Security is a top priority for Google. They invest a lot in making sure that their services use industry-leading security, like strongHTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.
Beyond their own stuff, they are also working to make the Internet safer more broadly. A big part of this is, they are making sure that websites people access from Google are secure. For instance, they have created resources to help webmasters prevent and fix security breaches on their sites.
They want to go even further. At Google I/O a few months ago, They called for “HTTPS everywhere” on the web.
They have also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.
For these reasons, over the past few months they have been running tests taking into account whether sites use secure, encrypted connections as a signal in their search ranking algorithms. They have seen positive results, so they are starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-qualitycontent — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.
In the coming weeks, They will publish detailed best practices (we’ll add a link to it from here) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:
Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out our Site move article for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.