Google’s Next Steps: Indexing HTTPS over HTTP to Prioritize Trust

By January 28, 2016No Comments

Google_295x175By: Nyambura Mbugua & Mike Levin

To make it more difficult for hackers and others to track users, Google has been urging sites to incorporate the use of HTTPS pages. The company announced its intent to display the HTTPS versions (when available) in the search results in preference to their non-secure equivalents. This is not to say that HTTPS is a relevancy-signal, but rather it is an indicator of trust, consistent with Google’s ongoing focus on the best possible user experience.

Nonetheless, it’s a clear message that a move to HTTPS should be as thorough as possible.

Here’s how Google explains it:

“Today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages… Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page… When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL.”

There are many circumstances that enhance the likelihood of the secure version being served:

  • It doesn’t contain insecure dependencies.
  • It isn’t blocked from crawling by robots.txt.
  • It doesn’t redirect users to or through an insecure HTTP page.
  • It doesn’t have a rel=”canonical” link to the HTTP page.
  • It doesn’t contain a noindex robots meta tag.
  • It doesn’t have on-host outlinks to HTTP URLs.
  • The sitemap lists the HTTPS URL or doesn’t list the HTTP version of the URL.
  • The server has a valid TLS certificate.

This change will not place HTTPS pages higher in rankings, but will ensure that more of the HTTPS pages get crawled and are the more likely version to be displayed in search results. The announcement states the indexing preference will be provided to identical pages making use of a HTTPS URL—this does not mean that HTTPS URLs will be always prioritized.

If HTTPS is not implemented properly, such as mixing security-context for images (loading them from a non-secure source on a secure site), the HTTPS version may not be chosen as the preferred landing page. On the whole, Google would prefer to put a web visitor onto a secure page for the improved user experience implied by the confidence of a secure experience.

What this means for marketers is that the move to HTTPS should be thorough and complete, leaving none of the usual mistakes that often accompany it. These mistakes are generally brought to your attention through browser warnings, so a thorough spot check of your site before releasing the secure version should avoid these issues, making your HTTPS pages serve well in results.

This move to index HTTPS over HTTP shows how far Googles plans to go to promote a secure web experience—similar to their preferential treatment of mobile friendly sites. This also implies that it does not treat the move to HTTPS like a complete site migration, with all the issues of changing URLs.