HTTPS is HTTP over TLS (Transport Layer Security), the encrypted variant of the HTTP protocol. Modern browsers display a lock icon for HTTPS-served pages and a "Not Secure" warning for plain HTTP. Required for modern browser features (Service Workers, Push API, WebAuthn, geolocation) and a non-negotiable SEO baseline.
Google has used HTTPS as a ranking signal since 2014 and has progressively elevated its weight. Plain-HTTP sites in 2026 rank measurably lower across all queries, and Chrome's Not-Secure warning destroys conversion rates on commercial pages.
For SEO, the migration checklist is: install a TLS certificate (free via Let's Encrypt), redirect HTTP to HTTPS server-side (301), update all internal links to absolute HTTPS URLs, update Search Console with the HTTPS property, update sitemap.xml URLs to HTTPS, check for mixed-content warnings (HTTPS pages loading HTTP resources), and update canonical tags to HTTPS.
For AEO, HTTPS is part of the floor — AI engines treat plain HTTP as a quality signal regression and crawl less aggressively. There is no scenario in 2026 where shipping plain HTTP is acceptable for a commercial site.