Google now prioritising HTTPS pages by default

Google has been advocating that website owners switch their websites to secure HTTPS protocol for some time now. For individual web users the benefit of HTTPS websites is that the connection to them is secure, ensuring privacy and protection from things like content injection attacks.

https secure protocol

To encourage the shift to HTTPS, last year Google started giving HTTPS pages a slight ranking boost in search results.

If you’ve been on the fence about switching, there’s now another reason to make the switch. Yesterday Google announced it is adjusting its indexing system to prioritise HTTPS pages by default.

In making the announcement Google stated it will now crawl HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, Google will typically choose to index the HTTPS URL. In other words, Google is going to consider HTTPS versions of pages as the canonical or definitive version of a page.

It should be noted that Google said it will index the HTTPS version of a page subject to the following:

  • It doesn’t contain insecure dependencies (such as insecure images, includes, embeds, videos and so on).
  • It isn’t blocked from crawling by robots.txt.
  • It doesn’t redirect users to or through an insecure HTTP page.
  • It doesn’t have a rel=“canonical” link to the HTTP page.
  • It doesn’t contain a noindex robots meta tag.
  • It doesn’t have on-host outlinks to HTTP URLs.
  • The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
  • The server has a valid TLS certificate.

Whilst Google now prefers by default the HTTPS version of websites, it recommends webmasters also make this clearer for other search engines by redirecting the HTTP versions of websites to the HTTPS version and by implementing the HSTS header on the web server.

HSTS? Yes, I had to look it up too… According to Wikipedia HSTS  or “HTTP Strict Transport Security” is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers should only interact with it using secure HTTPS connections and never via the insecure HTTP protocol.

Why should you care?

Whilst switching to HTTPS may be a pain to implement in the short term, it’s clearly now favoured by Google and could give you a headstart over slower moving competitors. In addition, a more secure web benefits all of us (except the spammers and scammers).

Click here for more search marketing news.


The latest news about web marketing, SEO, PPC Advertising & Web Analytics. But only the stuff that matters from a New Zealand perspective. Delivered to your inbox each Monday.

If you found this useful, please tell your friends.

About the Author Mark Sceats

Mark is a Partner and Senior Consultant at SureFire which he founded back in 2002. Prior to establishing SureFire he worked for KPMG Consulting. Today Mark heads up SEO, embracing the challenges that can come with complex website implementations. Outside of work, his interests beyond his family are running, snowsports, diving and fishing (badly).

follow me on: