For Google to favor websites that default to HTTPS is a big deal, because most people don’t think to implement HTTPS outside of those sensitive pages .
Websites that implement HTTPS encrypt the data your browser requests before it’s transmitted; it’s then your browser’s task to decrypt it so that you can see it. While HTTPS is very common Web-wide, it’s most heavily used for username / password logins, forms that contain sensitive data, and any other page that contains data that under no circumstance should be transmitted in plain text. You might notice that your bank’s website, for example, might not reflect HTTPS until you actually log in and do your banking. Understandably, the information found on a banking homepage is non-sensitive, so encrypting that data might not be too important to the company, or the user for that matter.
This move isn’t just about passwords – it’s also about protecting users from prying eyes (read: the likes of the NSA).
While I believe site-wide HTTPS is a great thing for users, there might be some small repercussions for website owners, such as the added processing power that’s required. If the entire site’s content is encrypted, that would include images, and for busier sites, that might mean that the server CPUs will be forced to work a little harder. In the end though, this is for the greater good.
To help webmasters get started, Google has laid out a couple of tips:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
Google admits that HTTPS’ weight in ranking sites is somewhat low at the moment; high-quality content is still the most important factor. However, the company does say that in time, it might choose to increase the effectiveness HTTPS has on ranking. Given that HTTPS is a good thing overall, it wouldn’t be surprising to see other search engines follow suit down-the-road, as well.