Google has made another show of support for HTTPS.
Google’s Zineb Ait Bahajji announced that Google would start crawling HTTPS pages over HTTP versions. They would do so even “when the former are not linked to from any page.” So even if you don’t have HTTPS versions of all your site pages, Google will look for them first anyway.
When Will Google Choose to Index the HTTPS URL?
Like everything else it thinks is important, Google has set rules to govern when it indexes the HTTPS version of a site. Here’s the complete list of rules where Google will choose the HTTPS page over the HTTP page:
It doesn’t contain insecure dependencies.
It isn’t blocked from crawling by robots.txt.
It doesn’t redirect users to or through an insecure HTTP page.
It doesn’t have a rel=”canonical” link to the HTTP page.
It doesn’t contain a noindex robots meta tag.
It doesn’t have on-host outlinks to HTTP URLs.
The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL
The server has a valid TLS certificate.
If your HTTPS pages meet these requirements, Google will index them over HTTP. But some of them may be pretty tough to meet.
Take the first rule, the one with “insecure dependencies.” That means everything on your site—images, videos, embedded content—must be secure. If they aren’t, there is no high-priority index for you.
The solution: Redirect your HTTP site to your HTTPS version. You can also add an HSTS header on your server, which lets your server ensure HTTPS-only browser interactions.
How the People Have Responded
Website owners, webmasters, and SEO experts have mainly expressed support over the news that Google would index HTTPS pages. And it makes sense. From a user experience perspective, the enhanced security of HTTPS is an obvious draw for Google. They want users to be safe while surfing, and Google is willing to do whatever it takes to provide them with that peace of mind. Even if it means making the requirements a little tricky. Since Google will be supporting HTTP/2 soon, webmasters are more incentivized to go with HTTPS.
Some commenters expressed dismay that their Blogger pages (owned by Google) didn’t support custom HTTPS domains yet. One astute user even commented that the blog itself redirected to an HTTP version, not HTTPS. Google’s John Mueller responded quickly, stating that the Blogger team was “working on that.” Since the post, the blog now redirects to the HTTPS version correctly.
What do you think? Is Google right to move so strongly in the direction of HTTPS? Or do you have questions on what this means for your website? Let us know in the comments, or contact us and speak your mind!
We look forward to hearing from you!