@killua - without knowing what is causing you perceived "significant drop in traffic" no one can tell you whether it may be a temporary or permanent situation. Your traffic, and the where it comes from, is influenced by many factors.

However I will say that migration to HTTPS done correctly does not cause any change in SERP ranking.

I have also experienced a drop in traffic after moving websites to https.
Although I can't say for certain why it has happened, I can offer a few observations and theories:

Firstly, looking at Search Analytics in Google Webmaster Tools show no immediate drop off in Google search clicks, so I do not believe that Google is initially sending less traffic. However, there all kinds of feedback loops with Google, so it is possible that other issues with https could have secondary implications.

So, if referrals from Google are not the issue, then what?
Is it possible that older browsers or operating systems are the issue?
Can they access the site via https?
Can they handle the redirects properly?
Are there multiple redirects going on (old url redirected to new url redirected to https)?
Is there a combination of the above?

My current theory is that Windows XP users are the issue. While many will say Windows XP users only account for a tiny percentage, it is my experience that older users using legacy operating systems convert really well and click on ads - I would take 1 XP user for 10 mobile users.
So it could be that preventing those users from accessing your website is causing a disproportionate loss of earnings.

There's no hard consensus that switching to https results in a drop ... but the large number of posts here at WW suggest that some are experiencing just that. Ar present there's no concrete evidence that switching protocols has any bearing on ranking the serps. Logically there should be NO difference whatsoever.

@glitterball - agreed, XP users, while a steady declining metric, could be a measurable factor for select sites with that audience.

Progress will always leave behind the archaic.

In my case, the Total impressions did show a significant drop in Search Analytics in Google Webmaster Tools.

My site is 13 years old with 500 pages and it was built on times where CMS is not yet widely used, so all these pages are static .htm files. Some people recommend using rel=canonical "on all and every pages" when migrating to https, but I figured that would be a daunting task by editing all these 500 pages manually, since I think there is no available automated means to do that on a static html site.

But just to be sure, is a drop in ranking/traffic when migrating to HTTPS can be caused by not using the "rel=canonical" element? If that is the case I have no choice but to do this tedious task.

killua, again ranking and traffic are two seperate things, often related, but still different.

Without understanding why your traffic is declining, I would not recommend blindly trying different measures because they may have applied elsewhere.

You may wish to consider this information: 5 common mistakes with rel=canonical [webmasters.googleblog.com]

the Total impressions did show a significant drop in Search Analytics in Google Webmaster Tools

Have all your pages been reindexed as HTTPS? Are you looking at the HTTPS property or the HTTP property when you see the decline? How long has it been since you installed the 301?

Webmaster Tools show that 95% of all the pages have been reindexed as HTTPS. I'm looking at the HTTPS property when I see the decline. The traffic in HTTP property is already too small, and 99% of the traffic is already in HTTPS property, but the decline in Total impressions in the HTTPS property is about 30% less compared to the HTTP property before the migration started. In terms of traffic, I now get 15% less visitors than before the migration.

It's been 3 weeks since I installed the 301.

Well, just a guess, but if you're in the US, we are in a four day holiday. That combined with the normal flux of up & down traffic and of course the non-support for the older browsers mentioned by glitterball could account for it. There was an algo update recently as well.

If your raw server logs (not a stats report) show all pages properly executing 301, then the traffic decline is likely due to the above reasons.

BTW - you should soon be seeing a slight ranking boost and an increase in traffic now that users can verify their connection is secure at your site.

I'm sure I will be lambasted for suggesting this, but...

I got some relief by removing the 301s redirecting every page to https. All of my pages had already been reindexed by Google as https, and all links point to https pages, and I have https set as the preferred version in webmaster tools. So it means that users of older browsers get to see at least one page on my site!

I got some relief by removing the 301s redirecting every page to https

@glitterball - not smart. All visitors following backlinks to HTTP pages will get security warnings, eventually being blocked by their browser from ever reaching your site.

