Google have just announced that they are giving even greater precedence to HTTPS* pages in search results.
The announcement, on the Official Google Webmaster Central Blog, Indexing HTTPS pages by default, even goes as far as saying that even if you have HTTP and HTTPS that it will choose the HTTPS versions of your pages.
It’s in this bit here;
…today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages
And there’s more:
Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL
There are some specific caveats for their selection too, including:
- Pages don’t contain insecure dependencies
- Pages are not blocked from crawling in the robots.txt file
- Pages do not redirect users to (or through) an insecure HTTP page
- There is no rel=”canonical” link to an HTTP version of the page
- There is no noindex robots meta tag
- It doesn’t have on-host outlinks to HTTP URLs.
- Sitemaps should list the HTTPS URL, or
- Sitemaps do not list the HTTP version of the URL
- The server has a valid TLS (Transport Layer Security) certificate
The Webmaster team at Google are suggesting that webmasters implement the HSTS header on their servers. HSTS is HTTP Strict Transport Security, meaning that HTTPS requests cannot be downgraded by cookie hijacks.
Whilst this is all good news for serious search people, this does seem to put the little guys at an advantage. For instance, people running personal blogs may not want the expense of going HTTPS. Small businesses may also not be willing or able to purchase SSL. I know certs are cheap these days and a lot easier to apply than they used to be but it’s still another £100 expense on the books for an SME. Plus there’s the (potential) hassle of moving to a dedicated IP address.
*HTTPS is an acronym for HyperText Transfer Protocol Secure. HTTP is the standard, non-secure protocol that delivers web pages to your browser. HTTPS uses SSL or the Secure Socket Layer to ensure that any interaction between your browser and the website you are viewing is secure and safe.