Security is the most important aspect at Google thus the giant search engine strives to invest much in making sure that its services use industry-leading security such as strong HTTPS encryption by default. You may wonder what that means, well, it’s simple, it means that people who are using Search, Gmail and Google Drive will automatically have a secure connection to Google.
As part of this security initiative, Google and it’s staff are constantly working to make sure the internet is broadly safer; more importantly is making sure that websites people access from Google are secure. A good example of Google’s effort towards enhancing security measures is its initiative in creating resources which assist webmasters prevent and fix security breaches on their sites.
The giant tech company has been in the past few months running tests bent on ensuring that sites use secure, encrypted connections as a signal in its search ranking algorithms.
In a statement by Google’s Trends Analysts Zineb Ait Bahajji and Gary Illyes, Google has, “seen positive results, so we’re starting to use HTTPS as a ranking signal such as high-quality content-while we give webmasters time to switch to HTTPS.”
They added, “But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
To strengthen its security measures, Google has put in place detailed practices (found on its help center) to make TLS adoption easier, and to keep away from regular mistakes and below are some of the basic tips which can help you get started:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2018-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Check out Google’s “Site move article” for more guidelines on how to change your website’s address
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the no index robots meta tag.
Worth noting is that you can test your website’s security level and configuration with the Qualys Lab tool if it (the website) is already serving on HTTPS.