It’s probably safe to say that Google has started, and led, the battle for a safer and more secure browsing experience – ever since they mentioned the first SSL ranking boost back in 2014. Ever since I’ve seen countless websites transition to HTTPS, and have gotten tons of questions from webmasters – most of whom just wanted to understand if they really needed to go HTTPS. For a while I argued that informational websites will see no benefit in going HTTPS – alas Google wants as secure of a browsing experience as possible – and that means HTTPS for all!
So last week, Google put into motion a new set of rules which favors HTTPS content in its search results. More specifically, if Googlebot finds two pages that seem to have the same content, and are on the same domain, but are delivered via HTTP and HTTPS, the HTTPS version will now be favored by default and showed in Google’s search results.
Googlebot will choose to index the HTTPS url if:
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL.
- The server has a valid TLS certificate.