HTTPS as a ranking factor

Google uses several hundred factors as part of the algorithms it uses to decide how websites should be ranked in results for a particular search query, and website owners need to follow a set of key principles and avoid specific practises to make sure that their website ranks highly. In July 2014 Google announced that it's algorithms will begin slightly favoring websites that are secured using HTTPS (HTTP over TLS, or Transport Layer Security).

The general reaction to Google placing importance on HTTPS is mixed, with many wondering why websites that do not feature credit card transactions or even a membership system need to be secured. However, every website will benefit from HTTPS, since only by serving data securely can it be guaranteed that content received by the browser has not been altered since leaving the server. By this means, HTTPS lends authenticity both to your website and the content your website serves.

Are Websites Secured with HTTPS Benefiting?

Some months after their announcement, it remains to be seen how much Google is actually favoring websites that use HTTPS, with some analyses such as that of SearchMetrics in August 2014 concluding that there was no "discernible" difference in rankings between secure and non-secure websites. At best, whether or not a website is secured using HTTPS contributes only weakly to how well a website ranks for a search query on Google and it is certainly less important than other key factors such as high quality content. And Bing followed Google's announcement with their own declaration that it has "no plans on ever giving a ranking boost to websites that switch to HTTPS".

Recently Google's Gary Illyes described HTTPS as being like a "tie-breaker" - when two websites are virtually identical in all other ranking signals, the website that uses HTTPS will be ranked higher. And Google followed up their initial announcement with a blog post that indicated that they "may decide to strengthen" the importance of HTTPS and that they would like to "encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web".

When first launched, the algorithm updates that favored websites using HTTPS was designed to simply check for this in the URL, but did not check if the associated SSL certificate was present or working. Following the launch, Google's John Mueller said on Twitter that from January 2016 Google's detection tools would flag invalid, missing SSL certificates and self-signed certificates. However, in October 2016 Google's Gary Illyes revealed that the algorithm still only checks for the "https" part of a URL, and does not check for insecure content, a missing certificate, or any other aspect that would produce browser warnings if the website is actually not secure. He added that instead of adding lots of features, they had decided to focus more on "making sure sites were easily able to migrate to HTTPS, and Google was able to pick up on those changes".

Do I Need to Secure My Website with HTTPS?

Every opportunity to outperform competitors in search engines should be taken, and transitioning to HTTPS is a relatively low-cost way to potentially out-rank your close competitors. While HTTPS may not yet be considered to be as important as many other ranking factors, in June 2015, Google's Gary Illyes confirmed at SMX Advanced that they did indeed have plans to make it a stronger ranking signal, and in July 2015 he tweeted that incoming links to the old HTTP version of websites would continue to carry almost the same benefit as if they were linking to the new HTTPS version (assuming that redirects are "properly implemented" from the HTTP version of each page to the corresponding HTTPS version). This means that making the transition would not require you to ask every website that links to yours to update their links in order for you to maintain your existing search-engine rankings.

Last updated: 9th November, 2016