HTTPS

One of the main talking points in the SEO industry right now is Google’s recent announcement that they will count https as a ranking factor.

Google say the update is a “light” ranking factor, impacting 1% of queries, but it is likely they will decide to turn up the dial in time. To quote the announcement:

“…while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web”

Having seen Google’s softly softly approach before, reading between the lines they appear to be telling site owners rather than suggesting to them that they should be updating to HTTPS. I imagine there will be an amnesty period “to give webmasters time to switch to HTTPS”, but eventually HTTPS will become a fully blown ranking signal. This is what Google wants, and you either play by their rules or suffer the consequence of lowered rankings.

So what exactly does HTTPS mean?

HTTPS is the secure version of HTTP, which creates a secure connection for the user and stops sensitive information from being leaked – HTTPS has therefore been a standard implementation for securing ecommerce shopping carts. Google’s recommendation is to make all static content secure and not just pages that transfer sensitive data. The main benefit for site owners is that it prevents “Man-in-the-Middle” attacks, a type of hack that relays data between two parties through a third middle man.

As per Google’s announcement, instructions for implementing HTTPS in a satisfactory way are as follows:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address (although it soon became apparent that Google Webmaster Tools doesn’t allow site moves from HTTP to HTTPS yet)
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

 


Moving to a full HTTPS implementation gives site owners the benefit of a fully secure connection, but with some minor downsides. The first is the cost of implementation – it costs around £50 for a certificate (avoid free or cheap certificates) and then a couple of hours for the server configuration – so not exactly prohibitive costs. The biggest challenge is getting the implementation right, so it’s important that someone with experience sets the server up. One final downside is that HTTPS requests will slow page load down slightly, ironic given Google’s constant banging of the drum on improving site speed.

To conclude, unless you’re in the (unclear) 1% of queries impacted, it’s unlikely that switching to HTTPS immediately will provide a noticeable improvement to your rankings. But given Google’s ominous tone of saying they are “giving webmasters enough time” and they “may decide to strengthen”, it’s fairly clear which direction they would like to head in, and adding HTTPS implementation should be on your road-map for the coming months.