In a bid to further protect its users from cyber attacks, Google has announced that it will start prioritizing secure HTTPS URLs over regular HTTP ones, even if they don’t have any links pointing to them.
Typically, having lots of relevant links has been among the top ‘techniques’ for sites to rise in Google’s ranking.
The company started giving HTTPS pages a bump in its rankings last year, but will now seek to ensure these become more standard in search results.
The conditions include:
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemap lists the HTTPS URL or doesn’t list the HTTP version of the URL.
- The server has a valid TLS certificate.
- The first condition is a big one, that the page doesn’t include “insecure dependencies.” Many pages include insecure images, includes, embeds, videos and so on.
This is all part of Google’s effort to make for a securer web. (Reference by Searchengineland)
Pages without an HTTPS counterpart likely won’t be affected in search results, but that doesn’t mean it wouldn’t be the next step. Google is increasingly keen to see more secure web pages surfaced in its search engine.
Google says business owners can help by redirecting their HTTP site to their HTTPS version and by changing the HSTS header on their server.
Google has also created a guide for what constitutes a good HTTPS site, including things like not redirecting visitors to or through an insecure page.
Note: This article has been updated to reflect that HTTP sites will not be affected in search unless they have an HTTPS equivalent. We apologize for the misunderstanding. (Reference by TNW)