Although no official announcement was made until December, back in August of 2015 Google modified its algorithm to favor HTTPS URLs over HTTP URLs. Websites employing HTTPS are more secure than traditional HTTP websites and HTTPS is likely to be the new standard for site-building moving forward.
The Difference an S Makes
In everyday terms, HTTPS is simply the secure version of HTTP, the protocol that sends and receives information on the Internet. While HTTP does an efficient and reliable job, it wasn’t built in anticipation of security needs. In response, HTTPS was developed.
HTTPS encrypts the communication from your Web browser (Safari, Chrome, Firefox, Internet Explorer and others). This is a pivotal safeguard that ensures that even if the data you enter into a website is captured by a third party or keylogger, it will be useless to them in its encrypted format.
Weak Signal, Vital Future
Although Google currently describes HTTPS as a “weak signal” for SEO ranking, that doesn’t mean it will always be a weak signal. After all, it makes sense that as more sites utilize HTTPS, those that don’t–and are therefore perceived as less secure–will be less desirable destinations.
Perception Is Everything
Sometime in the near future, Google will display a lock overlaid with a red X in the address bar for pages that either don’t utilize HTTPS or whose HTTPS setup doesn’t meet Google’s guidelines. Depending on when you are reading this post, this may have already happened.
This is important to note, because that little red X has the potential to scare away a lot of visitors from your site who may think it’s not a safe destination, or that your site is broken.
How to HTTPS Your Site
HTTPS uses a protocol named Secure Socket Layer (SSL). This is a robust encryption method that protects you when transmitting data to a website. In order to gain the HTTPS designation, you must purchase and deploy a “certificate,” provided by a third party.
This certificate is not a physical piece of paper, but rather a digital marker that uses a third party to prove your website is who and what it says it is. Prices for SSL certificates vary widely, but are generally affordable within business budgets. Godaddy.com offers relatively cheap options, while digicert.com and verisign.com offer highly-regarded (and more expensive) solutions.
Eight Guidelines for HTTPS Rankings
Google will choose to index an HTTPS URL as long as:
- It doesn’t contain insecure dependencies
- It isn’t blocked from crawling by robots.txt
- It doesn’t redirect users to or through an insecure HTTP page
- It doesn’t have a rel=”canonical” link an HTTP version of the page
- It doesn’t contain a noindex robots meta tag
- It doesn’t have on-host outlinks to HTTP URLs
- The sitemap lists the HTTPS URL, or doesn’t list the HTTP version of the URL
- The server has a valid TLS certificate
Embrace HTTPS Now, Be More Visible Tomorrow
By designating your site as HTTPS, you will be well-positioned for a bump in search rankings, however slight. Over time, employing HTTPS will become the default for building new sites, so why not start now? By aligning with Google’s security priority, you’ll be providing a more secure experience for your site visitors and setting your site up for improved search rankings in the future.
(Lawrence Johnson, our Director of Technology, contributed to this informative post.)