Google is ramping up its “HTTPS Everywhere” initiative designed to improve the security of the world wide web by pushing sites which don’t use the secure comms protocol down its search rankings.
HTTP over Transport Layer Security (TLS), to give it its full title, protects against man-in-the-middle and other attacks by encrypting traffic to and from the website, and as such is an easy way for webmasters to improve the safety of their sites.
Now Google has decided to use HTTPS as a “signal” in its search ranking algorithm, explained webmaster trends analysts, Zineb Ait Bahajji and Gary Illyes, in a blog post.
“For now it's only a very lightweight signal—affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content—while we give webmasters time to switch to HTTPS,” they added.
“But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
To get started, Google advised web owners to first decide whether they need a single, multi-domain or wildcard certificate, and then to choose a 2048-bit key version.
It also warned webmasters not to block their new HTTPS site from Google’s robot.txt crawlers.
Over the coming weeks, Google will release additional information on how to adopt HTTPS, it said.
David Emm, senior security researcher at Kaspersky Lab, argued that the move will offer a “significant incentive to online providers” over time, given the importance to business success of achieving a high search ranking.
“When people are entering confidential information on a web site – for example, passwords – it’s imperative that they only do so on secure sites,” he told Infosecurity.
“In light of this, the fact that Google will prioritize sites using HTTPS in search results is a very positive, praiseworthy move as it will incentivize providers to implement encryption and secure communications, which obviously has a beneficial effect in reducing the possibility of anyone ‘eavesdropping’ on, or having unauthorized access, to that information.”