Google has been advocating that website owners switch their websites to secure HTTPS protocol for some time now. For individual web users the benefit of HTTPS websites is that the connection to them is secure, ensuring privacy and protection from things like content injection attacks.
To encourage the shift to HTTPS, last year Google started giving HTTPS pages a slight ranking boost in search results.
If you’ve been on the fence about switching, there’s now another reason to make the switch. Yesterday Google announced it is adjusting its indexing system to prioritise HTTPS pages by default.
In making the announcement Google stated it will now crawl HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, Google will typically choose to index the HTTPS URL. In other words, Google is going to consider HTTPS versions of pages as the canonical or definitive version of a page.
It should be noted that Google said it will index the HTTPS version of a page subject to the following:
- It doesn’t contain insecure dependencies (such as insecure images, includes, embeds, videos and so on).
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=“canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
- The server has a valid TLS certificate.
Whilst Google now prefers by default the HTTPS version of websites, it recommends webmasters also make this clearer for other search engines by redirecting the HTTP versions of websites to the HTTPS version and by implementing the HSTS header on the web server.
HSTS? Yes, I had to look it up too… According to Wikipedia HSTS or “HTTP Strict Transport Security” is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol.
Why should you care?
Whilst switching to HTTPS may be a pain to implement in the short term, it’s clearly now favoured by Google and could give you a headstart over slower moving competitors. In addition, a more secure web benefits all of us (except the spammers and scammers).
Click here for more search marketing news.
If you found this useful, please tell your friends.