If your website URL starts with "http://" instead of "https://", every visitor sees a "Not Secure" warning in their browser. That warning costs you customers and search rankings. Here is what you need to know.
What HTTPS actually means
HTTPS (HyperText Transfer Protocol Secure) encrypts the data between your website and the visitor's browser. This means that any information submitted - contact forms, payment details, login credentials - cannot be intercepted by third parties.
The "S" stands for "Secure", and it is enabled by installing an SSL (Secure Sockets Layer) certificate on your web server. When active, browsers show a padlock icon next to your URL instead of a "Not Secure" warning.
Why Google cares
Google has used HTTPS as a ranking signal since 2014, and it has become increasingly important. In 2026, a site without HTTPS is actively penalised in search results.
Beyond rankings, Google Chrome (which accounts for over 65% of browser usage in Australia) displays prominent "Not Secure" warnings on HTTP sites. For a business website, that warning is a trust killer - especially if you have a contact form or collect any customer information.
The trust factor
Customers have been trained to look for the padlock. Whether they understand the technical details or not, "Not Secure" in the browser tells them this business is either outdated or not to be trusted. Either perception loses you business.
This is especially critical for businesses where trust is paramount - medical practices, law firms, financial services, and any site that handles payments.
How to get HTTPS
Getting HTTPS is straightforward and often free:
1. Most modern hosting providers include free SSL certificates through Let's Encrypt. Check with your host - you may already have one available. 2. If your host does not offer free SSL, you can purchase a certificate for $10-100/year from providers like Comodo or DigiCert. 3. Once installed, configure your website to redirect all HTTP traffic to HTTPS. 4. Update any internal links, images, and resources to use HTTPS URLs. 5. Update your Google Search Console and Google Business Profile with the HTTPS URL.
If this sounds technical, your web developer can handle the entire process in less than an hour for most sites.
Common issues after switching
The most common problem after switching to HTTPS is "mixed content" warnings - where your page loads over HTTPS but some images, scripts, or stylesheets still load over HTTP. This triggers a warning in browsers and partially defeats the purpose.
The fix is to update all resource URLs to HTTPS. A site audit tool like Google Lighthouse (built into Chrome) will identify every mixed content issue on your site.
Also ensure that your old HTTP URLs redirect to their HTTPS equivalents with 301 redirects. This preserves any SEO value your pages have accumulated.