Google Search has been testing the idea of placing Websites higher in search rankings when they use strong HTTPS encryption by default. The idea, according to Google, is that by encouraging the use of those sites, it will help to make the Internet a safer place.
The HTTPS experiments were announced by Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes in a recent post on the Google Webmaster Central Blog.
"Security is a top priority for Google," wrote Bahajji and Illyes. "We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google."
Earlier this summer at its annual Google I/O Developers Conference, the company called for efforts to use "HTTPS everywhere" on the Web, they wrote, to help make the Internet safer for users. In addition, more and more Webmasters are adopting HTTPS (also known as HTTP over Transport Layer Security, or TLS) on their Websites, they added.
"For these reasons, over the past few months we've been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms," they wrote. "We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now, it's only a very lightweight signal—affecting fewer than 1 percent of global queries, and carrying less weight than other signals such as high-quality content—while we give Webmasters time to switch to HTTPS."
That could change in the future, they wrote, if Google decides to expand the use of the HTTPS signal more broadly for ranking sites. The company would like to encourage all Website operators to switch from HTTP to HTTPS to keep everyone safe on the Web, they wrote.
As part of its efforts to encourage the use of HTTPS for sites, Google will publish detailed best practices for the strategy in the coming weeks to help make TLS adoption easier, wrote Bahajji and Illyes.
Among the steps Website owners will have to take are deciding what kinds of certificates they need, whether they are single, multi-domain or wildcard certificates, while also ensuring they use 2048-bit key certificates, they wrote. Site owners will also be encouraged to use relative URLs for resources that reside on the same secure domain, while using protocol relative URLs for all other domains.
Site owners should also set up their HTTPS sites so they don't block crawling using robots.txt, and they should also allow indexing of their site pages by search engines where possible. Avoid the no index robots meta tag, they added.
"If your Website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool," wrote Bahajji and Illyes. "If you are concerned about TLS and your site's performance, have a look at "Is TLS fast yet?" And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums."