HTTPS Now a Google Ranking Factor: Some Questions Answered

It isn’t often that Google tells us something that will directly affect site rankings. If they do, it’s often because they want to modify our behavior in a certain direction. We saw this tactic  from Google when they first began talking about web performance a few years back, and later announced that site speed is in fact a ranking factor

A similar motivation seems to be in play with their recent announcement that sites that use HTTPS encryption will get a small ranking boost. In fact the rollout of the HTTPS support is eerily similar to the buildup of site speed evangelism at Google, and even shares one of its main actors, Ilya Grigorik. Read the official announcement here

Google Makes HTTPS a Ranking Factor: How to Make That Work for Your Site

Why is Google rewarding such sites? Whatever gives users a better and safer user experience after clicking a Google result ultimately benefits Google. It’s clear now, with Google suggesting that over half of all searches will take place on mobile devices by the end of this year, and understanding that one significant market growth area for Google is in regions that don’t yet have broadband internet,  that this is a big part of the motivation for speed.

In a similar vein, in a time of increasing identity crimes and privacy challenges, issues likely to continue to grow in the coming Internet Of Things era, people will likely prefer Google Search if they feel they are being served well when they click a result there. Google realizes that having privacy and data protection is an important part of a good user experience.

Google says that for now the boost will be very small, affecting only 1% of all queries, and with less effect than important ranking factors such as links and content quality. But over time they say they may boost its ranking effect as they want to encourage all sites to adopt HTTPS security. 

Resolving Some Questions

I think it’s a no-brainer that sites should adopt HTTPS as soon as they can, and we are going to recommend that our clients put this on their development radar. But I had a couple of questions to consider before making up my mind about such a switch.

Site speed matters!1. Is there a performance penalty? 

HTTPS can affect site load speed, and as mentioned, Google has said that sites with slow loading times may get reduced rankings. How is Google resolving this potential dilemma?

Among other things they’re throwing some serious evangelism at it, and doing so with some really smart people. Ilya Grigorik, who continues to lead a similar charge on the web performance front, has recently been quite visible on the topic of HTTPS performance.  (See a few excellent resources listed below.)  

The bottom line is that Google seems to say that properly implemented, HTTPS won’t cause a significant performance penalty.  I doubt they would promote this so heavily if they felt that it seriously compromised their equally zealous effort to promote web performance.

2. Do you redirect http to https? 

For site moves, use 301 redirect where necessaryYes, if you can. Put simply, http://www.example.com is different from https://www.example.com, and serving the same content on two different URLs is, of course, duplicate content.  

Most of us have seen this problem on one site or another, and we approach the solution as we would with any other duplicate content problem.  That is, if a 301 redirect is feasible and practical, we do that.  

Alternatively, consider adding a canonical link element pointing from the http version to the https version. Use this Google Webmaster Tools help page to guide you through the process. The wonderfully accessible John Mueller reaffirms this advice in this post, and answers some other questions. Take particular note of his comment about why “content only” sites (with no ecommerce) still benefit from encryption.

Some Resources

Here are some additional resources related to this that you might find useful:

Ilya Grigorik’s detailed discussion of TLS performance tuning

Google’s guidelines for site security

In a Google Webmaster Central Hangout, John Mueller answered some more question about the new ranking factor.

Ilya Grigorik and Pierre Far at Google I/O issuing Google’s call for “HTTPS Everywhere”:

Comments

  1. says

    Thanks for the info. So hard to keep up on all these things for our sites. I changed over to wp-engine to address the site speed issues. dropped load times down to just about 1 second, down from 4.5. Will have to look into the https closer. thanks. Tim

    • John Biundo says

      Glad to hear the wp-engine solution got you that speed boost. That’s pretty substantial, and should be a positive for your users, and possibly for rankings as well. Especially beneficial if you have mobile users!

  2. says

    Thanks for the short and useful info about the HTTPS.
    I have offered this to some of my clients and the question across the board was
    hope this wont affect my current ranking position, i guess when transition is implemented correctly their wont be loss of ranking position.

    • John Biundo says

      That is definitely the big question in most peoples’ minds. Here’s the way I see it. Yes, traditionally a 301 redirect does introduce some loss of PageRank. Plus, potentially slower performance could have this impact too. But Google really won’t want to be in a position of telling people this will boost their rank, only to be faced with a bunch of unhappy people who follow this advice and lose traffic. So I think they’ll either tune the HTTPS boost to offset those factors (leaving the effect roughly neutral), or will do something to recognize this configuration and minimize the normal redirect “cost” so that you end up net (slightly) positive in terms of ranking signals.

      I do think it’s still early days, and Google may still be working out some kinks. We also don’t have much in the way of case studies to go on. So individual mileage may vary! I’d say those who are risk averse may want to wait until there’s more experience to go on, or test this on a small site, a mobile site, or a section of the site before rolling it out on the main site.

  3. says

    HTTP Strict Transport Security will signal a browser to enforce HTTPS on page loads. There are other means to reduce page load time and initial response that I’l cover in subsequent article post.

  4. Jason says

    All web developers take great pains to redirect you BACK to HTTP when encryption is no longer required, and takes you to HTTPS as soon as you enter information. Are those sites going to be penalized? No one should have their homepage encrypted – that processing power and page load time really adds up to $$$!

  5. Nathan says

    I do not think there is any performance penalty of HTTPs implementation and “HTTP Redirection” is a choice of webmasters, many site owners operate their websites on both HTTP & HTTPs. After-all Google is intended to make the internet more secure place as it said.

    The temptation of higher ranking pulled me to find out a free SSL certificate for my blog. However, there are many ways to protect it free, but the main issue I was scared of is its installation. My blog is on WordPress and I am not so familiar with these technical tactics. Still, I searched many websites to get free certificate. Many were recommending startssl, for initial start-up at free of charge. Then I found some limitation and disadvantages of startssl. By investing a little more effort, I found one online news release at http://www.pr-inside.com/ssl2buy-announces-free-ssl-certificates-r4104382.htm

    With suspects in my mind, I visited a website and claimed for a free certificate via live chat support. Unexpectedly, they provided me free positive certificate from Comodo for 1 yr and helped me to install in on my blog.

    There are no doubts in my mind that Google has enticed many website owners to get SSL on it. However, I am sure that such move will enhance the internet protection and will reduce chance of attacks.

    I appreciate your effort to make aware us with this decent information.

  6. says

    How would Google rewarding sites owners who use https version of their site from non-http. I only know that is get small boosts for ranking and I’m also curious of what % of ranking rate ?

    • Eric Enge says

      John – think of it as a tiebreaker. If your site and one other site are essentially equal in ranking weight, but you have an HTTPS site and they have an HTTP site, you would win, and rank first. Bottom line, it’s a weak factor.

Leave a Reply

Your email address will not be published. Required fields are marked *

*