I converted my main site from http to https a week ago and the effect appears to be zilch.

In theory the change, if done correctly, should have no effect at all at the moment. Have you checked every page of your site in a browser like Chrome to make sure the green padlock appears each time?

I've seen a few sites recently which have clearly attempted to convert to https but the padlock hasn't appeared on some pages. When I check the ! (where the padlock should be) it says there is a problem with some of the images - not sure what it means.

adding the https version to google search console might help to speed it all up (as a separate entry to the http version). that's what google recommends on their help pages

Changing protocols to HTTPS has no effect in ranking, except a slight boost promised by Google.

To date, I've switched about 30 sites. Not one lost ranking.

In fact, your traffic should start to increase as your visitors learn their data is secure at your site.

Returning to HTTP (for any reason) is unwise. Your site will eventually become irrelevant: What Will Happen if I Don't Switch to HTTPS? [webmasterworld.com]

Everything was done correctly, even added https to google search console. All locks green. Was there a google algorithm change since September 5th? That's when I have seen a drop in rankings.

Was there a google algorithm change since September 5th?

Ongoing flux

Not sure why some members here keep making dire predictions about what will happen to http sites.

Millions of sites will stay at http, and most likely many of them will continue to prosper for years to come.

@aristotle - I'm aware you are hanging tight to an unsecure web, but this is really a decided issue. The web is changing to secured content. There is no debate.

Why HTTPS Matters [developers.google.com]

The secured web totally applies to sites that deal with person information. All others have a longer period to deal with the transition.

While there are some free certs for https out there, the path forward is to plan for the day the certs are not free. And that has already been decided, too. :)

As for some sites losing ranking on KEYWORDS after switching to https the chorus is silent on that. Some have, many have not. But in any event any RECENT change to a site will take 6 months or more before things settle down. G is fast, but not that fast.

That said, HTTPS is the future, so switching now will get you past any pain (IF ANY) now so you're ready when the web does flip to encrypted REQUIRED. And no one knows when that will happen.

@vphoner
I have also experienced this issue, but have not discovered why it happens to some, but not all sites.

Are your sites hosted on IIS by any chance?

Ours is hosted on IIS, and saw a big traffic drop on swapover day, despite running canonical tags for some time beforehand.

We recovered within 30 days though, in net terms (traffic patterns are different in terms of busiest hours, and busiest pages, and biggest sellers)

Day 0 was a huge traffic drop. Day 1 was the biggest crawl we've ever had. Day 7 was the start of traffic recovery.

Given the leading lights around here stating that https switchover is painless, I have been reluctant to add fuel to the fire on what may very well have been a coincidence (we only have one site). However, I get the impression that Apache is the preferred platform around here, so mention of IIS might be important.

Sites that are doing poorly in google probably have nothing to lose by switching to https. But my static html article sites are doing well, and I would be foolish to take an unnecessary risk by switching them to https at this point, when some people are reporting unexplained traffic losses after doing so.

A week or so ago I looked at the options for switching to https but didn't like any of them. So I'm going to wait and see how the situation develops, both with the options for switching, and the unexplained traffic losses that have occured in some cases. In the long run I still believe that good design and high-quality content will continue to be the most important factors.

If HTTPS is done properly (good cert install, proper 301 Redirect, complete protocol update) I can see just 2 factors that could possibly affect traffic:

• If your pages were getting significant traffic from old browsers using WindowsXP and/or IE6, these browsers do not support HTTPS and will no longer access your site.

• If your server (or host) is not supporting SNI* some browsers may not recognise the cert as being valid and may get scared off by browser warnings.

*Server Name Indication is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process

As far as ranking, there is no logical association between changing protocols and SE ranking, beyond the slight advantage Google has promised for secure pages.

It is usually pretty common to lose some rank while implementing HTTPS, even of done correctly. If you done it properly your positions will return in few days - months, depending on your website (lots of thousands of pages will take more time, obviously).

It is usually pretty common to lose some rank while implementing HTTPS

No it's not common.

In the last 2 years, I have switched about 30 websites to HTTPS and not one lost rank... not one.

Choiceed - where are you getting that opinion? Since you say it is common, you must have a comparative metric you are using. What is it?

I have read many stories of https rank drops. Just google it and you will see.

For those that are not switching, the reason I switched to https is I did not want a big warning "this site is insecure" coming up on all pages, since we are sellling things. Not something that will give confidence to the people on your site. Chrome is half of my traffic, and they are going to start warnings in October, and then even worse ones later on. A sure deal killer.

Drop in ranking still there after about 2 weeks, will update as the situation changes.

I have read many stories of https rank drops. Just google it and you will see.

How many of these "stories" have actually proved to be caused by HTTPS?

Yes, Chrome is probably much higher that half the traffic. Many (most?) stats programs will mistakenly identify Chrome as Safari, since the UA string includes that attribute by default.

Its possible the other browsers will also show warnings. Firefox also shows warnings. I guess its only a matter of time before they all show HTTP as insecure. Thats why I switched, since this is my low time of the year, I have time to recover (I hope) by Christmas.

