When a visitor's browser shows "Not Secure" in the address bar, most people leave — immediately. 8.21% of HTTPS sites still have certificate or redirect problems that trigger this warning.
What HTTPS does
HTTPS encrypts the connection between your website and your visitors. It protects form submissions, login credentials, and any data exchanged. The green padlock (or its absence) is visible to every visitor before they read a single word on your page.
What happens without it
- Visitors see a browser warning and leave — conversion rates drop measurably on the bounce
- Google confirmed HTTPS as a ranking signal in 2014 — HTTP pages rank lower in search results
- Payment pages and contact forms are flagged by browsers as insecure, directly blocking transactions
- Enterprise security questionnaires require HTTPS for any supplier website — missing it fails procurement checks
- HSTS (the next layer of protection) cannot be implemented until HTTPS is working correctly
What fixing it involves
Most businesses need two things: a valid TLS certificate and a redirect from HTTP to HTTPS. Let's Encrypt provides free certificates with automatic renewal. Most web hosts and CDNs (Cloudflare, AWS, Azure) offer one-click certificate installation.
The issues that cause continued failures: expired certificates, certificates issued for the wrong domain name, incomplete certificate chains, and mixed content (some page elements still loading over HTTP). Each requires a different fix.
What your domain scores right now
Run the free DomainScores check to see your current HTTPS and certificate grades alongside 34 other security checks — instant, no signup.
Don't want to do this yourself? Domain Fix from €1,197 — we fix HTTPS, certificates, redirects, and every other failing check. Grade B+ guaranteed, or your money back.