After spending the last few years adding hypertext transfer protocol secure encryption (HTTPS) to its portfolio of sites, Google now wants to spur the rest of the internet into action.

The search engine has announced that it is now incorporating HTTPS as a ranking signal, which means that if your site is not currently supporting this secure communication protocol then you could be penalised.

While Google has said the signal is fairly lightweight at present, affecting less than 1% of global queries, there is a good chance that it could become a more important ranking factor if it views the rate of HTTPS uptake as insufficient.

Some may argue that HTTPS or HTTP Secure is not technically a protocol as it only layers HTTP over the top of SSL/TLS protocol, but it has been shown to prevent most wiretapping and man-in-the-middle attacks.


That being said, like any modern security method, it was likely only to be a matter of time before hackers get their mitts on the secure communications technology in an attempt to break its encryption.

Last year a technique called BREACH (browser reconnaissance and exfiltration via adaptive compression of hypertext) let people dig out login tokens, session ID numbers and other sensitive information from SSL/TLS.

Google will be hoping that its stipulation for 2048-bit key certificates proves to be a high enough level of encryption to halt these nefarious techniques. It has also added several other requirements such as relative URLs for resources on the same secure domain.

If you are already using HTTPS, Google recommends that you use the Qualys Lab to check the security level and configuration of your website.