When Google called for “HTTPS Everywhere” (secure search) at its I/O conference in June, with its Webmaster Trends Analyst Pierre Far stating: “We want to convince you that all communications should be secure by default,” it anticipated skepticism from the SEO industry. Google reinforced its I/O battle cry for a completely secure Web with an official announcement on August 6, saying that it will use HTTPS as signal that might boost rankings for those sites that adopt it.
The SEO industry skepticism did indeed follow Google’s official announcement with a flood of tweets by thought leaders the following day, which Matt McGee captured at Search Engine Land. Still up for debate is how significant Google’s promised rankings boost actually would be, whether it is worth the cost and resources to migrate to a HTTPS domain URL, and Google’s underlying motivation for its HTTPS initiative.
What is HTTPS?
So, what is HTTPS? HTTPS means Hyper Text Transfer Protocol (the “HTTP” before the site’s domain) with the addition of “S,” denoting “secure”: hence, HTTPS. The security, or “S” at the end of the usual URL, means that the site’s data is encrypted - just as Google has encrypted all of its properties. (Visually, a secure site will display a padlock icon left of its URL address, and in some browsers, the address will be highlighted in green). In its announcement on the Webmaster Central Blog, Google states the following:
Over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
What is really behind 'HTTPS everywhere'?
So is it really worth it to migrate your site to HTTPS? As Daniel Cristo recently wrote for Search Engine Land, probably not, unless your site collects and shares user data, such as financial, e-commerce and social networking sites. Daniel also speaks to what he suspects to be the real reason behind Google’s call for “HTTPS everywhere,” namely “to get back at the NSA” for making the search giant “look bad during the PRISM scandal.” He continues:
It’s a classic “greater good” story. Google says HTTPS will be a ranking signal so that everyone runs out and switches to HTTPS. What they’re not saying is that this change will only affect a minuscule number of sites. For everyone else, they’ve wasted time and energy switching to HTTPS for no reason – but that’s okay, because it serves the greater good of improving privacy for the internet as a whole.
Whether Google prevails in its quest for HTTPS everywhere on the Web remains to be seen. (Some sites, notably SEO news leader Search Engine Roundtable, have already switched to HTTPS). In the meantime, should you want to migrate your site (or sensitive pages within your site, such as an e-commerce shopping cart), you may want to check into Google’s webmaster help forum. For help with technical matters in converting to HTTPS, consult this file. For more general information about HTTPS and best practices for setting it up, this is a good resource. Clearly, this is an unfolding story and we will continue to track it for our readers.