It’s not often that Google tells you exactly what their ranking signals are. In 2014, however, we got to peek into one of the newest algorithm updates — “HTTPS as a ranking signal.”
We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
Obviously, when Google makes a change like this, SEOs and webmasters need to pay attention. Here are the top 8 things you need to know about Google’s stance on HTTPS.
The changes that you make, or don’t, will have a significant impact on your site’s future and present success.
1. Google Loves Security
Google loves security, hates spam, and is going to do everything that they can to ensure that the search world lives by those standards.
HTTPS encryption is one such move towards security. The s at the end of the HTTP stands for “secure” meaning that the server is using a SSL/TLS protocol (Transport Layer Security and Secure Sockets Layer) over top of the traditional hypertext transfer protocol. The addition of this layer of security means that all data transferred during a given session is encrypted.
It’s harder for hackers and technology thieves to steal information in such transfers. It gives users the assurance to use their credit card, send confidential emails, or fill out informational forms online.
In other words, it’s all about security. Many webmasters and SEOs groan over the heightened security. Issues like this make it harder for us to mine the data that we use to enhance our websites. For example, Google’s stance on Results (Not Provided) in Google Analytics sent marketers into a tailspin.
This was just one of the early indications that Google was moving toward a more secure web experience for everyone. In the wake of modern security breaches and increased hacker activity, perhaps it makes sense.
2. Google Prefers to Rank Sites With HTTPS Encryption
This is the most obvious takeaway, and is worth repeating. Sites with HTTPS encryption will, assuming all other things are equal, rank higher. It’s hard to know exactly how this trend is appearing currently, but we see suggestions of it in the SERPs.
For example, my query on “conversion optimization software” returned the following two top organic results. The sites are approximately equal in authority and page-specific linkbacks. The second site, in fact, has a domain authority of 69. The first site has https in place, while the second does not.
Coincidence? Maybe, but this is the type of result we should learn to expect in the SERPs. Secure sites will start to outrank unsecured sites.
3. User Behavior Could Impact Your Rankings
One subtle way in which Google influences the SERPs and users is by indicating which sites are secure and which aren’t.
Google provides this information directly in each search result entry. Any site with a secure protocol layer has https:// in the URL line. Sites without encryption do not have the http:// preceding the URL.
This isn’t a huge deal as SERPs go. For the safety-conscious user, however, it does make a difference. Remember that Google uses two user-based signals in its search algorithm: dwell time and click-throughs.
By sharing with the user which sites are secure and which aren’t, Google is showing users which sites that they might prefer to click-through and dwell on. Better activity on two factors will, in turn, improve that site’s rankings.
4. Go For Content Improvement
This is straight from Google, and I hear Matt Cutt’s influence behind it:
[The HTTPs signal carries] less weight than other signals such as high-quality content.
Nothing has dethroned content and the emphasis upon quality. If you are cash-strapped and resource low, you may be wondering ‘Do I really need to add encryption to my website?’
It depends. Changing to HTTPs isn’t going to give you a meteoric rise in the SERPs. You would merely be complying with one of Google’s stated preferences. And that’s okay.
The one thing that will move the needle on your rankings is content. If you have to decide between improving security and improving content, go for the content.
5. Consider Switching to HTTPS by the Middle of 2015
Google is probably not going to tell us when (or if) they tighten up HTTPS algo again. It will probably be mixed in with one of the 300+ algo changes they make over the course of a given year. All they said was this:
We [want to] give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
How much time will they give webmaster’s to switch to HTTPS? It’s anyone’s guess. I think they will take at least one year to revisit this specific feature of the algorithm. Since the original HTTPS algo change was rolled out on August 6, I would advise webmasters to have their new encryption in place by about the same time in 2015.
6. Google Doesn’t Mind if Encryption Slows Down Your Site Speed (A Little)
Some webmaster may wonder, “But won’t extra encryption levels slow down the transfer speed for users? Will this affect site speed?”
The answer is: yes, maybe. A TLS handshake imposes several new layers of transfer in the exchange. Here’s what it looks like for a TLS handshake:
Even though we’re talking about a few hundred milliseconds in time difference, those milliseconds do matter when measuring the legion of transfers in a webpage waterfall.
Thankfully, there are ways to enhance your security without sacrificing web performance. The great article from Billy Hoffman at the Moz Blog is a helpful discussion of the issues at play.
The bottom line is that Google will most likely prefer a secure connection over a half-second difference in load time. As long as that extra site speed is for good reason, then you shouldn’t worry. While you should do everything you can to minimize your load time, don’t let this keep you from adding security to your site.
7. Test Your Site to See How Secure It Is
Google recommends that you use the SSL Server Test from Qualys to test your site’s SSL configuration.
You can enter your domain (or the domain of any website), and get results in just a couple of minutes.
If you’re scoring a C or above, you’re doing okay.
8. Keep Your URLs in Order
Adding that little “s” in your URL changes things. Most notably, it changes your URL. When URLs change, it means that you need to start looking at 301 redirects in order to map all the non-HTTPS URLs over to the new system.
“If not done correctly, this update in security can actually have the opposite effect and can negatively impact your site’s search engine rankings.”
Since my focus in this article is on SEOs, I’ve eliminated some of the technical best practices for HTTPS encryption. I recommend giving this information from Google a quick read to make sure you know how to advise developers and webmasters on the encryption process.
The bottom line is Google considers site security and encryption to be important enough to warrant a ranking change. This means we as SEOs must be aware of the influence of security, and take measures to secure our sites if at all possible.
What is your view on HTTPS encryption? Do you think it’s worth investing the time and money to make the change?
Editor Note: Neil was the opening speaker for our SEJ Summit in Santa Monica this year. Want to learn more from speakers like him at our Summits throughout the year: in NYC, Chicago, Dallas, San Francisco, Miami, and London? Sign up for a FREE ticket, covered by our partner, Searchmetrics.
Featured Image: Pavel Ignatov via Shutterstock
All screenshots taken January 2015