Google Confirms HTTPS Has Priority in Search Results
It has been a minor part of the SEO toolbox for a number of years, but a recent notice from Google confirms HTTPS has priority in search results, and that the secure system is now preferred over the standard unsecured version.
The announcement (made on the Webmaster Central blog on 17th December), that may have slipped past people who were beginning their ‘Christmas countdown’, confirmed the beliefs of many in the SEO community by announcing that the search giant had “started giving a slight ranking boost to HTTPS URLs in search results.”
Why Prioritise HTTPS over HTTP?
HTTPS is great for internet users as it allows them to keep their privacy from end to end. Whilst not immune to hacking, it greatly lessens the probability of eavesdropping, man-in-the-middle attacks and other forms of unauthorised data interception and modification.
For Google, the move to promote the HTTPS-based web over the insecure version is a simple choice: It is harder for sites to get proper https certificates. Due to the verification protocols of certificate issues, it is virtually impossible for fraudulent sites to obtain the necessary paperwork.
Outside of fraud, it tends to follow that a site that has taken the effort to secure itself is likely to have better quality content than those that do not. To use a domestic analogy, few people padlock their rubbish bin, as it contains nothing of value. From an E-Commerce prospective, it also demonstrates to Google that the site values the privacy of its customers and potential customers.
For the ‘Big G’ there is an added advantage. HTTPS can be used to allow the service to be safe for users in restrictive regimes around the world. The ability of the site to secure communications between customers and its servers can reduce the possibility of identification. Considering that Google left the huge developing market of China due to censorship, the privacy of users (at least from Government), and protecting the physical and financial security of their users (and their own reputation) from potential harm is obviously a key issue.
What Does the Move to HTTPS Mean for SEO?
Google will index the https rather than HTTP as long as:
• It doesn’t contain insecure dependencies.
• It isn’t blocked from crawling by robots.txt, noindex tags etc.
• It doesn’t redirect users to or through an insecure HTTP page.
• It doesn’t have a rel=”canonical” link to the HTTP page.
• It doesn’t have on-host out links to HTTP URLs.
• The sitemaps lists the HTTPS URL or doesn’t list the HTTP version of the URL
• The server has a valid TLS certificate
How Do I Begin to Move to HTTPS Mode?
Obviously, to benefit from this, you will need to have a site that runs in HTTPS mode and is hosted on a powerful enough server to ensure there is no lag in the encryption/decryption process.
To get the server certificate, contact an issuing authority. Good deals on HTTPS Certificates can often be obtained from your hosting provider or domain registrar.
There are methods of getting the certificate for free (see this arstechnica article) However, it makes sense to pay for something if you are relying on your site as part of a business.
If you are moving over to the new protocol, make sure to 301 redirect your current HTTP pages to the new HTTPS versions.
To ensure that secure site is indexed as the first choice you can implement the HSTS protocol to the site headers. This web security policy allows web servers to declare that web browsers should only interact with it using secure HTTPS connections.
Whilst the benefit has been small up until this point, the new announcement will spur development of a more secure web, meaning it is definitely time to change.