Google announced on it’s Official Webmaster Central Blog that “Security is a top priority for Google”. Google invests more in making sure that it’s services use “industry-leading security”, just like Secure HyperText Transfer Protocol (HTTPS) encryption. People using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.


What is HTTP? What about HTTPS?

Hypertext Transfer Protocol (HTTP) is the method most commonly used to access information on the Internet, information that is stored on servers linked by the World Wide Web (WWW). HTTP is a text protocol, the “default” protocol of the WWW. If a URL doesn’t contain the protocol, it is considered as HTTP. HTTP requires that the target computer is running a program that understands the protocol. The file sent to the destination can be a HTML document (HyperText Markup Language), a graphics file, a sound, animation and video, also an executable program on that server or a text editor. After classification of the OSI reference model, the HTTP protocol is an application layer protocol. The creation and the evolution of HTTP is coordinated by the World Wide Web Consortium (W3C).

HyperText Transfer Protocol Secure (HTTPS) represents the HTTP protocol encapsulated in an SSL / TLS stream, in order to provide encryption. HTTPS is not a protocol in and of itself, it is the result of simply layering the Hypertext Transfer Protocol ( HTTP ) on top of the SSL/TLS protocol. In this way it adds the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to prevent wiretapping and man-in-the-middle attacks. HTTPS should not be confused with Secure HTTP (S-HTTP), specified in RFC 2660.



Why Google decided to offer a better ranking position to websites that use HTTPS?

Google’s search engine rank algorithm change is a smart and necessary move because it will encourage webmasters to make the upgrade to HTTPS and ultimately it will give Google users a safer experience when they click on search result links.

Google created a program called “HTTPS Everywhere”. There’s a video regarding this program:

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Source – HTTPS as ranking signal – Google Webmaster Central Blog


Google recommends these basic things to get started with the HTTPS:

  • Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

If you allready have HTTPS configured, you can test the security level with the Qualys Lab Tool.