HTTPS Ranking Factor Update

In August 2014, Google started considering HTTPS to be a ranking factor. If a website exclusively uses the HTTPS-protocol it may gain a slight boost to their Google rating. This means that HTTPS is only a weak ranking factor.

What is HTTPS?

HTTPS is, just like the HTTP protocol, a communications protocol for transmitting data over the internet. The difference between HTTPS and HTTP is the encrypted and eavesdrop-proof transmission of data using SSL/TLS – which is itself an encryption protocol.

Remember: HTTPS = HTTP + SSL/TLS

Without encryption, all data transmitted over the internet can be looked at in plain text and is in danger of being manipulated or changed by third parties. If webmasters use a so-called SSL-certificate to enable access to their website via HTTPS, all communication and interactions on the website are encrypted before being transmitted.

How to spot a HTTPS-encrypted connection in the webbrowser

Usually you can spot a HTTPS encrypted connection by looking at the address bar where you can see a lock symbol, a green mark as well as the written out protocol version “HTTPS”.

HTTP vs. HTTPS in der Adresszeile des Internet Explorers

The above screenshot shows the domains of two banks., the Santander Consumer Bank and, the “Deutsche Bank”.

  • When opening the domain, the user is being send to the URL – which is not encrypted.
  • When opening the domain, the user is being send to the URL – a secure connection.

What does the HTTPS Ranking Factor Update come down to?

The HTTPS Ranking Factor Update is its own algorithm and not, for example, part of the Google Panda Updates. The algorithm is applied to Google’s existing Search Index, or the indexed data for a domain, and works on a per-URL basis.

John Müller von Google weißt auf die Arbeitsweise des Algorithmus hin

To make a website available through the HTTPS-protocol, you have to use a so-called SSL-certificate. Here you need to pay attention to use a certificate with 2048-Bit-encryption (or better).

The SSL-certificate has to also be issued by a accredited certification authority (also called CA). Google does not, for the most part, care if the certificate validates just one domain or an entire organisation.

Very Important: The web browser has to be able to validate the certificate in use. If a warning is returned, it is also a negative signal for Google and the HTTPS ranking factor will not be administered.

Examples of SSL certificates that do not validate in the webbrowser

Two SSL certificates that do not validate

In both cases above the SSL certificate does not validate in the web browser. In this case, Google will not consider the HTTPS connection for a ranking boost.

  • Marked in red: A self-signed SSL certificate whose identity cannot be confirmed.
  • Marked in yellow: An SSL certificate validated by a CA. Its identity is confirmed. However, not all resources are being transmitted over a secure connection, which means that a potential safety issue exists. The web browser does not validate this certificate.

SSL Ranking-Signal: SISTRIX requests clarification and Google’s John Müller answers

SSL: Does Google take into account, which type of ssl cert is being used? E.g. self-signed, domain or organisation validation. What about “free” ssl certs? Are they any good? Is there any “weight” given according to the new soft ranking signal?– Rene Dhemant, SISTRIX

– Rene Dhemant, SISTRIX

Video explanation by John Müller / Google on this topic

Additional information about this topic was also provided by John Müller in a different Google Webmaster Hangout:

If a website has no 301-redirect set up and can be reached through both HTTP and HTTPS, where the encrypted connection does not validate in the browser, then Google will crawl and index the HTTP version.

Additional Information About This Topic: