). KISS OF DEATH. (sigh)

@iamlost - My reply was to glitterball's question "Did you see any short-term drops during those 6 months?" which I said no. Nothing changed... and I keep a diligent watch.

Lucy24's comment was out of context, but a valid point since any change to a site has *some* effect on *something* *somewhere* just not on those sites now using HTTPS as far as a change in ranking.

Anything can happen with SEs so any observation can change at any moment.

No, no, you don't get it

As for me not getting it..."It depends on what the definition of "it" is." - Bill Clinton
(quote modified to suit my need.)

Long week, keyplyr? ;)

Long week for me too. It took four tries to spell your name right.

Hmmm... OK

So, another observation about HTTPS. Depending on your server set-up, it may be necessary to modify Header fields (Header set bla bla..) and/or Add attributes (AddHandler, AddOutputFilterByType, etc)

Example: 2 hosts that I use have compression (GZIP) on text/html by default. However, after switching to HTTPS it was necessary to list text/html in the attributes to be compressed:

AddOutputFilterByType DEFLATE text/html text/css text/plain image/png image/gif text/javascript application/javascript application/x-httpd-fastphp

So, after switching to HTTPS, be sure to check that everything that you intended to add to the Header is still being done.

Opinion?

I am fed up with warning messages from my firewall about errors in https set up on sites which are purely information.

@piatkow - the standard is for *all* sites to be HTTPS. So called *information sites* must be HTTPS as well.

The COMING standard is HTTPS. So far it is not mandatory and that's why the user still has the option to over-ride the warnings in browsers.

When support for HTTP is deprecated or removed, HTTP is still a recognized protocol. (meanwhile, HTTP/0 is still recognized).

Actually, the web standard *now* is HTTPS.

HTTP sites are still supported by all major browsers for a limited time* but with warnings to the user that the content is not secure and they proceed at their own risk.

Web standards are the formal, non-proprietary standards and other technical specifications that define and describe aspects of the World Wide Web. In recent years, the term has been more frequently associated with the trend of endorsing a set of standardized best practices for building web sites, and a philosophy of web design and development that includes those methods.

source: wikipedia.org

*the duration is unknown at this time; none of the major browsers have announced how long they intend to support non-secure content.

Until "best practice" becomes "required to play", there is no "standard". When obtaining a domain, host, and cert is required just to start up, then you have a standard. When hosting solutions put that into a package, you have a standard.

Users don't know what to make of these things. They want their content and they want it now ... hence a growing practice to click through to "unsecured sites", particularly info, news or entertainment.

As webmasters we should (if we want all the traffic we can get) move to HTTPS, as well as mobile friendly. But the web in general is glacial for change of this magnitude and some things will be around for a good long while.

This https and certs has still got rough edges, some so stupid as to boggle the mind. Accidentally change the date on your computer and all certs become invalid ... warnings thrown up everywhere, even for the SECURED sites.

I repeat, as I've always said, the move the HTTPS is desirable, but CHECK TWICE AND THEN CHECK IT AGAIN before moving an exisitng HTTP site to HTTPS. But the web will not end nor your traffic, if you take the time and move when it is right for YOU to do so.

Until "best practice" becomes "required to play", there is no "standard".

You may have missed this part...

In recent years, the term [standard] has been more frequently associated with the trend of endorsing a set of standardized best practices for building web sites, and a philosophy of web design and development that includes those methods.

Since all major browsers have endorsed it, HTTPS is the standard.

Believe whatever you wish, but the internet is moving forward with HTTPS as the standard.

And until the infrastructure is completed to make that possible, an endorsement is just that ... an endorsement. Parsing words, but sometimes it is very important to do so (and yes, I did read it).

I am fed up with warning messages from my firewall about errors in https set up on sites which are purely information.

What's your firewall doing that for? Isn't it the browser's task to validate HTTPS?

Still another reason why it is good to migrate to HTTPS is because HTTPS to HTTP referral data is blocked in Google Analytics.

So for example, lets say your website is on HTTP still and you went viral on Reddit and YCombinator. Both of these sites are running over HTTPS. The referrer data is completely lost and the traffic from both of those sites could end up under direct traffic which is not very helpful. If someone is going from HTTPS to HTTPS the referrer is still passed

HTTPS to HTTP referral data is blocked in Google Analytics

I should hope it's blocked everywhere :-)

For anyone who thinks HTTPS is pointless on informational sites:
Who doubted HTTPS? Wikipedia switch thwarts state censorship [siliconrepublic.com]

Well I needed an example

What's your firewall doing that for?

Belt-and-suspenders, isn't it? Anything that your firewall does can also be done by some other entity, whether it's the server's config file or the user's browser.