More Than 50% of Web Traffic is Now Encrypted

12
photo credit: Chris Anderson

In October 2016 Mozilla Telemetry showed more than 50% of page loads were encrypted with HTTPS. This week Let’s Encrypt is reporting that more than 50% HTTPS page loads is now the norm, a major milestone for HTTPS adoption across the web.

Google’s Transparency Report shows similar numbers for HTTPS usage, confirming that secure browsing has become the norm. Google found that HTTPS is less prevalent on mobile devices than desktop but the percentage of pages loaded over HTTPS is steadily on the rise across the board.

The launch of Let’s Encrypt, the new free and open certificate authority, is one of the main factors causing the rapid rise in secure traffic. Thanks to sponsorships and partnerships with hosting companies and services, Let’s Encrypt closed out 2016 with more than 20 million active certificates.

Google’s influence has also been one of the driving factors in HTTPS adoption after the search engine announced in 2014 that it was starting to use HTTPS as a ranking signal. As of 2017, Google Chrome is adding a prominent security warning for HTTP sites.

Throughout 2016 many major publications moved to HTTPS, including the Guardian, Washington Post, Wired, Engadget, Ars Technica, and New York Times, to name a few. Nearly all of them publicly documented the challenges and triumphs of their HTTPS transitions.

In July 2016, security researcher Scott Helme crawled the Alexa Top 1 million sites to measure how security is progressing on the web. In his previous scans, which included August 2015 and February 2016, the top million sites saw a 42% increase in HTTPS adoption. Helme’s July 2016 crawl showed a 46% increase from February 2016.

Despite the overall growth, the number of HTTPS-enabled sites is just 13.75% of Alexa’s top million. However, these are the sites that serve the most traffic: Google, YouTube, Facebook, Amazon, and others. These results are consistent with Electronic Frontier Foundation’s (EFF) reports that HTTPS adoption is growing the fastest with smaller, previously-unencrypted sites.

Let’s Encrypt’s launch has also had a ripple effect on commercial certificate authorities who are now moving to offer domain validated SSL certificates for free in order to promote their other security products. Symantec is now partnering with hosting companies to issue free certificates as part of its Encryption Everywhere program. Comodo also announced a partnership with cPanel in December 2016 to automatically issue SSL certificates at no additional costs to consumers via cPanel’s AutoSSL feature.

Securing half the web’s traffic is a major landmark on the road to a fully encrypted web, but encryption advocates will need to continue educating website owners on the benefits of making the switch to HTTPS. With the necessary infrastructure now in place for anyone to get an auto-renewing SSL certificate for free, Let’s Encrypt director Josh Aas is optimistic about progress on the remaining 50% of the web.

“As exciting as 2016 was for encryption on the Web, 2017 seems set to be an even more incredible year,” Aas said “Much of the infrastructure and many of the plans necessary for a 100 percent encrypted Web really solidified in 2016, and the Web will reap the rewards in 2017. Let’s Encrypt is proud to have been a key part of that.”

12 Comments


  1. Lots of hosts are offering free LetsEncrypt via cPanel, which makes it easy to activate.
    WordPress dot org should use this as a metric when recommending hosts.

    Report


  2. We are using ssl from lets encrypt and our search ranking is increased. Is there a way to track ssl visitors in Google Analytics ? They are showing (not set) & (not provided).

    Report


  3. I bet Comodo are gutted Let’s Encrypt came about and with it’s easy to use Plesk add in it’s deffo a winner!

    Report


    1. As far as I know, Comodo and cPanel already joined forces to enable automated SSL Encryption. But I agree that Let’s Encrypt is the winner so far.

      Report


  4. That is really great. But the sad news is there are still many weird hosts who will not support Lets Encrypt. They are still looking for making some extra bucks out of selling SSL certificates. Very unfortunate for us :(

    Report


  5. I have lets encrypt installed, but my site is also still accessible through http.

    What is best? Redirect all traffic to https? And how? What’s the (SEO-)safest way to do this?

    I can’t seem to get those questions cleared up?

    Report


    1. Is the site indexed in Google and Bing as HTTP or HTTPS?

      Report


    2. I would definitely recommend the entire website be moved to HTTPS with proper redirects set up for pushing all HTTP traffic over to HTTPS.

      Google is moving more and more towards HTTPS and as of this month started sending our warnings to webmasters for what they considered violations for non-compliance.

      Be ahead of the game and move to HTTPS now!

      PS: Search Engine Land, Yoast, and Moz should all have good articles on maintaining SEO with HTTPS moves.

      Report


    3. You can force your site to redirect from http to https in 2 ways.

      Use a WordPress HTTPS plugin https://wordpress.org/plugins/wordpress-https/

      Update rules in your site’s .htaccess file
      https://help.dreamhost.com/hc/en-us/articles/215747758-How-do-I-force-my-site-to-load-securely-with-an-htaccess-file-

      Update Google Analytics
      =======================

      First update settings at:
      https://analytics.google.com

      Go to ADMIN, select property and then change the http:// to https:// for the Default URL at:
      PROPERTY/Property Settings
      VIEW/View Settings
      Then go to WordPress and change Google Analytics Settings:
      First: Clear Authorization
      Then: Reauthorize again and check that General Settings\Default URL: start with https://
      Save the changes.

      Report


  7. When we moved some of our clients to SSL, the initial indexing was sluggish. But once the pages were indexed, we have seen traffic growth upto 100%

    Report

Comments are closed.