Google has been advocating that website owners switch their websites to secure HTTPS protocol for some time now. For individual web users the benefit of HTTPS websites is that the connection to them is secure, ensuring privacy and protection from things like content injection attacks.
To encourage the shift to HTTPS, last year Google started giving HTTPS pages a slight ranking boost in search results.
If you’ve been on the fence about switching, there’s now another reason to make the switch. Yesterday Google announced it is adjusting its indexing system to prioritise HTTPS pages by default.
In making the announcement Google stated it will now crawl HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, Google will typically choose to index the HTTPS URL. In other words, Google is going to consider HTTPS versions of pages as the canonical or definitive version of a page.
It should be noted that Google said it will index the HTTPS version of a page subject to the following:
It doesn’t contain insecure dependencies (such as insecure images, includes, embeds, videos and so on).
It isn’t blocked from crawling by robots.txt.
It doesn’t redirect users to or through an insecure HTTP page.
It doesn’t have a rel=“canonical” link to the HTTP page.
It doesn’t contain a noindex robots meta tag.
It doesn’t have on-host outlinks to HTTP URLs.
The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
The server has a valid TLS certificate.
Whilst Google now prefers by default the HTTPS version of websites, it recommends webmasters also make this clearer for other search engines by redirecting the HTTP versions of websites to the HTTPS version and by implementing the HSTS header on the web server.
HSTS? Yes, I had to look it up too… According to Wikipedia HSTS or “HTTP Strict Transport Security” is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol.
Why should you care?
Whilst switching to HTTPS may be a pain to implement in the short term, it’s clearly now favoured by Google and could give you a headstart over slower moving competitors. In addition, a more secure web benefits all of us (except the spammers and scammers).
The latest news about web marketing, SEO, PPC Advertising & Web Analytics. But only the stuff that matters from a New Zealand perspective. Delivered to your inbox each Monday.
If you found this useful, please tell your friends.
Mark is a Partner and Senior Consultant at SureFire which he founded back in 2002. Prior to establishing SureFire he worked for KPMG Consulting. Today Mark heads up SEO, embracing the challenges that can come with complex website implementations. Outside of work, his interests beyond his family are running, snowsports, diving and fishing (badly).
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Additional Cookies
This website uses the following additional cookies:
(List the cookies that you are using on the website here.)
Please enable Strictly Necessary Cookies first so that we can save your preferences!