Google has always worked towards providing utmost security to users who are browsing the Web. We all know about Google changing its algorithms and making frequent changes to provide the best browsing experience for the users. Since quite some time, Google has also been giving a slight ranking boost to HTTPS URLs in search results. According to Google, the reason for promoting HTTPS everywhere is this – “Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification.”
To bring in a more secure web experience for the user, Google has made further changes. Google’s Zineb Ait Bahajji announced that Google is now going to index HTTPS pages first before the equivalent HTTP page, which means that even if you have an HTTP URL, Google will try to see if the same works on HTTPS. If the result is positive, Google will index the HTTPS version and show the same in search results. Google said on 17th December 2015, “Today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL.”
But, Google also confined the above statement to a few conditions, which are as follows –
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemap lists the HTTPS URL or doesn’t list the HTTP version of the URL.
- The server has a valid TLS certificate.
Other search engines do not work like Google to index HTTPS versions of websites by default, to provide a more secure web experience. This is why Google has been asking website owners to redirect their HTTP URLs to their HTTPS equivalents so that users who are using other search engines can also benefit from the same security. Google has also suggested website owners to use HTTP Strict Transport Security (HSTS) headers so that HTTPS connections are always enforced after a user’s first visit to the website. In Google’s words – “Although our systems prefer the HTTPS version by default, you can also make this clearer for other search engines by redirecting your HTTP site to your HTTPS version and by implementing the HSTS header on your server.”
All these are efforts from Google to provide a secure and better web experience for the users. Google says, “By showing users HTTPS pages in our search results, we’re hoping to decrease the risk for users to browse a website over an insecure connection and making themselves vulnerable to content injection attacks.”