In August 2014, Google announced that it would start using HTTPS as a ranking factor within the organic Search results so websites using secure servers would benefit from a small ranking boost. This move from Google signalled its desire to reward websites which provided a more secure experience for users. It was unlikely that Google would stop at just rewarding websites that are using HTTPS and in December 2014 developers at Google Chrome discussed design ideas to warn users every time they visit an unsecure HTTP website.
What’s clear is that Google is set on improving web standards and one part of that is moving the whole web towards HTTPS. In 2014 we saw Google rewarding websites using HTTPS but in 2015 we will see Google going one step further by taking punitive action against websites using HTTP.
Why does Google want websites to use HTTPS?
In Google’s August announcement, Google stated that security is a top priority which is why it adopted HTTPS across its services so that people using Search, Gmail and Google Drive, automatically have a secure connection. It went on to say that beyond its own services, it is “working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure”. So Google has been making its own services more secure and are keen to ensure that the sites it is sending traffic to are also secure.
The reason for this is that hackers and government agencies have in the past abused insecure connections to steal data and spy on people. When websites move to HTTPS, data is encrypted between the user and the website so the user has security and privacy. It’s no secret that Google was outraged by the alleged NSA hacking of its data and Google quickly responded to that by moving its services to HTTPS.
How are people responding to HTTPS?
The vast majority of online security experts agree that it would be a good thing for HTTPS to become the standard as it will improve security, for users and the internet as a whole. It’s important to be aware however that HTTPS does not guarantee that a website is secure, as the heartbleed vulnerability in Open SSL demonstrated.
Although there has been a generally positive response to Google pushing HTTPS, Yahoo and Bing have not followed Google’s lead in awarding a ranking boost for websites that use HTTPS. Additionally there is no suggestion that FireFox and Internet Explorer considering marking HTTP websites as non-secure within their browsers, so for the time being it’s very much Google who is the driving force behind the move to HTTPS.
How much of the web is using HTTPS?
According to Google, only 10% of web pages globally are HTTPS, however this number is growing and of the top 300k websites globally, the adoption of HTTPS over the last two years has grown over 300% from 4% to 13% and many expect it to grow by a much higher rate in 2015.
While the rate of adoption of HTTPS is still relatively low, businesses should now be considering using HTTPS for all the content on their websites as it is fast becoming a global standard.
What to consider before moving to HTTPS?
Google has compiled very thorough guidelines and best practices for moving to HTTPS which can be accessed here. Some businesses made the move to HTTPS too quickly after Google’s announcement in August and experienced CMS issues when moving to HTTPS (there are known issues for Magento and WordPress sites) so it’s important that the switch is only done after rigorous testing and once redirects are in place. For businesses already using HTTPS, they need to check whether this is being used across the whole domain or just on specific pages where sensitive data is transmitted. Google has stated that it wants websites to use HTTPS across all the content on the domain, not just on checkout or login pages.
So the web is moving towards HTTPS with Google being the driving force behind this. It’s really not a question of if you need to move to HTTPS but when you will move to HTTPS. Google will make it happen by rewarding sites using HTTPS and eventually penalising sites not using it – they adopted a similar approach with mobile accessibility and it worked in improving mobile standards across the web.