Google SSL Default, Goodbye Query Referrer Data

Oct 19, 2011 • 9:20 am | comments (23) by twitter Google+ | Filed Under Google Search Engine

Google SSLYesterday, Google announced they are making Google by default for signed in users, SSL. Meaning, if you are signed into Google and go to, the page will default to https versus http.

Less Than 10% Of Google Searchers Are Signed In?

Google says this will likely only impact less than 10% of the searchers. So in a sense, Google is saying that less than 10% of their users are signed in when performing Google searches?

Google HTTPS

Why Not All Searchers?

So yes, this makes your search query more secure. People searching on public wifi networks or who are afraid someone might sniff out their search query as they do it, can now breath with ease. Again, only if they are logged in. I assume this will be rolled out more broadly to everyone soon enough. But the reason only for signed in users now is because the results are more personalized for signed in users and thus the information is more specific to the user.

Why SEOs & Marketers Hate It

In short, marketers and SEOs are not happy because they search queries will be lost with this. This is how SSL works, when you go from an HTTPS to an HTTP URL, the referrer data drops off. This data is critical for marketers. Knowing what people are searching for on Google that land on your site is mission critical information for marketers and for making better web sites.

Yes, Google Analytics can be integrated with Google Webmaster Tools to get SEO reports in Google Analytics but that only shows you the top 1,000 search queries, aggregated, for a site for the past 30 days. It is not as comprehensive with the long tail as most marketers would want.

Note: AdWords query data will be passed through despite the SSL because they are paying customers.

Other Reading:

I strongly recommend you read Danny's Google To Begin Encrypting Searches & Outbound Clicks By Default With SSL Search and a great piece by Matt McGee summarizing the blogsphere's reaction to this named Reactions From SEOs Come Loud, Fast & Often Angry To Google’s Switch To Encrypted Search. This has a lot of the other coverage, including, see the Techmeme roundup.

Forum Reaction:

So we have many threads with complaints and reaction to it. The threads are from Sphinn, WebmasterWorld, Cre8asite Forums, JohnMu Google + and Google Webmaster Help. Here are some quotes:

So much for controlling access to our sites .... This means not just WHO but HOW.

I'm sad for this update :( ... I feel that keyword data helps webmasters build a better Ux for their users by understanding what their visitors are looking for. Aren't there other ways of anonymizing users who want their data to be protected?

Perhaps I'm missing something, but if this is about protecting users' privacy, Google should also be encrypting the referrer data from visitors coming from paid search. Must be about devaluing traffic from natural search and encouraging more people to use PPC.

But to sum up my first thoughts/feelings after reading the announcement:


That will definitely change the ball game.

Forum discussion at Sphinn, WebmasterWorld, Cre8asite Forums, JohnMu Google + and Google Webmaster Help.

Previous story: Google AdSense Reporting Stuck, Publishers Freak


Jason Duke

10/19/2011 01:31 pm

Barry, you've got a large error on the facts of the change. Even if a receiving site is SSL enabled Google will purposely be breaking the referer string to exclude search query information and will only be breaking it for Organic results not Paid listings. The SSL aspect isn't an issue, but rather a smokescreen - SSL is good, consciously breaking a referer is bad

Barry Schwartz

10/19/2011 01:34 pm

Quoting Danny: "For example, if you used Google Encrypted Search and clicked on a result to come here to Search Engine Land, because we don’t run encryption, the referrer isn’t passed along. But Cutts said that if we did run encryption — or if any site did — they they would get the referrer data passed along." "Google has stressed that this is the way the SSL protocol works in general, to preserve referrer information when moving between two https servers and not any attempt by the company to make Google Encrypted Search somehow less secure. I’d still say that if the new SSL search is going above-and-beyond by blocking some referrers, then Google Encrypted Search should do the same."

Larry Page

10/19/2011 02:09 pm

We offer a $150k a year wonderful Analytics products. All your money are belong to me.


10/19/2011 02:32 pm

where do I sign LOL.... 


10/19/2011 03:16 pm

UGH! Why? The only since this makes is that we will now move to using BING analytics.

Jason Duke

10/19/2011 04:45 pm

Barry, I completely agree with the factual nature of what you posted above... be clear the current is NOT the same service that is being pushed out. I am quoting Danny Sullivan who quotes Matt Cutts at Google Encrypted Search, as Google told me today, doesn’t block referrer data in the way that the new service does,The new service WILL be blocking referer data and that is in no way related to the site becoming SSL only


10/19/2011 05:06 pm

Is it possible for Website Owners to block SSL traffic coming from Google Webtraffic.  Which is an effective way of saying.  Sorry Google No Trespassing - for anonymized visitors.  We like to know who are our customers are to better serve them.  This would eventually make the logged in experience on Google+ very uncomfortable, and affect the user experience from Google.   Business sometimes demand you have a shirt and tie to frequent the establishment.  No Shirt (referer) - No Tie (incoming query) - No Service.

