Guidelines for switching to HTTPS

HTTPS (HyperText Transfer Protocol Secure) is an extension of the HTTP protocol. It significantly reduces the risk that personal data (usernames, passwords, bank card numbers, and so on) could be intercepted, and also helps prevent content substitution, including ad replacement, when loading the site.

Before sending data, information is encrypted using the SSL and TLS cryptographic protocols. To use the HTTPS protocol, you need to get a certificate, configure your site's server and make changes to the site.

  1. Step 1. Obtain and install the SSL certificate on the server
  2. Step 2. Change internal links on the site
  3. Step 3. Check if the site can be accessed via HTTPS
  4. Step 4. Set a redirect or specify canonical URLs
  5. What to do next
  6. FAQ

Step 1. Obtain and install the SSL certificate on the server

SSL certificates differ in the level of verification:

Certificate Description Legal entity Individual
DV (Domain Validated) Confirms the domain
OV (Organization Validation) Ensures that the domain belongs to a specific company
EV (Extended Validation) Requires advanced verification of a legal entity and is included in the global financial industry standards
Certificate Description Legal entity Individual
DV (Domain Validated) Confirms the domain
OV (Organization Validation) Ensures that the domain belongs to a specific company
EV (Extended Validation) Requires advanced verification of a legal entity and is included in the global financial industry standards

The choice of certificate may also depend on the number of sites it is needed for:

Number of sites Certificate Note
One domain All certificate types can be used For a site with or without the www prefix
Multiple domains A pre-determined limited list of URLs
Subdomain DV (Domain Validated)
Number of sites Certificate Note
One domain All certificate types can be used For a site with or without the www prefix
Multiple domains A pre-determined limited list of URLs
Subdomain DV (Domain Validated)

The SSL certificate is issued by the certificate authority. There are several recognized centers. Check with your hosting provider to find out which ones they work with.

After you install the certificate, set up your server. You can usually get the instructions for certificate installation and server setup from the hosting provider.

Step 2. Change internal links on the site

If a site that uses HTTPS has HTTP links to internal pages or files, then browsers, search engine robots and other services consider the site insecure. They may notify users of this.

Change the HTTP protocol to HTTPS in the following places:

Note. You can make internal links to pages and files relative (without specifying a domain). For example, you can change the link http://example.com/page/ to /page/.

If your site has links or ad blocks that lead to resources that use the HTTP protocol, web analytics systems may not consider your site as a traffic source. To identify the source correctly, add the referrer meta tag in the HTML code of the pages:

<meta name="referrer" content="origin"/>

The origin value passes the protocol and domain.

Step 3. Check if the site can be accessed via HTTPS

Open your site in the browser with the URL that looks like https://example.com. If the settings are correct, the page will load and the browser will notify you of the secure connection. Check other site pages the same way. For example, in Yandex Browser the connection status icon looks like this:

For more information about connection statuses, see Help for Yandex Browser.

Step 4. Set a redirect or specify canonical URLs

Redirect
Use a redirect with the HTTP code 301. For more information, see Moving a site.
Canonical URL
Add a link to the pages on the new site with the rel="canonical" attribute in the HTML or in the HTTP header of every page on the old site.

This allows you to transfer certain accumulated metrics (such as original texts and external links) to the new site URL.

What to do next

The robot learns about the protocol change the next time when it crawls the site. To speed up detection of changes, add both site versions (HTTP and HTTPS) to Yandex.Webmaster and let us know that the site needs to be moved. For more information, see Moving a site.

FAQ

Does the HTTPS protocol affect site ranking?

Yandex tries to take into account all data related to site quality. Security is important for users, and the use of the HTTPS protocol is one of the security indicators. By choosing the secure protocol, the site owner protects the user's data. This can influence the ranking.

Is there a risk of losing traffic after moving?

According to Yandex research, traffic levels remain the same if you follow the above recommendations when moving to HTTPS.

What will happen to my regions from Yandex Business Directory?

When moving you need to set the regions again. You can set one region for each site through Yandex.Webmaster and an unlimited number of branches in the Yandex Business Directory.

Yandex.Webmaster doesn't have information about the HTTPS version of the site
Add the HTTPS site to Yandex.Webmaster and verify your rights to manage it. For more information, see Quick start.
HTTPS version appeared in the search results and now the browser warns of a possible unsecure connection
Your site is most likely available over both HTTP and HTTPS. To ensure that only the HTTP version remains in the search, use these instructions.