Google to prioritize HTTPS websites over HTTP

In April Google got tough with non-mobile friendly websites, and made it clear that websites that were mobile-friendly were going to be favoured in mobile search. With mobile digital use in the US significantly higher at 51% compared to desktop at 42% (July 2015), which were similar statistics to the UK where 51% are using mobile devices compared to 44% on laptops & desktops (August 2015). Getting tough with how websites were displayed on a mobile device was a great move, and what better way to get website owners to stand up & pay attention, than to threaten their search ranking.

Google are at it again. In August 2014 Google said it was going to start favouring websites with a https over http protocols, by calling for “HTTPS everywhere” on the web, so they started using HTTPS as a lightweight ranking signal. But they warned, that over time they may strengthen it because the wanted to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web".

Well, that time has come. Google very rarely makes idle threats. Today Google announced that Google would be adjusting their indexing system to prioritize secure HTTPS URLs over regular HTTP ones, which will ensure these become more standard in search results. Google will start crawling HTTPS equivalents of HTTP pages, even when HTTPS websites are not linked to from any page.

HTTPS is a more secure version of the HTTP protocol used to connect users to websites, and a necessary measure to decrease the risk of users being vulnerable to content injection (which can result in capturing data, man-in-the-middle attacks, hacking, phishing, content being changed).

When 2 URLs from the same domain appear to have the same content but are served over different protocol schemes, Google will typically choose to index the HTTPS URL if:

• It doesn’t contain insecure dependencies.
• It isn’t blocked from crawling by robots.txt.
• It doesn’t redirect users to or through an insecure HTTP page.
• It doesn’t have a rel="canonical" link to the HTTP page.
• It doesn’t contain a noindex robots meta tag.
• It doesn’t have on-host outlinks to HTTP URLs.
• The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
• The server has a valid TLS certificate.

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool.

Google's aim is to encourage webmasters worldwide to adoption HTTPS, which will provide greater security to users who visit their site.

Thinking that "oh no, Google have done it to me again?", or ready to believe rumours floating around? Google, it seems, has only one reason for doing what it does, as Matt Cutts tells in this video.