HTTPS as a ranking factor in Google

In august last year, Google announced that HTTPS (SSL) website protocols would be used as a ranking factor. Although the weight placed on secure websites as a ranking factor is small, some experts have speculated that in the future it would be a more weighted algorithm factor.

Google’s goal is to lead the way with “HTTPS everywhere”, which, is a project designed to make the web a safer place. By encouraging webmasters and businesses to secure their websites, they help to combat the growing level of website data theft, security compromises and more.

By integrating SSL with any website, the transmission of data and website objects / media becomes much safer due to the level of encryption involved. By encrypting the transmission of data, Google aims to help users browse in a more secure fashion whilst providing a stable and secure environment for people to use websites to shop, transmit information and more.

The added bonus of it being an “SEO” factor helps to encourage more webmasters, businesses and website owners into using SSL, however, it is likely to take a long time for this to really take off. More weight should be allocated to it for a ranking factor to speed up the webs transition onto SSL.

Google has been working on best practices for webmasters, some of the things they advise include:

    • Prior to purchasing a certificate, decide which certificate best fits your websites needs (do you require a single, multi-domain or wildcard certificate?)


    • Choose a higher level of encryption (2048 bit is advised over 1024 bit)


    • Ensure your websites source code uses “relative” resource references, i.e., when referencing other pages in the website, refer from top level folders and not domain i.e. /my-page/thank-you.html instead of


    • Ensure that robots.txt is not blocking HTTPS or parts of the website file structure that need to be available for a smooth transition from http to https.


    • Avoid using the noindex robots meta tag, ensure the website is crawlable and re-configure the robots.txt at HTTPS level.
    • Ensure 301 re-directs are in place, re-direct the entire site structure page by page, do not 301 everything to a single page, mimic the website structure.


    • * in IIS, you can set a rule in the web.config file to re-direct all requests at root level, meaning that all the re-directs are automatic from http to https.

It is worth noting that the transition from HTTP to HTTPS has to be done carefully, ensure prior to implementing the certificates and starting the migration that everything is in place to prevent any issues.


Using SSL scores brownie points in many areas, however, SSL isn’t without its pitfalls. The use of SSL means that files / media and website code has to be encrypted and decrypted, this actually slows down website performance and can increase the load on the server where the website is hosted.

This can actually conflict with another ranking factor (Website loading speed). If a websites performance becomes poor, it can suffer from “Poor user experience” which is an increasingly important metric that webmasters are trying to cater for.

Also, be careful to avoid “cheap” SSL certificates that offer a lower encryption level (128 bit). These do not offer the same level of protection and coupled with reduced website performance can actually make things worse.


    • Here are some generic, top level instructions for completing a HTTP to HTTPS migration:


      • 1. Acquire your certificate from your hosting provider or a dedicated SSL provider, ensure the certificate is at least 2048 bits.
      • 2. Once the certificate is installed or mapped to the server prepare the website before allowing the HTTPS protocol to be available.
      • 3. Check all of your websites source code for code, scripts and resources that uses internal HTTP references, if possible, convert all file and folder references from the top level website folder and not from the domain.
      • 4. Any external HTTP references, check if they offer an SSL protocol as part of a CDN or script delivery.
      • 5. Ensure your website configuration and robots.txt isn’t blocking any important files / folders or HTTPS references.
      • 6. Ensure you have server level re-directs in place, or, re-direct mapping from non http to https for each URL, DO NOT CHANGE THE WEBSITE FILE STRUCTURE.
      • 7. Go live with the HTTPS protocol, and ensure that any non HTTPS URL’s 301 permanent re-direct to the HTTPS counterpart.
      • 8. Generate a new XML sitemap with HTTPS references and re-configure the robots.txt file.

Because the protocol is changing from HTTP to HTTPS, there is no need to change anything in Google webmaster tools, Google will automatically update the website index. This can take anywhere from 1 week to 3 months depending on the website size. Unfortunately, ranking fluctuation is commonplace initially but does rectify itself providing the transition is smooth.


      • If you are implementing SSL, it might be worth giving these tools a try to test your implementation and to test the end results.


      • The

Qualys SSL Labs

      •  tool tests your SSL configuration and scores on performance, very useful to see how effective the SSL implementation has been and how secure the website is.


      • Here is some more information from

Google Webmaster Central

      •  about HTTPS.

Web Config ISS Configuration for HTTP to HTTPS

      • Use the code below to mass re-direct HTTP to HTTPS on the IIS platform (IIS7 onwards).

<rule name=”non-HTTPS” stopProcessing=”true”>
<match url=”^com/owa(.*)” negate=”true” />
<add input=”{HTTPS}” pattern=”Off” />
<action type=”Redirect” url=”https://{HTTP_HOST}{REQUEST_URI}” />


Share :