On August 6, 2014, Google announced that their search engine has started to use “HTTPS as a ranking signal.”
Google is saying that if your website uses a secure connection to the user’s browser, this will have a positive effect on your site’s rankings in Google’s search results. The announcement was picked up in the mainstream media including the BBC and the Wall Street Journal.
If you are concerned about search rankings and SEO, then you need to understand how to respond to this new development. We are providing this FAQ on HTTPS to help you navigate this issue.
Paul Hill, one of the Senior Consultants at SystemExperts Corporation and an expert in online security gave us some great information. We’ve paraphrased Paul’s answers below for brevity but if you’d like to dig deeper, Paul certainly knows his subject matter and we suggest you reach out to him and his team.
Website HTTPS FAQ
Q: How much of an impact will setting up HTTPS connections have on my rankings?
A: It’s hard to say exactly. Google has disclosed that HTTPS is not weighted as heavily as some other signals, at least for the time being. Still, given that it’s fairly straightforward, not too costly, and a good idea anyway – which is why Google is pushing it – we urge you to strongly consider it.
Q: What will it take for me to set up my website to require HTTPS connections?
A: All popular web server software has the capability of encrypting its traffic. Encrypting the traffic requires installing a X.509 certificate and configuring the web server.
Q: How much does an X.509 certificate cost?
A: The cost varies by Certificate Authority (CA) that issues the certificate. Certificates expire, so you generally pay a year or more. Typically, the cost of a certificate for a year ranges from $30 to $850. You can save money and hassle by buying a certificate good for two or more years.
Q: Why the huge cost variations? Should I buy a more expensive X.509 certificate?
A: Some certificates require more rigorous validation. Unless your site provides online banking or a similar service, save your money and base your selection on price, reputation and browser compatibility.
Q: Where can I get a certificate?
A: If your website is hosted by a commercial hosting service like Hostgator or Bluehost, you can buy the certificate through them. They can generally set up the certificate in your account for you, saving you time and trouble. If you host your website yourself, then you’ll need to contact a Certificate Authority. The CAs shown here are well-recognized, and the page shows what browsers will recognize the certificate.
Q: Can I get a free X.509 certificate?
A: There are free certificates but they will often display error messages to your website visitors. Aside from contributing to a poor user experience, this is not going to help your rankings and could in fact hurt them. We recommend staying away from free certificates.
Q: My site has several DNS subdomains, for example, www.mycompany.com and blog.mycompany.com. Can one certificate cover all of my subdomains?
A: You should look into a “wildcard” certificate. It will probably save you money and it will definitely make implementation and configuration easier. However, not all CAs sell wildcard certificates.
Q: Will setting up a certificate and encrypting the traffic affect page load times and overall performance of my website on people’s browsers?
A: Yes, but not significantly. While encrypting / decrypting communications always adds some overhead, the technology has progressed to the point where it’s virtually unnoticeable. When Google Gmail switched to using HTTPS in January of 2010, the average impact was less than 1% of CPU load, less than 10 KB of memory per connection, and less than 2% of network overhead.
Q: What about browser and platform compatibility? Will my pages still load properly on tablets and mobile devices, for example?
A: The vast majority of browsers and devices in use today are compatible with secure traffic. Any user that would have trouble accessing your site via HTTPS would also have trouble with online banking or shopping.
Q: Where can I get more technical information on this topic?
A: The National Institute of Technical Standards publishes NIST Special Publication 800-52r1, titled “Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations“.