On August 6 2014, Google announced that it is starting to use HTTPS as a ranking signal within the search results.

While on the face of it, this might not seem like big news, it’s another instance of Google using its influence to put pressure on websites to conform to what it considers best practice.

Google has said that right now HTTPS is a very lightweight signal which will affect less than 1% of search queries globally, but it has stated that this may change over time as Google encourages all site owners to switch from HTTP to HTTPS.

As a result of this, we anticipate that secure and encrypted connections will become the norm for all websites in the future.

The S in HTTPS stands for Secure, so this change essentially means that any websites using secure and encrypted connections across their domains will benefit from this ranking update.

This formal announcement follows comments from Matt Cutts (Head of Web Spam at Google) at SMX West in March, where he said that he would like Google to make HTTPS a signal within the search rankings.

Read on for more information about the implications of this change, and for further insight into other ranking factors download Econsultancy’s Search Engine Optimization (SEO) Best Practice Guide.

Why has Google made this change?

Google doesn’t control the web, but increasingly we are seeing Google use its influence to put pressure on websites to conform to what it considers best practice. Google coerces website owners by penalising websites which don’t use the standards it considers as best practice and Google has done this before with site speed and mobile design.

In 2010, Google announced that site speed was a ranking signal and in 2013, Google confirmed that sites which are not mobile friendly would not rank well.

As a result of Google penalising websites which were slow and not mobile-optimised, sites were forced to address these issues in order to avoid losing visibility within the search results.

Since 2010, Google has been experimenting with encrypting search results and over the last 12 months it has made strides towards encrypting all its services. In September 2013, Google confirmed the rollout of encrypted search to all users and in April 2014 it expanded secure search to all clicks made on paid ads.

Other search engine providers including Bing and Yahoo have also embraced the move to encrypting search results and consequently the vast majority of search queries made today are now encrypted.

What are the implications?

As a result of this change, we anticipate that secure and encrypted connections will become the norm for all websites in the future rather than being limited to, as it is currently, primarily ecommerce websites.

Google has clarified that right now HTTPS is a very lightweight signal which will affect less than 1% of search queries globally, but this may change over time.

Ultimately this is good news for users on the web as sites using HTTPS encrypt the data between the browser and the site, thereby protecting the security and privacy of what a user chooses to do on that site.

What could this look like in the future?

Since July 2014, Google has alerted mobile users when a site is likely not to be compatible with their device. Sites using incompatible technologies like Flash have lost significant click share as a result of this change.

In the future, and it likely won’t be before many months, it’s possible that Google could alert users when the site does not use HTTPS.

Now: Google alert users about Flash on mobile devices:

Google warning users website not mobile friendly

Future: Google could alert users that a site may not be secure:

Google warning users website not secure with HTTPS

What does this mean for businesses now?

All businesses with a website should consider using HTTPS for all the content on their websites as this will likely become the global standard and in addition, there will be a small marginal benefit within the Google search results from doing this in the short term.

For businesses with websites already using HTTPS, they need to check whether this is being used across the whole domain or just on specific pages where sensitive data is transmitted. Google has been clear in this announcement that it wants websites to use HTTPS across all the content on the website, not just checkout or login pages.

How should HTTPS be setup?

The main items that will need to be addressed are the following:

  • Appropriate choice of single-domain, multi-domain, or wildcard certificate.
  • Use of 2048-bit key certificate.
  • Use of a web server that supports HTTP Strict Transport Security.
  • Use of relative URLs for resources that reside on the same secure domain.

What do you think?

Do you agree that this move from Google will mean that secure and encrypted connections will become the norm for all websites in the future?