An interesting post appeared yesterday in the official Google Online Security and Webmaster Central blogs which confirms that in an effort to "make the Internet safer" it has been testing a system which looks at "whether sites use secure, encrypted connections as a signal in our search ranking algorithms." This follows calls for HTTPS everywhere at the recent Google I/O a few months back.

Google says is has seen positive results, and is now actually using HTTPS as a ranking signal albeit a "very lightweight" one which only impacts <1% of queries. Nonetheless, the intention is now clear that this will be the way forward and the signal will most likely be given more weight once website owners have had fair chance to make the move from HTTP to HTTPS.

Keep an eye open for official announcements from Google in the coming weeks, including best practice advise such as using 2048-bit key certificates and relative URLs for resources that reside on the same secure domain (using protocol relative URLs for all other domains.)

Mark Sparshott, a director at security vendor Proofpoint, says "I welcome Google's move to use HTTPS as ranking signal and downgrade those sites that are not encrypting connections to their visitors but caution that the minimal scope and weighting Google are applying may not be enough of a deterrent for poor security best practice yet."

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

4 Years
Discussion Span
Last Post by Dani

As a non web designer and on top of that, not having the will to deal with web designers; was using the likes of Wix premium a safe desicion? I'm also thinking of Weebly and Squarespace here.


Ahhh Davey you beat me to it! I think this is really great news overall for the internet, its users, and most importantly user privacy.

Unfortunately I do fear that this will be the beginning of the end of websites built "just because" - ie. fan sites, hobby sites, etc. Not many of these people are going to want to pony up an additional $100+ a year for an SSL certificate plus the money for a dedicated IP to work with that SSL cert.

On the bright side it may help boost web site design and development companies sales because the average user probably won't want to spend the time buying an SSL certificate or making a self signed certificate.

@Rogerandre - all those Companies will be able to help you get an https site and walk you through the process if not do it themselves for you.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.