One of the necessary evils of website ownership is understanding at least a little bit about search engine optimization - SEO for short. Poor practices could make your site fall into the virtual abyss, while good practices can have the opposite effect: Search engines could begin favoring you. While no one outside of these search engine companies understand the "perfect" SEO implementation, some of them do throw us a bone or two on occasion.
Google in particular doesn't mind helping people understand the basics, because it doesn't want us to be misinformed, or for innocent SEO optimizers to do more harm than good. So it's of little surprise, then, that the company is being completely up-front about soon favoring websites that use secure transmissions by default - HTTPS, in particular.
Websites that implement HTTPS encrypt the data your browser requests before it's transmitted; it's then your browser's task to decrypt it so that you can see it. While HTTPS is very common Web-wide, it's most heavily used for username / password logins, forms that contain sensitive data, and any other page that contains data that under no circumstance should be transmitted in plain text. You might notice that your bank's website, for example, might not reflect HTTPS until you actually log in and do your banking. Understandably, the information found on a banking homepage is non-sensitive, so encrypting that data might not be too important to the company, or the user for that matter.
For Google to favor websites that default to HTTPS is a big deal, because most people don't think to implement HTTPS outside of those sensitive pages mentioned above. This move isn't just about passwords - it's also about protecting users from prying eyes (read: the likes of the NSA).
While I believe site-wide HTTPS is a great thing for users, there might be some small repercussions for website owners, such as the added processing power that's required. If the entire site's content is encrypted, that would include images, and for busier sites, that might mean that the server CPUs will be forced to work a little harder. In the end though, this is for the greater good.
To help webmasters get started, Google has laid out a couple of tips:
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
- Use 2048-bit key certificates
- Use relative URLs for resources that reside on the same secure domain
- Use protocol relative URLs for all other domains
- Don’t block your HTTPS site from crawling using robots.txt
- Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag
Google admits that HTTPS' weight in ranking sites is somewhat low at the moment; high-quality content is still the most important factor. However, the company does say that in time, it might choose to increase the effectiveness HTTPS has on ranking. Given that HTTPS is a good thing overall, it wouldn't be surprising to see other search engines follow suit down-the-road, as well.