This also makes sense as there have definitely been instances where sites switch to HTTPS, but don’t implement correct redirects, so Google could still serve the older grandfathered HTTP URLs. While Google is still recommending redirecting HTTP URLs to HTTPS ones, this change will mean that once Google discovers the secure pages, it will use those over the non-secure ones in certain circumstances.
When there are two seemingly identical pages found by Google, one HTTPS and one HTTP, Google will now typically show the HTTPS URLs in these circumstances:
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
- The server has a valid TLS certificate.
The addition of the insecure dependencies is a significant one, as this is often where websites run into problems, usually by displaying non-secure elements such as advertising or some social media share buttons, often without realizing it is an issue.
Google has really been pushing for secure sites over the past couple of years, particularly with their ranking boost for HTTPS, something they plan to make stronger in the future. So it isn’t surprising to see Google make these changes to prioritize HTTPS, especially for those webmasters who might not make the switch to HTTPS as seamless as possible.
Latest posts by Jennifer Slegg (see all)
- Hackers & Phishers Using Google’s AMP URLs to Disguise Malicious Links - October 25, 2016
- Google’s Manual Actions Not Showing Up In Google Search Console - October 25, 2016
- Using Strikethrough Text on Google AdWords Ads - October 25, 2016
- Google Testing Icons on Mobile Sitelinks - October 24, 2016
- Google Showing Featured Snippets for Site: Searches - October 24, 2016