This week, Google introduced the webmaster and SEO world to a new ranking signal. Webmasters using HTTPS (HTTP over TLS, or Transport Layer Security) to make their sites more secure will be looked upon more favorably than those that don’t in Google’s search engine.
Do you think Google should use HTTPS as a ranking signal? If so, do you think it should be weighted heavily? Share your thoughts in the comments.
That’s not to say that HTTPS trumps everything else. In fact, the company indicated that it’s a pretty weak signal, at least for now. You can expect it to grow in importance over time.
In a blog post, Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes said, ” For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
As you may know, Google’s algorithm uses over 200 ranking signals to determine what search results to show users. Even if this one is lightweight, just how far down on that list the signal actually falls in terms of significance is anybody’s guess. Perhaps it’s not yet one of the most important, but many of the other signals are no doubt lightweight as well. And it’s not often that Google flat out says that any particular signal will likely increase in weight, so this is something all webmasters better pay attention to.
“Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google,” write Bahaji and Illyes. “Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.”
That refers to Google’s Webmaster Help for Hacked Sites site, which helps those who have been hacked get back on track.
At Google I/O (its developer conference) this summer, Google gave a presentation called HTTPS Everywhere, giving “a hands-on tour of how to make your websites secure by default”. If making your site secure wasn’t a good enough reason to watch that, perhaps Google making it a ranking signal will make it worth your while. You can view it in its entirety here:
Google says it has seen a lot more webmasters adopting HTTPS, and has already been testing it as a ranking signal with positive results.
If your site is already serving on HTTPS, you should be in good shape (as long as your whole site is on it), but you’re encouraged to test its security level and configuration using this tool.
If you’re looking to adopt HTTPS for your site, these are the basic tips for getting started straight from Google:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Google webmaster trends analyst Pierre Far responded to some concerns in a Hacker News thread on the subject. One concern was that Google will treat the HTTP and HTTPS versions of a domain as separate properties.
“That’s not quite accurate,” he says. “It’s on a per-URL basis, not properties. Webmaster Tools asks you to verify the different _sites_ (HTTP/HTTPS, www/non-www) separately because they can be very different. And yes I’ve personally seen a few cases – one somewhat strange example bluntly chides their users when they visit the HTTP site and tells them to visit the site again as HTTPS.”
Another concern was that even if you 301 every HTTP to HTTPS when you transition, all of your current rankings and PageRank will be irrelevant. According to Far, this is simply “not true.”
He responded, “If you correctly redirect and do other details correctly (no mixed content, no inconsistent rel=canonical links, and everything else mentioned in the I/O video I referenced), then our algos will consolidate the indexing properties onto the HTTPS URLs. This is just another example of correctly setting up canonicalization.”
Far, who was involved with the signal’s launch, also weighed in to address what he says is a “very common misconception”:
Some webmasters say they have “just a content site”, like a blog, and that doesn’t need to be secured. That misses out two immediate benefits you get as a site owner:
1. Data integrity: only by serving securely can you guarantee that someone is not altering how your content is received by your users. How many times have you accessed a site on an open network or from a hotel and got unexpected ads? This is a very visible manifestation of the issue, but it can be much more subtle.
2. Authentication: How can users trust that the site is really the one it says it is? Imagine you’re a content site that gives financial or medical advice. If I operated such a site, I’d really want to tell my readers that the advice they’re reading is genuinely mine and not someone else pretending to be me.
On top of these, your users get obvious (and not-so-obvious) benefits.
If your site is in Google News, and you’re concerned about how switching might impact that, Barry Schwartz got this statement from Google’s John Mueller: “I checked with the News folks — HTTPS is fine for Google News, no need to even tell them about it. If you do end up noticing anything, that would (most likely) be a bug and something worth letting the Google News team know about. A bunch of sites are on HTTPS in Google News, it would be great to have more.”
As Schwartz points out, however, some have had issues with switching when it comes to support from Google’s Change of Address Tool in Webmaster Tools.
“In short, when you do a URL change in Google, from one URL to another, i.e. HTTP to HTTPS, you want to use the Change Of Address Tool, as the Google documents clearly say. But it simply does not work from HTTP to HTTPS within Google Webmaster Tools,” he writes.
The general reaction to Google turning HTTPS into a ranking signal has been mixed. Many see it as a positive, but others don’t think it should make a difference if the content is relevant. Some have even suggested the change has already negatively impacted their sites, though such claims are questionable this early into the existence of such a “lightweight” signal.
The fact is, we’re just going to have to wait, and see what happens over time as Google starts to give the signal more weight. By that time, however, it’s probably going to be hard to tell, because it’s doubtful that Google will tell everybody when they crank up the dial.
Is this the right move for Google’s search results? Let us know what you think.
Image via Google