Google is now indexing HTTPS pages by default. The search engine giant announced earlier this month that it will be promoting HTTPS in order to provide a “private experience between the user and the website”.
Google said in a blog post: “Over the years, we’ve worked hard to promote a more secure web and to provide a better browsing experience for users. Gmail, Google search, and YouTube have had secure connections for some time, and we also started giving a slight ranking boost to HTTPS URLs in search results last year.”
“Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why we’ve been strongly promoting HTTPS everywhere,” the company added.
The company announced that it will be adjusting its indexing system to look for more HTTPS pages, which means that HTTPS pages will have priority over HTTP pages for specific searches. The search engine will “start crawling” HTTPS equivalents of HTTP pages and will typically choose the HTTPS URL “when two URLs from the same domain appear to have the same content but are served over different protocol schemes.”
However, some conditions do apply. Google will not choose the HTTPS URL if there are insecure discrepancies, if it is blocked from crawling by robots or if it redirects users to an insecure HTTP page. The server must also have a valid TLS certificate, must not have a rel=”canonical” link to the HTTP page and must not contain a noindex robots meta tag or have on-host outlinks to HTTP URLS. The sitemap must also list the HTTPS URL.
The adjustments to the indexing system will provide more secure web browsing experience, enabling users to click on websites without having to worry about their privacy.
Google stated that the company are “excited” about taking steps towards making the web more secure.
“By showing users HTTPS pages in our search results, we’re hoping to decrease the risk for users to browse a website over an insecure connection and making themselves vulnerable to content injection attacks,” the company said.