A few months ago, there were some rumors that Google was considering using HTTPS site encryption as a ranking algorithm in its search engine in the same way it uses site loading speed or social media strength as signals for its ranking algorithm. Google also hinted at Google I/O that it's going to do this, with a session called "HTTPS Everywhere."
Today, Google announced that it's going to do exactly that and will count HTTPS support towards ranking power for websites. That means websites that have HTTPS enabled by default will receive slightly higher rank over sites that use the unencrypted HTTP protocol.
Google says that for now this change will only affect 1 percent of global queries and will, of course, be nowhere near as strong of a signal as the quality of the content on those pages or sites. Google will, however, strengthen it over time. The reason it's pushing this change in the first place is because it wants the web to be a safer place for all, and that can only happen if webmasters have enough incentives to do it.
Google has been pushing the use of encryption on its websites for the past few years, when it enabled HTTPS by default on Google search and in Gmail, but the Snowden revelations from the past year seem to have increased its focus on security lately.
Google offers these tips for webmasters to get started:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out this Site move article for more guidelines on how to change your website's address
- Don't block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
If webmasters are worried about the overhead of TLS encryption (which is what HTTPS uses), they shouldn't be. According to Google's Adam Langley, who works on Google's own HTTPS infrastructure, using HTTPS affects CPU load by only 1 percent and the network load by only 2 percent. Considering the benefits of encrypting all of a website's traffic for its users, that doesn't seem like a big trade-off to make.
The bigger trade-off may be in the fact that HTTPS/TLS certificates aren't usually free, which has historically impacted adoption of HTTPS encryption. The good news is that there already is a certificate provider that gives free certificates at StartSSL.com, and CloudFlare has also promised to enable HTTPS for all of its members soon, for free. With fewer and fewer excuses for not enabling HTTPS for websites, we will hopefully see a lot more websites adopt traffic encryption soon.