Google wants to make the Internet a safer place and has worked hard to improve their own security over the years. Today Google announced they’re taking their dedication to security a step further by making HTTPS a ranking signal.
Google has been running tests over the past few months using encrypted connections as a ranking signal. After seeing positive results, Google will be using HTTPS as a ranking signal going forward.
Google says that, for now anyway, this is a “very lightweight” signal that will affect fewer than 1% of global queries. While Google gives time for webmasters to move over to HTTPS, HTTPS as a ranking signal will carry less weight than other signals such as high-quality content.
Eventually, Google may decide to make HTTPS a stronger ranking signal as a way to encourage all website owners to switch from HTTP to HTTPS “to keep everyone safe on the web.”
In order to make TLS adoption easier, Google will be publishing a best practices guide in the next dew weeks. For now, here are some best practices:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool.
What’s your take on this change? Will you be jumping to move your site over to HTTPS, or do you think there’s nothing to get too concerned about for now? I’m interested to hear your thoughts in the comments section.