S is for Security: Google’s Newest HTTPS Policy

Google is on a quest to make the web a safer place. The search giant has announced it will henceforth favor pages with HTTPS encryption over their HTTP counterparts when indexing sites. This means that, in the event that your site serves 2 identical pages but one version is HTTP and the other is HTTPS, Google will serve the HTTPS version to users in their search results.

Per Google, HTTPS versions of pages do not even need to be interlinked to your HTTP version in order to be discovered. As testament to their commitment to providing users with the most secure web experience available, they are fully vested in finding the HTTPS versions of your pages and surfacing them to users.

If you are planning on making the change to HTTPS, there are some things to keep in mind, as Google will only value HTTPS pages that:

  • Do not contain insecure dependencies – Insecure dependencies are page elements that aren’t hosted on secure HTTPS servers, like images, videos, includes, etc)
  • Aren’t blocked from crawling by robots.txt – If the page features a directory in its URL that is blocked by your robots.txt file, it will not be included in the index.
  • Does not redirect users to or through an insecure HTTP page – If the URL resolves after redirects as an HTTP URL, or if it leads a user to an HTTP page that then passes them off to an HTTPS page through a redirect chain (multiple redirects), Google will not include it in the index. If you are using redirects, you need to implement a HSTS Header on your server.This ensures that user agents only interact with the HTTPS version of your site.
  • Does not have a rel=”canonical” link to the HTTP page – All canonicals on these pages should be self referencing or should be removed.
  • Does not contain a “noindex” robots meta tag – Featuring a “noindex” robots tag on the page keeps your HTTPS pages out of the index.
  • Does not have on-host outlinks to HTTP URLs – If your HTTPS pages have links on them that lead to other sites that are not HTTPS, they will be discredited.
  • That are featured on the sitemap (without the HTTP version listed) – This call out brings up a very strong question. Does that mean the sitemap for your site should ONLY feature HTTPS URLs or is it ok to have a mix of both? Hopefully, Google will clear this up.
  • The server has a valid TLS certificate – A TLS (Transport Layer Security) Certificate creates a private connection from your servers to the users on your site, so that information can be passed safely and securely.

If your HTTPS pages meet these requirements, they will be awarded priority over your HTTP pages in the eyes of Google.

It is worth noting, however, that in the announcement Google took care to mention that, “this change in indexation will not lead to a rankings boost.” It’s only intended to solidify Google’s preferences for encryption. The “slight boost” received from converting your site to HTTPS would have been received prior to this update, although very few webmasters have reported any sizable ranking impact from changing over.

Regardless of whether or not your site will rise in rankings, it’s important to consider switching to HTTPS to ensure the future of your site’s cyber safety.

« Prev Article
Next Article »