Google’s HTTPS algorithm still only looks at the URL to give ranking boost



In August 2014, Google launched their HTTPS ranking boost, where it would give sites that served up their pages on HTTPS a small ranking boost. But did you know that the only signal Google uses to determine if you should get that ranking boost is the first five characters of the URL, the “https” portion?

Google does not look to ensure the certificate is valid or determine if the page has insecure content on the page or give you any of the typical browser warnings you’d get if the page is really not secure. Google will give the ranking boost solely based on the URL, starting with HTTPS.

Gary Illyes, the Googler who wrote the HTTPS ranking boost signal, told us this in part two of our interview with him. He said the HTTPS signal,”basically looking at the first five characters in front of the URL, and if it’s HTTPS and it managed to get in the search results and it will get a minimal boost.”

He added that they were thinking of adding “tons of things” but decided not to and focused more on site migrations and making sure sites were easily able to migrate to HTTPS, and Google was able to pick up on those changes. In fact, Illyes added that Google recently “deployed quite a few fixes for a site [that] moves to HTTPS.” He wouldn’t share what changes, but said it was based on some sites having issues with Google during the migration.

Here is the audio file:

Here is the transcript:

Barry Schwartz: So what’s with HTTPS?

Gary Illyes: What’s up with that?

Barry Schwartz: Is that machine learning-based? Just kidding.

Garry Illyes: No, it’s based on the first one, two, three, four… five characters.

Barry Schwartz: And you haven’t change anything? You’re not looking at certificates, are they valid?

Gary Illyes: It’s basically looking at the first five characters in front of the URL, and if it’s HTTPS and it managed to get in the search results and it will get a minimal boost.

Barry Schwartz: But I thought you guys are going to add in factors like if it’s actually a real certificate…

Gary Illyes: So we were thinking about adding tons of things. But eventually. I had lots of long discussions about this with ranking leads, and eventually, we decided that like the … ranking was just cool, the initial ranking boost.

But if we are not showing the right URL in the results, then we have a different problem, basically. We either have a retrieval problem or an indexing problem, for like I don’t know, if an HTTPS URL shows up with mixed content, like active mixed content, like HTTPS scripts for example. Then that would be bad, but that would be an indexing issue, not a ranking issue. If we have a dupe cluster of which two URLs and two were the same URL, but one was HTTP and the other was HTTPS. And for whatever reason the HTTPS is not winning the dupe cluster is suddenly becoming canonical, and then we have an indexing problem.

And the suggestion of the leads was that we should try to fix these problems and then make sure that site moves, like basically, when sites move to HTTPS that goes well and fix those cases and then like it should just work well, and that’s what we are focusing on.

Recently, we had been deployed quite a few fixes for a site moves to HTTPS.

… I know quite a few sites, for which moving HTTPS was like a breeze. It didn’t cause any issues; I think Yelp even posted a really nice article about this.

Barry Schwartz: Wired commented that they had some issues, and they had to pull back and then go back and go forward.

Gary Illyes: … Yeah, I was in touch with them. … It was interesting.

Barry Schwartz: You want to tell us what those issues were, or [would] you rather not?

Gary Illyes: I can’t, because it’s a third-party site. It isn’t not my site, so I will not talk about it. There were problems on both sides.

You can learn more about the HTTPS ranking signal in our FAQ document.

Note: This article was pre-written and scheduled to be published today.