Google announced the latest step in its "HTTPS everywhere" initiative in that it will now serve HTTPS versions of URLs by default in its search results.
Google will start crawling HTTPS equivalents of HTTP pages, even when the HTTPS version isn't linked to from any page. When both versions are available and have the same content, Google will choose the HTTPS URL in most cases.
That is if it doesn't contain insecure dependencies, isn't blocked from crawling by robots.txt, doesn't redirect users to or through an insecure HTTP page, doesn't have a rel="canonial" link to the HTTP page, doesn't contain a noindex robots meta tag, and doesn't have on-host outlinks to HTTP URLs.
Google says it will also choose to index the HTTPS URL if the sitemap lists the HTTPS URL or doesn't list the HTTP version and/or the server has a valid TSL certificate.
Last year, Google started giving sites with HTTPS URLs a boost in rankings. This takes things a significant step forward.
"Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification," says Google's Zineb Ait Bahajji. "This is why we’ve been strongly promoting HTTPS everywhere."
The company notes that while its systems prefer the HTTPS version of a URL by default, webmasters should also make things clearer for other search engines by redirecting their HTTP site to the HTTPS version and implementing the HSTS header on their server.
Image via Google