In a recent blog post Google has revealed that it intends to give websites that use HTTPS encryption a signal in their search ranking algorithms.  This means that website that use this method of security will have a greater likelihood of appearing higher up on Google searches.


HTTPS enables websites to transfer and receive data using encryption, so if someone surreptitiously captures data being transferred via HTTPS the data should be unrecognisable.  This type of security is primarily designed to prevent wire tapping and so called “man-in-the-middle” attacks.

The drive to promote increased security stems from Google’s recent efforts to ensure that its own services are encrypted in this way.  Google has recently added HTTPS to Gmail, Google+ and its storage offerings.  Indeed the blog post states that “security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Drive, for example, automatically have a secure connection to Google…we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.”

Google Webmaster Trend Analysts Zineb Ait Bahajji and Gary Illyes give the following tips for those who wish adopt HTTPS:

  • decide the kind of certificate you need: single, multi-domain, or wildcard certificate;
  • use 2048-bit key certificates;
  • use relative URLs for resources that reside on the same secure domain;
  • use protocol relative URLs for all other domains;
  • check out Google’s site move article for more guidelines on how to change a website’s address;
  • don’t block your HTTPS site from crawling using robots.txt; and
  • allow indexing of your pages by search engines where possible. Avoid the no index robots meta tag.

So what?

Privacy and cyber security are increasingly under the spotlight, partly due to the increased publicity surrounding the Snowden affair and subsequent revelations.  That Google is taking positive action to encourage and promote website security through its ranking mechanism is a positive sign, and perhaps an indication of the increasing commercial imperative to ensuring cyber security at all levels of the internet. 

The weighting that Google will apply to HTTPS in its search engine algorithms going forwards remains unclear. However, as Google has introduced security as a factor when ranking websites, website owners should keep a close eye on Google’s ranking criteria and, where necessary, enhance their security offering to optimise their websites’ search-result positioning.