Google To Index HTTPS Web Pages By Default
Google announced that it will begin to prioritize the indexing of HTTPS versions of webpages from any sites that support encryption. The announcement comes after Google had already made the change to give HTTPS websites a small boost in ranking in its search engine.
Google believes that “browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification.” That’s why the company has ramped up its efforts to encourage the use for encryption for website connections, but also for email services.
Google will now begin to index HTTPS equivalents of HTTP web pages, even when the former don’t have any links to them. However, Google will only index an HTTPS URL if it follows these conditions:
It doesn’t contain insecure dependencies.It isn’t blocked from crawling by robots.txt.It doesn’t redirect users to or through an insecure HTTP page.It doesn’t have a rel="canonical" link to the HTTP page.It doesn’t contain a noindex robots meta tag.It doesn’t have on-host outlinks to HTTP URLs.The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL.The server has a valid TLS certificate.
Although Google's new indexing process will try and show users HTTPS versions of websites by default in its search engine, other search engines don't currently work like that. This is why the company is asking web site owners to redirect HTTP URLs to the HTTPS equivalents, so their readers can benefit from the same security, even when they’re using search engines other than Google.
The company also suggested that web site owners use HSTS (HTTP Strict Transport Security) headers so that the HTTPS connections are always enforced after the user’s first visit to the web site. Using HTTPS encryption should protect users against content injection attacks, which can happen over insecure connections.
______________________________________________________________________
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Lucian Armasu joined Tom’s Hardware in early 2014. He writes news stories on mobile, chipsets, security, privacy, and anything else that might be of interest to him from the technology world. Outside of Tom’s Hardware, he dreams of becoming an entrepreneur.
You can follow him at @lucian_armasu. Follow us on Facebook, Google+, RSS, Twitter and YouTube.