Google Rewards Site Security

Stephen Yagielowicz

LOS ANGELES — Google has announced its inclusion of the HTTPS protocol as a ranking signal, intended to reward those sites that focus on security and transparency.

According to Google, security is a top priority for the company, with the search giant having adopted the more secure HTTPS protocol (also known as HTTP over TLS, or Transport Layer Security) over the far less secure HTTP protocol for its in-house use.

“We invest a lot [of money] in making sure that our services use industry-leading security, such as strong HTTPS encryption by default,” says a Google Webmaster Trends analyst. “That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.”

To help its ongoing security efforts, Google has created resources that help webmasters prevent and fix security breaches that threaten their sites.

“Beyond our own stuff, we’re also working to make the Internet safer more broadly,” the analyst added. “A big part of that is making sure that websites people access from Google are secure.”

The company notes that it has seen a growing number of webmasters adopting HTTPS on their websites, which is encouraging, but it wants to go even further, announcing at Google I/O several months ago that it wants to see “HTTPS everywhere” on the web.

“For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms,” the analyst states. “We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal.”

Google explains that it does not yet give tremendous weight to this ranking signal, which it says affects fewer than one percent of global search queries, confiding that it carries less weight than other signals such as high-quality content. The writing is on the wall, however, with the low priority given to HTTPS potentially strengthened — a move intended to give webmasters time to switch their sites over.

“Over time, we may decide to strengthen [the weight of HTTPS as a ranking signal],” the analyst added. “We’d like to encourage all site owners to switch from HTTP to HTTPS to keep everyone safe [online].”

Google notes that in the coming weeks, it will publish detailed best practices to ease TLS adoption while helping webmasters to avoid common mistakes. In the meantime, the company offers some basic tips — including advising webmasters to choose a 2048-bit key certificate of the type they need — whether it is for a single domain, multi-domain or a wildcard certificate.

Other tips include using relative URLs for linked resources residing on the same secure domain to boost the site’s performance, while protocol relative URLs should be used for resources on all other domains (i.e. use http:// for insecure sites and https:// for secure sites supporting this protocol).

Google offers tips on moving sites (such as from http:// to https://) while maintaining search rankings, and also advises not to inadvertently block HTTPS sites from being crawled by using the robots.txt file.

“Allow indexing of your pages by search engines where possible [and] avoid using the noindex robots meta tag,” the analyst concluded, adding, “We hope to see more websites using HTTPS in the future, [so] let’s all make the web more secure!”

If you are concerned about your site’s ranking in Google’s search results, then the analyst’s advice is well worth taking.