Roundabout August 2014, Google announced that it was including HTTPS as a lightweight criteria for aiding page ranking.

When Google said this, not a whole lot of people took the news truly to heart.

Previous exploration of the statistics had shown that HTTPS was pretty much a parallel of HTTP and that there was no real overlap between them.

But now, suddenly, in the last week or so—HTTPS traffic has had a big ranking boost. Is this Google’s realization of a statement that Matt Cutts made in 2014 about wanting to see more rewards for sites using TLS?

Reviewing What HTTPS & SSL Is

To understand why this is an important issue, let’s define these two acronyms. No insult to anyone’s intelligence: it really is something that needs defining.

HTTPS stands for “Hyper Text Transfer Protocol Secure“, which is, in layman’s terms, a more secure version of the HTTP that we all know and love. Its major use is in sites that traffic in sensitive information, i.e. banks and other e-commerce based pages. HTTPS is easy to spot online as it’s usually prefaced by a padlock icon right before the site name in the address bar.

SSL stands for Secure Socket Layer and is the successor to TLS (Transport Layer Security). SSL encrypts a connection (as opposed to a single file) ensuring that all data that passes through the connection is secure and unable to be tampered with by external entities. Together, HTTPS and SSL provide a solid layer of security and a good deterrent to malicious entities.

What Does HTTPS Have To Do With SEO?

Until recently, HTTPS (if it was even considered relevant to SEO) provided a very minor rankings boost, typically less than other indicators such as high quality content. This seems to have changed recently. In the last few days, the investigation of HTTPS URL’s on page one of a search increased dramatically compared to the previous ten days. This in itself is news and cause for concern. What is it that’s making these HTTPS sites rank so well all of a sudden? When we assess the possible causes we are left to assume that either:

  1. Google’s algorithm updated to a point where HTTPS is now considered a lot more important to page ranking or
  2. A massive movement of one or more popular domains from HTTP to HTTPS.

Taking these two as our premises, we can now set out to get to the bottom of this crazy swing in page rankings.

A Google Update

Google has changed its Internet focus from being search oriented to being user oriented. They have realized that by catering to users first, they are building a trustworthy presence on the Internet. How they are doing this starts with their algorithm changes. From the time Panda was released to Google’s mobile update a couple months ago, we can see how Google is slowly making webmasters consider their audience. Gone are the days when a page’s ranking was based solely on the amount of keywords it had stuffer per total page count on the screen. Now it’s all about user benefits and HTTPS offers a lot of benefits to the average user. HTTPS is especially important in situations where sensitive information may be at risk.

HTTPS exists as a method of empowering the user by ensuring that all information that concerns him or her is unable to be broken into by a third party that is unaffiliated with either side of the connection. HTTP doesn’t allow for protection of a user’s account information or ID and if it is used on a login page then it can be vulnerable to penetration by third parties and makes for a great target for people to obtain information about a user. If this is a Google update, it is centered on the user (as most of the modern updates to their algorithm are) and rewards sites that put users first.

What This Means for Us as Content Publishers

We understand exactly how important any addition to Google’s algorithm is. Although it’s not a confirmed addition it has all the bells and whistles associated with a Google update. The only way we’ll know for sure if it’s a permanent Google update is when Wikipedia’s site finally settles down into HTTPS mode and we can observe the ripples on both the HTTPS and HTTP side of things. In any case, what we should be considering is how HTTPS can help our users since it’s likely that in the future whether your site is SSL-compatible or not may actually affect your search ranking a bit.

As a content publisher your content is accessible by all users and information they submit to your site can be vulnerable to external penetration. This in itself is not too worrying if the information submitted is of a non-essential nature. Things get a little bit trickier when it comes to more sensitive information. HTTPS ensures that an eternal entity cannot spoof your address in the hopes of phishing information out of your visitors. Your audience trusts your site to the point where it would allow your site access to some information unequivocally. Having HTTPS on your site ensures that no on abuses this trust between you and your audience and makes you a more trustworthy site overall: an important factor in your overall page ranking.

Following the Statistics Trail

The first thing we have to see is if there was a large domain that shifted across from HTTP to HTTPS that might account for a huge (9.9% in fact) change in page ranking for HTTPS pages. A cursory glance allowed us to discover that Wikipedia, a page that already accounts for a lot of page-one traffic, was slowly doing a changeover to HTTPS. Since Wikipedia makes up a large volume of our page-one rankings then it may be safe to assume that their switch is what skewed our readings by such a large margin. The only way to figure if Wikipedia’s change was what caused our statistics spike is to leave it out of considerations to see if this is an HTTPS gain and not one due to Wikipedia’s massive bulk.

When we isolate our statistics to remove HTTP/HTTPS from the results (by considering them both as equal), we still see a change (although obviously less massive than before) when it comes to page-one rankings. This translates to the idea that HTTPS may be getting a boost in rankings from somewhere. We can see that having HTTPS as a protocol is beneficial to the user and maybe this provides a further clue as to whether this is just an anomaly or something more in-depth.

Three Main Ways HTTPS Works

HTTPS ensures a connection is secured on both ends so that an external source cannot garner information passed over the connection for malicious purposes. How does this comes down a three-step process:

  1. Encryption: Data passed from the client to the server and vice versa are encrypted to keep that information safe. This means that when a user is on a site, it is impossible for another user to “listen in on” or “eavesdrop” on the data being sent to and from the server.
  2. Data Integrity: This means that the data going to and coming from the server cannot be changed. It stops attacks by “injection” where an external entity can change or edit data as to make it unusable by the server.
  3. Authentication: This ensures that the server that the user is connected to belongs to the business they intend to deal with. It also stops “man-in-the-middle” attacks where another user spoofs the server in order to intercept data that is meant for the server which can then be decrypted.

How do I Add HTTPS support for my site?

There are a number of ways to do this but the most efficient method (and that recommended by Google) is to include server-side 301-redirect requests for any HTTP page to send the user on to an HTTPS secure page. Alternatively you can use a server that supports HTTP Strict Transport Security (HSTS) which shunts users to an HTTPS site even though they entered an HTTP site in the URL bar. It serves as a drastic measure but ensures that you don’t serve unsecured content to your audience.

Why HTTPS May be Important in the Future

Methods of obtaining information through illicit means on the Internet is not exactly something new. From the early days of viruses that installed back doors in computers to the relatively modern practice of phishing, it is clear that we can’t ever wipe out the processes by which people are relieved of their valuable information online. And make no mistake, in the virtual world, information is as good as hard currency in the real world. In order to protect users that utilize our site and to ensure that we remain a secure and trustworthy domain to deal with, we should consider setting up HTTPS on our servers. It may take some work, but the overall benefits would be worth it in the long run, especially if this Google update turns out to be real.