DigiCert believes that communication should be secure; always, and by default. And the official word from Google is “ALL.” On August 6, Google announced that it will begin to give a ranking boost to SSL-secured websites. This means that SSL Certificates are now a ranking factor in Google’s online search algorithm.
HTTPS everywhere, Google’s Ilya Grigorik and Pierre Far have said, is critical to ongoing online security and data privacy.
When administrators choose not to encrypt all users web traffic, it can give bad actors a great amount of insight into users’ online habits and can pose a serious online data privacy risk.
“We’re also working to make the Internet safer more broadly… We hope to see more websites using HTTPS in the future.”
– Google Online Security Blog
Using Always-On SSL (AOSSL) gives users a constant, secure connection—regardless of where a user is on a site or how they interact with online information. HTTPS everywhere ensures enhanced security the entire time the user is online, instead of just on login or checkout pages. Using SSL Certificates, website administrators can take a more proactive role in protecting user privacy by encrypting any user action even when the user may be on an unsecured public WiFi connection.
Tips for Administrators Switching to SSL Everywhere
- Decide the kind of certificate you need: single, multi-domain, or wildcard certificate.
- Use 2048-bit key certificates.
- Use relative URLs for resources that reside on the same secure domain.
- Use protocol-relative URLs for all other domains.
- Don’t block your HTTPS site from crawling using robots.txt.
- Allow search engines to index your pages where possible. Avoid the noindex robots meta tag.
- Use HTTP Strict Transport Security (HSTS) to reduce the need of 301 redirects after a move to HTTPS.
An update to Google webmaster tools has improved reporting for HTTPS websites and Google has also made additional resources available to help administrators transition their sites to use HTTPS everywhere.
Administrators can enable HTTP Strict Transport Security (HSTS) to help browsers remember the HTTPS setting without the need for constantly going through a 301 redirect. This improves site performance after switching from HTTP to HTTPS.
Using EV SSL Certificates for HTTPS everywhere also helps enhance user experience by giving users the green bar visual trust indicator that they’re on a secured site and that their data is being protected from bad actors.
Protection and Performance from Always-On SSL
Improvements in server computing power have reduced the implication of the extra processing power required to enable SSL on websites. The extra time to establish a secure connection is nearly impossible to detect by web users.
Additionally, Certificate Authorities (CAs) are required to keep track of the SSL Certificates status and report the status of a certificate any time a connection is made to a secure site. DigiCert has one of the fastest certificate reporting systems in the SSL industry and OSCP response speed for all of our customers are nearly 4x faster than most competitors. Partnering with DigiCert for enterprise certificate management ensures exceptional performance for secured websites.
With HTTPS being used everywhere, users always remain safe and secured by a verified SSL Certificate. And by giving sites using SSL encryption a boost in Google rankings, the HTTPS everywhere initiative will encourage more website administrators and enterprises to switch to using HTTPS and Always-On SSL in order to keep user online data safe on the web.