No. Google confirmed HTTPS as a ranking signal back in 2014, but it described the signal, in its own words, as “a very lightweight signal” from the start, and nothing in the years since has upgraded that weighting. For an established site that’s still on HTTP in 2026, which is now a genuine rarity, migrating to HTTPS remains important for security, user trust, and avoiding browser warnings, but it should not be expected to move rankings in any meaningful way on its own, and it should not be prioritized ahead of content quality or link acquisition work.
The mechanism: what Google actually said, and why it’s lightweight
When Google announced HTTPS as a ranking factor, the framing was deliberately modest: it would affect “fewer than 1% of global queries” at the time, and would carry less weight than signals like high-quality content, with Google explicitly stating they’d give it more time to see how content authors adapted before considering any weight increase. That initial framing has held. Google representatives, including John Mueller in various public Search Central discussions over the years, have repeatedly reiterated that HTTPS functions more as a baseline expectation or tie-breaker than as a differentiator: relevant among otherwise-comparable pages, it might nudge one ahead of another, but it does not compensate for weaker content or a thinner backlink profile, and it never overrides those larger factors.
There’s also a simple structural reason HTTPS carries little differentiating power today that it may have carried a decade ago: near-universal adoption. When HTTPS was newly announced as a signal, a meaningful share of the web was still on HTTP, so the signal had real discriminating value between sites. Now that HTTPS is effectively the default across the web, encouraged by browser vendors flagging HTTP pages as “not secure,” pushed by hosting providers offering free TLS certificates, and required by many modern web platforms and APIs, virtually every competitive site in virtually every niche is already using it. A signal that nearly everyone satisfies stops functioning as a useful differentiator between competing pages, because it no longer separates the field.
Why “lightweight” doesn’t mean “worthless”
None of this means HTTPS doesn’t matter at all, it means its value has shifted almost entirely away from rankings and toward user trust, security, and functional necessity. Browsers actively warn users when a page collects information over an insecure connection, which affects conversion and user trust independent of any search visibility. Certain modern web capabilities and APIs are restricted to secure contexts entirely, meaning an HTTP site may simply be unable to use certain browser features regardless of SEO considerations. And from a pure security standpoint, unencrypted HTTP traffic is vulnerable to interception and tampering in ways that matter for any site handling any kind of sensitive interaction, which is most sites.
What to avoid claiming
There’s no verifiable specific ranking-boost percentage attributable to HTTPS, and any figure claiming otherwise (“HTTPS gives you a 3% ranking lift,” or similar) should be treated as fabricated, since Google explicitly declined to quantify the signal’s weight at any point and has consistently described it only in relative, qualitative terms (“lightweight,” “less than other signals”). The same skepticism applies to case studies circulated in SEO content claiming a specific site “jumped X positions after migrating to HTTPS.” Migrations are rarely isolated events, they frequently coincide with broader site redesigns, technical cleanups, or content refreshes, any of which could plausibly explain an observed ranking change far more than the protocol switch itself. Attributing a ranking change cleanly to HTTPS alone, absent a controlled comparison, is a correlation-causation error dressed up as a case study.
Why this question keeps resurfacing despite a decade-old answer
Part of why “does HTTPS help rankings” persists as a live question, even after Google settled it in 2014, is that the underlying advice, migrate for security and trust reasons, sounds unsatisfying to teams looking for a lever that moves rankings directly. It’s also fed by survivorship bias in observed correlations: sites that are well-resourced enough to prioritize technical migrations like HTTPS also tend to be well-resourced in content and link-building generally, which can create a spurious correlation between “sites on HTTPS” and “sites that rank well” that has nothing causally to do with the protocol itself and everything to do with the kind of site that invests in infrastructure broadly.
There’s also a real difference between “is this a ranking factor” and “does neglecting this create risk.” HTTP sites in 2026 face compounding non-ranking costs: browser warning labels that erode click-through and trust the moment a user lands, incompatibility with newer web APIs and features that increasingly assume a secure context, and the general perception among users and potential linking sites that an HTTP-only presence is neglected or outdated. None of that is a ranking signal in the algorithmic sense, but it can indirectly suppress the organic performance an established site would otherwise achieve, not because Google penalizes the protocol, but because the downstream user behavior (bounce rate, trust, willingness to link) responds to the insecure-connection warning regardless of what the ranking algorithm does with it directly.
A worked example of misallocated priority
Suppose an established regional retailer, still on HTTP in 2026 for legacy reasons, has a leadership team debating whether to fund an HTTPS migration project or a content-and-link initiative targeting its weakest product categories, with budget for only one this quarter. If the team frames the HTTPS migration as “worth doing because it will boost our rankings,” they’re likely to walk away disappointed: rankings for competitive terms are unlikely to move meaningfully, because every serious competitor in the category has already been on HTTPS for years, so the migration closes a gap against competitors rather than opening an advantage over them.
The more accurate framing values the same migration for a different reason entirely: eliminating the browser “not secure” warning that’s plausibly suppressing conversion and trust on every page with a form, and unlocking modern browser APIs the site currently can’t use. Meanwhile, the content-and-link initiative targeting weak product categories is where the actual ranking movement is realistically going to come from. Funding both eventually makes sense, but treating the HTTPS project as the ranking lever and deprioritizing content work on that basis would be prioritizing based on a mechanism Google described as lightweight from 2014 onward, not on where the evidence says ranking movement actually comes from.
Practical implication for an established site
If a legacy site somehow remains on HTTP, migrating is still worth doing, but the business case should be framed around security, user trust, browser-warning avoidance, and access to modern web functionality, not organic ranking improvement. An established site deciding where to allocate limited SEO resources should treat HTTPS migration (if not already done) as necessary table-stakes maintenance to complete once and move past, not as an ongoing lever to pull. The actual ranking-moving work for an established site remains where Google’s own signal-weighting has consistently pointed: content quality and depth, genuine topical authority, and a backlink profile that reflects real earned relevance. Prioritizing an HTTPS migration project over a content or link initiative, on the theory that it will move rankings more, misreads what Google has said about the signal’s weight from the very first announcement onward.