Fraser Cain

10/19/2011 06:20 pm

Hi Barry, and the SERT hive mind...  Will the referrer drop off if you run your website as https as well? Wouldn't the solution to be to switch your own site over to SSL? Even if Google Analytics decides to make that private, wouldn't other stats tools still work, as long as you go from https to https?

Jaan Kanellis

10/19/2011 09:01 pm

Question:  How will the data be bucketed now?  Will it stay in Search or become something else like Direct?


10/20/2011 03:45 am

googles gone giggles

Bob Jones

10/20/2011 06:36 am

After some research, I think there are two possible ways to get around this, and still grab the referrer data:

SEO New York

10/20/2011 11:16 am

Yes, this was a news from Google, and reported that this will continue for some days... Also heard from friends and update that the services were effected with this SSL updation... GMAIL, GOOGLE APs etc... Just waiting and watching effects on SEO and my clients.... 


10/20/2011 12:21 pm

0.005% showing   "not provided"  for me so far.... 


10/20/2011 01:34 pm

Simply sign up for open source or free web analytics tools and you actually own the data instead of giving it to Google so they can screw you.  Also running them on your server will load much faster than GA Here are a couple open source analytics: Piwik Open Web Analytics Second one is very similar to Google analytics


10/20/2011 03:30 pm

this is not a commercial - I am a real life 1 man shop struggling with the same (and even greater problems with google on the local level due to Places and other changes this year) another good source for analytics is Get Clicky, you can also white label it and run it through a sub domain on your server, I use it on all my clients sites now (about 85 sites) - I love and they love it. They get a private link to view their own stats live (who is on now stats) - I can review it live with them on a phone conference too - makes for a much more professional experience than dated / static reports and all the login in / find the right tool issues with goog - plus since they started going for all the  $$ on the local level with Places and all the other chaos going on I see the end is near for them being the organic resource they used to be and I started - and very painfully - extrication myself and all my clients out of goog early this year - GetClicky was one of the product tools that allows me to do that affordably yet increased my service and support levels dramatically for min investment. I prefer to pay anyhow as everyone knows nothing is really free and sooner or later you will pay something big for the services goog and others offer for "free" ...  I also switched my work computers over to Bing and honestly I can see them getting better and better at returning real sites - good ones - on the local level in organic with out all that mess of Places and other ad layouts ...  I would plan ahead for the day when we have 3 se's again and all pulling about 30% of the search - when the 3rd one enters it will drive to more competitive services on all levels - no one can stop goog from getting filthy rich on the assets they own and control now but they have laid the ground work for major competition to enter on all levels - this is typicaly short term self defeating corporate boardroom behavior - happens all the time in all industrys and repeats itself in a cycle over and over - been in the computer industry on the local service level for almost 30 years now and can name 10 or 20 companies who came in, took over adn then owned their market but now are hardly known or are such a small player you never see them much - this is the cycle or corp boardroom behavior. you have to adapt and reinvent your services around the new environment each time they mix it up and the new players come in - it feels and looks to me like we are right on the cusp of that change - we can thank Facebook for shaking the whole thing up as they are who I imagine goog is reacting too - just imagine if FB doubles or triples in size and adds their own search engine as good or better than goog's original organic returns - who would leave FB to go somewhere else? Why would they? This is what looks to me what this climate change is about - limited time to make money - limited time to try and leverage something against FB in end user experience (forget about the webmasters and designers who helped build the empire) ...  your thoughts?

Pawan Panwar

10/21/2011 12:58 pm

itzzzzzzz not gud larry............


10/22/2011 01:23 am

fuckung google! fucking monopoly!


04/09/2012 05:33 pm

There is a work around.

Ron Stauffer

05/09/2012 08:28 pm

So here's where I get confused, and I really don't see the answer to this anywhere: if I put an SSL Certificate on my website, do I now get to keep all referrer data? Or does that not solve the problem? I can't tell if it's really the SSL that's breaking the referrer, or if that's a convenient smoke-and-mirrors answer by Google when in fact they're breaking it on purpose.


07/17/2012 03:12 am

Wait. This is absurd. What Google is saying is: We'll protect your searches, as long as you give your identity to US before you search. HUH? How is that in any way good???

DRM is fascism

08/27/2012 02:15 am

I use extensions to creatively spoof referer to untrusted sites so seoers can get f--d. BFD SSL... as before "safe" tunnel to big pile of data somewhere untrusted and search terms exposed in GET request (@tards: as part of the URL)? That is extra-retarded

DRM is fascism

08/27/2012 02:17 am

Forging referer to untrusted sites == good

Lisa Agostoni

01/22/2013 09:56 pm

It's so backwards. As a consumer, I want my information protected for paying advertisers MORE than anyone else.

blog comments powered by Disqus