And don't forget, the new HTTP/2 protocol only works with HTTPS so you loose there as well.

you say its page impressions that are dropping, so maybe its a speed issue -- https pages can be slightly slower than http, so if they were already slow before the change then maybe your visitors are now getting fed up and bailing out, bouncing out, without bothering to go any further into your site.
even half a second change can make a noticeable difference on page views.

looking at Search Analytics in Google Webmaster Tools show no immediate drop off in Google search clicks, so I do not believe that Google is initially sending less traffic

:: detour to GSC ::

How do you get it to display results for HTTP and HTTPS at the same time? On mine it's one or the other, as if they were two (or rather, four) entirely separate sites, so there's no way to compare, short of downloading the respective tables and looking at them side by side.

@keyplr

not smart. All visitors following backlinks to HTTP pages will get security warnings, eventually being blocked by their browser from ever reaching your site.

Where do they get a warning at the moment? The only parts of these sites that generate warnings are the parts that feature logins (like forums). I have my forums hard-redirected to https, but the majority of my sites do not have any forms or logins. These pages do not generate any warnings.

So, at present, I am blocking less users by not forcing the redirect. The proof is in the bottom line - more page views without the hard redirect.
That said, I've changed all site navigation to absolute https links, for fear of confusing a search engine.

The mistake was changing to https in the first place - I should have simply changed my older sites to https-ready, changing the forums to https and leaving the rest of the site alone (setting a new preferred version in webmaster tools to https).

If the situation changes and browsers start to give warnings on every non-https page, then it will take me all of 2 seconds to upload a new .htaccess file.

Where do they get a warning at the moment?

The browser warns the user of nonsecure content. Depending on which browser is used, the warning is worded slightly different, but something like "Your connection is not secure. This site cannot be trusted..."

There is plenty of information about this in these forums. Every page needs to be secure to avoid the warning, not just LogIn or Buy pages.

Any HTTP (nonsecure) page will cause the browser to give the warning. There's no reason to debate, the information is clear. The warnings will become more blatant going forward.

Any HTTP (nonsecure) page will cause the browser to give the warning. There's no reason to debate, the information is clear. The warnings will become more blatant going forward.

I am sorry, but that is not the current state of play.
The warnings are generated when a user lands on a page with a login. If there are no forms on a page (and even if there are forms such as a search field), then no warning is generated.

Here's a link to Mozilla's latest (that I can see) announcement: [blog.mozilla.org...]

Obviously, this could all change in the future.

Mozilla? Are you only using Firefox to test your pages? While many of us techies like Firefox, the vast majority of all users do not.

The most widely used browser is Chrome, especially on mobile. Then Edge, IE and Safari.

Test your pages in Chrome 59.

BTW - that little "i" inside the circle that Firefox puts up in the address bar instead of the green lock on HTTP pages IS a warning. When the user clicks on it it says your page cannot be trusted.

You're missing it.

All pages tested in Chrome etc. Same there too.

I am not counting that "i" as a warning, since that is unlikely to put users off and many of the most popular (non-login) pages on the web display that.
I am referring to the red warnings that are actually likely to put users off.
There is no "i" at all in Chrome for Android.

A big fat "This page cannot be accessed" is what really concerns me.

If you care more about a little message, that requires a user to click on that "i", than actually preventing real-world users from accessing your site at all, then you are missing the point.

[edited by: glitterball at 9:59 am (utc) on Jul 4, 2017]

It's not me... it's what users expect that's important. By now, users expect the green lock in the address bar and have learned without it the page cannot be trusted.

It's not me... it's what users expect that's important. By now, users expect the green lock in the address bar and have learned without it the page cannot be trusted.

Perhaps you should tell that to the BBC etc.

Until the browsers REFUSE to show HTTP, the web will chug along since users aren't tech savvy, care about privacy, or look at little icons unless they get in the way.

That said, make the change because that day is coming. Waiting will only make the pain that much greater and the recovery of the "ups and downs" will be more severe the later the date of change. new sites starting in HTTPS will have the edge over old sites switching as they start at Zero, Too. (Not really, but it will feel like it)

Tangor you are not serious I hope?

The sole reason that Chrome and Firefox can appear messages that the website you are visiting might not be secure is huge enough to switch to https. In addition since the infancy of online marketing security and guarantee ribbons work, have worked and will continue working. Because people WANT to see them and if they are there they will. Even if they are the size of a small green lock.