This also makes sense as there have definitely been instances where sites switch to HTTPS, but don’t implement correct redirects, so Google could still serve the older grandfathered HTTP URLs. While Google is still recommending redirecting HTTP URLs to HTTPS ones, this change will mean that once Google discovers the secure pages, it will use those over the non-secure ones in certain circumstances.
When there are two seemingly identical pages found by Google, one HTTPS and one HTTP, Google will now typically show the HTTPS URLs in these circumstances:
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
- The server has a valid TLS certificate.
The addition of the insecure dependencies is a significant one, as this is often where websites run into problems, usually by displaying non-secure elements such as advertising or some social media share buttons, often without realizing it is an issue.
Google has really been pushing for secure sites over the past couple of years, particularly with their ranking boost for HTTPS, something they plan to make stronger in the future. So it isn’t surprising to see Google make these changes to prioritize HTTPS, especially for those webmasters who might not make the switch to HTTPS as seamless as possible.
Latest posts by Jennifer Slegg (see all)
- Google Adds Rich Results Report to Search Analytics in Search Console - June 24, 2016
- Google Launches New Local Ads-Pack for Local Businesses, Above 3-Pack - June 23, 2016
- Google Analytics Expands Hacked Site Alerts for Webmasters - June 22, 2016
- New AMP Validator for Web & Chrome Extension - June 22, 2016
- Don’t Make All Content Q&A For Google’s Featured Snippets - June 21, 2016