They (all the major browsers) show warnings already. Chrome leads the movement, but they're all on board. It's a "standard" in the making.

insecure

unsecure :)

There is I believe a filter you go through when you 301 links to https, not all of the links make it through and this causes a drop in rankings. They encouraged everyone to go secure but omitted to tell people there links could then be filtered in the process. Whats rather bizarre is that those who haven't converted to https are enjoying above average serp results due to unfiltered links. Look at ebay for example. And tell me I'm not mad but wasn't Wikipedia more prominent before switching to https............... I am reminded of Admiral Ackbar in Star Wars - "It's A Trap!". However this one has no way out, the non secure banner on results is going to be disastrous for those sites that stay put.

Where are you getting this "filter" information seoskunk? Please post link to authority source.

seoskunk - In your post you seemed to say that http sites are flourishing now but are headed for a downfall later. This caused me to wonder when this downfall will take place.

When does the web switch to https required? About then, I suspect. :)

Where are you getting this "filter" information seoskunk? Please post link to authority source.

I had exactly the same reaction when I read the post. The amount of misinformation and misinterpretation out there boggles the mind.

Possibly, I'm thinking, seoskunk might be thinking of chained redirects, where too long a sequence of 301 redirects might cause a drop in transferred PageRank. As I understand it, at least for http -> https redirects, Google has said that this should no longer be a problem. I'd love to see a reference on that as well as on these fabled "filters".

The incomplete transfer of all ranking factors via 301 is a widely held view. It is implicit in the following types of observations / recommendations (I do not necessarily endorse these positions, merely observe that they are ideas that are exchanged without significant challenge)

1) A penalised site may be recovered by sitting it on a new domain and 301ing the old
2) Chained redirects cause problems
3) Non-penalised site migrations will cause a ranking drop (example1.com/ -> example2.com/)
4) URL restructuring handled by 301 will cause ranking drops (eg /shop.htm?product=9999&name=widget -> /Shop/9999-widget)
5) Subdomain restructure will cause ranking drop (www.example.com/widget -> shop.example.com/widget)
6) Relocating a resource will cause a ranking drop for that resource

I would go as far as to say that the general understanding is that 301 never retains all ranking juice, link or otherwise, except in a https change.

I have never tested 301s for efficacy in transferring rank. Our general view is to structure and restructure as makes sense (via careful planning), and use 301 to retain traffic more than rank. As such, the above observations are merely reflections of opinions I have heard expressed here, usually unchallenged.

You're confusing different things Shaddows.

Google made a very explicit announcement that using a 301 when securing protol has NO negative affect on ranking. It does not treat this like other redirects. You are not redirecting from one page to another page. You are only changing protocols. Google was clear about this.

What's not clear is why you keep insisting otherwise. It simply is not true.

Hmmm, new datapoint.

To support HSTS, use a web server that supports HTTP Strict Transport Security (HSTS) and enable HSTS.

HSTS adds complexity to your rollback strategy. We recommend enabling HSTS this way:

1. Roll out your HTTPS pages without HSTS first.
   
2. Start sending HSTS headers with a short max-age. Monitor your traffic both from users and other clients, and also dependents' performance, such as ads.
   
3. Slowly increase the HSTS max-age.
   
4. If HSTS doesn't affect your users and search engines negatively, you can, if you wish, ask your site to be added to the Chrome HSTS preload list.

[support.google.com...]
[Emphasis mine]

I'm pretty sure we enabled HSTS immediately (not my department). Also, that "If..." implies that HSTS might cause ranking drops.

What's not clear is why you keep insisting otherwise. It simply is not true.

Insisting? I rarely insist.

Indeed, I have been very careful to couch my observations in caveats on this matter.

But to make it "clear" why I am commenting, it is because I have experienced a ranking drop 100% of the time I have implemented https (once). Other people have noted the same. Sharing observations is meant to be the point of professional forums, else why come here?

If I was interested in mindless conformity to high-status individuals, I would just read the SEO blogs

More precisely, you attribute ranking loss to a protocol change. That's the part that is not correct. Google said so.

So if there was a ranking loss, there has to be another, maybe related, reason. Most likely something that was done at your server. What that is needs to be determined.

As far as other reports of lost ranking, these need to be looked at individually. People make many mistakes. People have their pages on various server configs.

Not to derail, but what I said was

I have been reluctant to add fuel to the fire on what may very well have been a coincidence (we only have one site). However, I get the impression that Apache is the preferred platform around here, so mention of IIS might be important.

Now, you are free to misrepresent me; it's a free world. But I did not attribute anything to a protocol change. I indicated the platform might be a common factor, or it might be a coincidence.

I did not say that https causes ranking drops. I merely stated I had a ranking drop that happened when we implemented https.

If I can help others avoid a similar ranking drop, then great.

So if there was a ranking loss, there has to be another, maybe related, reason. Most likely something that was done at your server. What that is needs to be determined.

What a great idea. Now can we get on with that?