As Tom’s Hardware and others report – a few months ago, there were some rumors that Google was considering using HTTPS site encryption as a ranking algorithm in its search engine in the same way it uses site loading speed or social media strength as signals for its ranking algorithm. Google also hinted at Google I/O that it’s going to do this, with a session called “HTTPS Everywhere.”
On the 6th of August, Google announced that it’s going to do exactly that and will count HTTPS support towards ranking power for websites. That means websites that have HTTPS enabled by default will receive slightly higher rank over sites that use the unencrypted HTTP protocol.
The company has been running trials over the past few months to test the use of secure, encrypted connections as a signal in search ranking algorithms. – “We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal,” Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes wrote in a blog. “For now it’s only a very lightweight signal — affecting fewer than one percent of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
If you’re a webmaster, Google also recommends using SSLlabs.com to check the SSL configuration and level of security for your website, and the Is TLS Fast Yet tool for performance questions.
If webmasters are worried about the overhead of TLS encryption (which is what HTTPS uses), they shouldn’t be. According to Google’s Adam Langley, who works on Google’s own HTTPS infrastructure, using HTTPS affects CPU load by only 1 percent and the network load by only 2 percent. Considering the benefits of encrypting all of a website’s traffic for its users, that doesn’t seem like a big trade-off to make.
Google said it will be publishing detailed best practices in the next few weeks to avoid common mistakes and make it easier to implement HTTPS, also known as HTTP over TLS, which stands for the Transport Layer Security cryptographic protocol.