Google will now prioritize HTTPS pages in search engine results, and according to Threatpost, it will also prefer secure pages even when an HTTP variant exists. It’s a big step forward from just a year ago, when the search giant was testing the waters and looking for outside assistance in finding and indexing secure URLs.
For users, this should mean a safer browsing experience by default, but is this the only impact of the new search ranking rollout?
HTTPS: Five-Letter Security
The secure connection has been making headlines for the better part of a year as some companies embrace the new, more secure standard and others lament the complexity and cost of making the move. For example, initiatives like the Electronic Frontier Foundation-sponsored Let’s Encrypt project is looking to offer free secure certificates. The program has already been cross-CA approved and launched into its beta phase last month. Google was less committal about the secure Web protocol at first, although the search giant did back the EFF’s Everywhere extension, which creates a secure Web connection if no safe alternatives exist.
Now, Google appears to be fully on board with five-letter security. As noted by Search Engine Journal, the search site will index the more secure pages by default even if identical HTTP offerings exist. It will also make HTTPS the priority for connections if both indexed offerings are available.
It’s worth nothing that this isn’t a simple rank boost like the one Google gave the secure protocol back in August 2014. Rather, it’s a deliberate move to depreciate HTTP and take the first steps to pushing it off the Web altogether. Companies running HTTP only won’t see a hit to their ranking — at least at first. But as users become accustomed to the security provided by high-ranking pages, expect pressure to mount on businesses choosing to opt out of available security offerings, especially since new certs will be available for free.
Back and Forth
There’s still some pushback over HTTPS, with some companies unconvinced the per-page security offered is necessary to protect the user experience. Legal challenges have also emerged as the secure protocol makes its way into the mainstream. As noted by The Register, encryption developer CryptoPeak is suing a host of big companies for supposedly infringing on its patent rights by using elliptic curve cryptography. While the lawsuit appears largely baseless, it’s a critical step forward: HTTPS is now popular enough that companies are looking to cash in any way they can.
Ultimately, Google’s preference for HTTPS won’t force developers and companies to use the new standard, and in cases where sites don’t have valid TLS certificates or can’t be crawled by robots.txt, Google’s change won’t apply. But when the front-running search engine decides to throw its support behind five-letter security, the world will take notice. Search is changing, the Web is becoming more secure and HTTPS is quickly becoming the answer to the question instead of an exception to the rule.