Search Security in Focus

The Web can be a dangerous place - filled with malicious scripts, rogue bots, spyware and the like. A better digital experience for users however could result in a big boost in overall usage and Google wants to lead the charge to a safer 'Net.

The technology giant announced in early August that they would begin using HTTPS encryption as a signal in its search ranking algorithms. As you might imagine, that caught the attention of the SEO community and many are exploring their options when it comes to setting up secure connections and benefiting from what they believe will be an immediate upward bump in the search results.

Google has seen positive results from using the signal in a test conducted over the past few months. That doesn't mean however that switching to a secure site will actually provide any benefit other than the improved user experience. Currently, the signal is "very lightweight" according to Google - affecting less than 1 percent of queries today. That will most likely change as Google acquires more evidence that using HTTPS as a ranking signal is improving the search experience of its users.

Before engaging in an initiative to achieve greater website security, it's first useful to get a handle on how HTTPS works and why it's important to the digital ecosystem. Hypertext Transport Protocol Secure, or HTTPS, protects the integrity and confidentiality of users' data by providing three layers of protection - encryption, data integrity and authentication:

- Encrypting exchanged data protects a user as they browse a website so no one can track their activities or steal their information.
- Data integrity implies that data can't be modified or corrupted during transfer without that interference being detected.
- Authentication ensures that users/visitors communicate with the website they intended, protecting again man-in-the-middle attacks.

The process of switching to an HTTPS site can be somewhat cumbersome. Many Web hosts offer their users an opportunity to purchase an SSL certificate so a majority will be able to implement rather quickly. Those hosting/operating/ their own servers have a little more work ahead of them as they'll need to work directly with an official Certificate Authority (CA) to handle the implementation - some of the most popular vendors include Verisign, Comodo, GeoTrust, Entrust and GoDaddy. Cost for an SSL certificate vary (sometimes wildly) depending on the

Once the SSL is in place, an SEO's work can begin. Google will offer more information in the future about how to best manage switching from a HTTP to an HTTPS site but did provide a few suggestions. Google recommends redirecting users and search engines to the HTTPS pages/resources with server-side 301 HTTP redirects, and using relative URLs for resources that reside on the same secure domain. Webmasters should also use "protocol relative" URLs for all other domains (e.g. //, or update site links to link directly to the HTTPS resource. Finally, it's optimal for HTTP Strict Transport Security (HSTS) to be enabled. This tells the browser to automatically request pages using HTTPS, even when users enter http in the browser. This also tells Google to serve secure URLs in the search results.

As more details emerge about the impact of the inclusion of HTTP as a ranking signal in the Google search results, Website Magazine readers can stay up to date in our Mastering Search channel. Have you already seen a change as a result of making the switch to a secure site? Share your experience with a comment below.