Adoption of HTTPS as a ranking signal
Expertise, International, Fast
Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail, and Google Drive, for example, automatically have a secure connection to Google.
Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.
We want to go even further. We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.
For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
To make TLS adoption easier, and to avoid common mistakes, here are some basic tips to get started:
• Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
• Use 2048-bit key certificates
• Use relative URLs for resources that reside on the same secure domain
• Use protocol relative URLs for all other domains
• Check out our Site move article for more guidelines on how to change your website’s address
• Don’t block your HTTPS site from crawling using robots.txt
• Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
It's been almost two years since Google announced that HTTPS was a ranking signal. Prior to the update, researches showed that roughly 7% of page-1 Google results used the "https:" protocol. A week after the update announcement, that number had increased only slightly, to just over 8%. As of late June, our tracking data shows that 32.5% (almost one-third) of page-1 Google results now use the "https:" protocol.
So about one-third of results use HTTPS. If rewarding HTTPS too heavily when adoption is low is risky and rewarding it when adoption is too high is pointless, then, naturally, the perfect time to strike is somewhere in the middle. At 30% adoption, we're starting to edge into that middle territory.
Like any major, sitewide change, you have to consider the broader business case, costs, and benefits. Pressure from Google will increase especially as adoption increases, and that we're within a year of a tipping point where half of page-1 results will be running on HTTPS.