HTTPS as a ranking signal

[Nytro]

HTTPS as a ranking signal

Posted: Wednesday, August 6, 2014

Tweet

Cross-posted from the Webmaster Central Blog

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like

strong HTTPS encryption by default. That means that people using Search, Gmail and Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “

” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

In the coming weeks, we’ll publish detailed best practices (we’ll add a link to it from here) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

• Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
  
• Use 2048-bit key certificates
  
• Use relative URLs for resources that reside on the same secure domain
  
• Use protocol relative URLs for all other domains
  
• Check out our Site move article for more guidelines on how to change your website’s address
  
• Don’t block your HTTPS site from crawling using robots.txt
  
• Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
  

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!

Posted by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts

Sursa: Google Online Security Blog: HTTPS as a ranking signal

[Ganav]

But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Niciodata nu am putut sa inteleg afirmatiile de genul acesta. De ce toata lumea traieste cu impresia ca daca mijlocul de comunicare este sigur/criptat acesta este in mod implicit sigur; vulnerabilitatile server si client side sunt complet ignorate. Mai mult chiar daca nu se foloseste SSL ci doar HTTP tot trebuie sa faci sniffing pe unele router-e sau pe o statie in acelasi subnet cu acestea pentru a prelua traficul.

[aelius]

@Ganav, cum securitatea nu consta in instalarea unui software si este mai degraba un ansamblu de politici implementate pe mai multe nivele, nu putem spune ca un mediu confidential intre client si server face totul, insa e un bun inceput. Eu as face obligatorie prezenta unui ssl in orice sectiune a unui site in care sunt solicitate sau afisate date ce tin de client.