Apps & Software

Google search rankings now considers HTTPS encryption

As the dominating global search-engine, Google can create a lot of buzz when it announces even the slightest change to its ranking algorithm, and today it did just that.

With internet users growing more and more concerned with their online privacy, Google has confirmed that it will grant a slight boost in rankings to websites that use HTTPS encryption, over the same site without using the standard security measure.

Google called this “HTTPS everywhere” when the company hosted the Google I/O a few months ago, and today it made a few confirmations on just what that will mean down the road for webmasters.

“We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.” This according to the most recent blog-post on the company’s official site.

Google stated, “we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”

This doesn’t mean that you will jump to the first page, or jump over other sites if you switch, it just means that it will be an improvement over your same site if you are not using it now.

“For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS,” explains Google.

It will become a more significant factor Google warns, “But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

In the coming weeks, we’ll publish detailed best practices (we’ll add a link to it from here) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
Use 2048-bit key certificates
Use relative URLs for resources that reside on the same secure domain
Use protocol relative URLs for all other domains
Check out our Site move article for more guidelines on how to change your website’s address
Don’t block your HTTPS site from crawling using robots.txt
Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!

Posted by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts