December 21, 2015 By Douglas Bonderud 2 min read

Google will now prioritize HTTPS pages in search engine results, and according to Threatpost, it will also prefer secure pages even when an HTTP variant exists. It’s a big step forward from just a year ago, when the search giant was testing the waters and looking for outside assistance in finding and indexing secure URLs.

For users, this should mean a safer browsing experience by default, but is this the only impact of the new search ranking rollout?

HTTPS: Five-Letter Security

The secure connection has been making headlines for the better part of a year as some companies embrace the new, more secure standard and others lament the complexity and cost of making the move. For example, initiatives like the Electronic Frontier Foundation-sponsored Let’s Encrypt project is looking to offer free secure certificates. The program has already been cross-CA approved and launched into its beta phase last month. Google was less committal about the secure Web protocol at first, although the search giant did back the EFF’s Everywhere extension, which creates a secure Web connection if no safe alternatives exist.

Now, Google appears to be fully on board with five-letter security. As noted by Search Engine Journal, the search site will index the more secure pages by default even if identical HTTP offerings exist. It will also make HTTPS the priority for connections if both indexed offerings are available.

It’s worth nothing that this isn’t a simple rank boost like the one Google gave the secure protocol back in August 2014. Rather, it’s a deliberate move to depreciate HTTP and take the first steps to pushing it off the Web altogether. Companies running HTTP only won’t see a hit to their ranking — at least at first. But as users become accustomed to the security provided by high-ranking pages, expect pressure to mount on businesses choosing to opt out of available security offerings, especially since new certs will be available for free.

Back and Forth

There’s still some pushback over HTTPS, with some companies unconvinced the per-page security offered is necessary to protect the user experience. Legal challenges have also emerged as the secure protocol makes its way into the mainstream. As noted by The Register, encryption developer CryptoPeak is suing a host of big companies for supposedly infringing on its patent rights by using elliptic curve cryptography. While the lawsuit appears largely baseless, it’s a critical step forward: HTTPS is now popular enough that companies are looking to cash in any way they can.

Ultimately, Google’s preference for HTTPS won’t force developers and companies to use the new standard, and in cases where sites don’t have valid TLS certificates or can’t be crawled by robots.txt, Google’s change won’t apply. But when the front-running search engine decides to throw its support behind five-letter security, the world will take notice. Search is changing, the Web is becoming more secure and HTTPS is quickly becoming the answer to the question instead of an exception to the rule.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today