In December 2015, Google announced that it would be indexing HTTPS pages by default. Of course, SEO dudes like us know exactly what to make of news such as this – but we’ve seen furrowed brows when discussing it with customers. Will https:// make your website safer than Jabba's Gamorrean guarded palace? What should you make of this news? Do you need to do anything? What even is https://? What is the impact for your website? What is the impact on SEO? WTF is a Gamorrean guard? Who are you and what have you done with my wife?
What is https://?
Websites need to trade information with you over the internet in order to work. For most websites, this is fine – a 1337 hacker intercepting the traffic between you and www.ratemychisel.org isn’t likely to learn anything about you except your preference in tools.
For more sophisticated websites, such as e-commerce sites or sites which you sign up using personal information, usually the traffic between you and the site will be encrypted. Hence:
http:// = standard protocol, non-encrypted
https:// = secure protocol, encrypted
To some extent, you are taking the website at its word that has bothered to encrypt the traffic properly. To prevent this, in order to serve encrypted data, a website must acquire something called an SSL certificate. Your browser will validate the SSL certificate before it begins to exchange information.
Should I be using https:// on my business website?
If your website deals with sensitive information – yes, for sure.
If not, there are some benefits and drawbacks to weigh up;
- Google is giving a small ranking boost to https:// sites as an incentive to get organisations to adopt the protocol
- This is altruism and should not be expected to be substantial ranking boost, nor do we expect it to deliver your website a long term advantage
- Implementing SSL can be reassuring to visitors
- The SSL certificate itself will set you back a more than a couple of quid (https://www.thawte.com/ssl/). The development cost of implementing it may cost you a few more.
- The secure protocol can also slow your site down as visitors’ browsers will need to validate the SSL certificate
You need decide;
- Whether you need it, ethically, to protect your users
- Whether the benefits of going secure outweigh the costs.
So what does this announcement mean?
Google will now aggressively seek to find https:// versions of pages of your websites. This means it will check ordinary pages for a secure version even if one is not linked. If it finds one, it will favour the secure version in the index over the unsecured page.
This shouldn’t have any kind of troubling impact on your website – if you have https:// pages but Google had been returning the http:// versions in the results, it will now serve the former instead (unless you explicitly tell it otherwise).
What should I do?
If you are paying for an SSL already and aren’t using the https version by default, then you can make your focus on security clearer to search engines by redirecting your http site to your https version and by implementing the HSTS header on your server.
If you are an ecommerce site or gathering sensitive information without an SSL, then seriously consider how you can protect your visitors’ data. Move to an SSL, sucker.
No SSL, no sensitive data? Stand down, this Webmaster Tools issue is not for you.
