We all knew it would only be a matter of time before Google began weighting sites that were using HTTPS a bit higher than non-secure sites. Matt Cutts had hinted about it and Google has been stressing the importance of the secured web for quite some time, so many webmasters were being proactive about the possibility. And it looks like that is about to pay off.
Google announced they have been testing giving a new signal that gives a slight boost to secured sites in the Google search algorithm and have now made it live for the search algorithm.
1% Affected… For Now
The boost is currently only affecting about 1% of all search queries, although they didn’t detail what market areas are affected. This leads me to believe they are either targeting higher profile sites that collect personal information – such as banks or government sites – or they are targeting markets that tend to be highly spammed, in hopes it might give a boost to legitimate sites while giving some spammier quality sites a knock down.
Google does stress that it is only given a very lightweight boost, and other influencing factors such as quality content are given much more weight in the algorithm. But they state that they can ramp up the weighting of HTTPS sites in the future, which is they might do in the future.
However, it should be stressed that content sites SHOULD get secured (read: HTTPS as Ranking Signal Affects Content Sites Too)
For those serving both HTTP and HTTPS, if you are using canonical rel= to prioritize the non-secure versions of the URLs, then Google will not see this site as being indexed with HTTPS for this ranking boost. You need to ensure you are using canonical rel= on the https version instead.
Does Certificate Type Matter?
The type of key used doesn’t seem to influence the rankings at this point, but John Mueller states “the type of certificate doesn’t play a role at the moment. AFAIK new certificates have 2048 bit or more keys anyway. If you have something with a shorter key, I’d recommend replacing that regardless of this. You don’t need an EV certificate for this.”
Will Google Become a Certificate Reseller?
But with Google moving into the domain market, it does make you wonder if Google might plan to offer secure certificates in the future, especially if it came with an easy validator that was incorporated into Google Webmaster Tools. As it is, many webmasters are uncertain about how to go about finding and using certificates. But with it giving a boost in the algo – and especially with the potential of it getting stronger in time – webmasters are going to need a crash course in the world of certificates and making their website’s secure.
Best Practices for Switching to HTTPS
Google has some recommended best practices for webmasters who are planning to make the switch to HTTPS
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
If you have a secure server already, you can use this Google recommended checker to ensure it is working correcting.
Latest posts by Jennifer Slegg (see all)
- Google: Value (or Not) of Doing Link Audits - September 20, 2017
- Google Indexes AMP Version for Mobile First When No Regular Mobile Page - September 19, 2017
- Google: Ranking Fluctuations With a Site Redesign - September 19, 2017
- Still No Plans for a Google Penguin 5.0 Update - September 18, 2017
- Google Penguin Fine Tuned After Real Time Launch - September 18, 2017