Will my site’s ranking be hurt if I use HTTPS instead of HTTP?

Will my site’s ranking be hurt if I use HTTPS instead of HTTP?


Today we have a question from
Gary Tamas in Zurich. Gary wants to know, by design,
HTTPS is slower than HTTP. Considering Google’s focus on
speed, does that mean my site will be penalized if
I switch to HTTPS? No, I wouldn’t worry
about that. In fact, it can be a very
good idea to switch your site to HTTPS. HTTPS, or SSL, is a secure
version of HTTP that encrypts things between your browser
and the web server. So that keeps your boss, or your
ISP, or your government from snooping on whatever is
happening on that connection, unless they can do some crazy
Mission Impossible, man-in-the-middle attack. And those are relatively rare. But let’s get back
to the question. By design, HTTPS is
slower than HTTP. So there is a certain amount
of encryption overhead that has to happen because
HTTPS is encrypted. But there’s a lot of unnecessary
slowness. So a lot of the people on the
Google Chrome team have been working on different
protocols. SPDY is one. And also, I think False Start
might be the name of another one, where instead of having to
set up the connection, and then have an acknowledgment, and
set up the connection in order to be able to send the
data in encrypted ways, you could just send the data as
encrypted immediately. And so there’s a lot of work
ongoing to sort of say, OK, people haven’t really paid
attention to how to make SSL or how to make HTTPS fast. And
it turns out there’s a lot of low hanging fruit there. And some of it might be a fair
amount of work, but it’s probably worth doing. So I would not worry about
being penalized. Only like one in 100 searches,
which means one in 1,000 websites, is so low on page
speed, that it actually affects its ranking, whereas
HTTPS can be a really good thing for users. So if you do a search for
Paypal, for example, you’ll see that they use the
HTTPS version. We’ve looked through our
indexing code, and we’ve tried to make sure that any time where
someone might want to use an HTTPS version of their
site, they won’t be disadvantaged. We’re going to continue to be
looking through that, making sure that everything should
run smoothly on our side. So if you’re thinking about
starting your site and you want it to be secure from the
beginning, it’s not a bad time to go ahead and make
that switch. And then we’ll keep looking for
ways to make HTTPS even faster, share best practices,
look at ways that we can do like mod_pagespeed, which was
an Apache plug-in that basically will make
everything faster. And then there’s also a page
speed service that we’ve just recently started to roll out
that will actually– when someone comes to your
content, you’ve set your DNS to be handled by Google. And Google can rewrite all the
inline images, and minify the JavaScript, and all the stuff
for you to where you might save 25% to 60% of the time just
by handling page speed. So we’re going to keep trying
to make HTTPS faster. We’re going to try to keep
making the web faster. And hopefully, you’ll come along
with us for the ride.

Author: Kevin Mason

3 thoughts on “Will my site’s ranking be hurt if I use HTTPS instead of HTTP?

  1. Your idiocy showcases with 2 statements. a) Manipulating the JavaScript and b) Making certificates free. (a) JavaScript runs only on the client-side, in some cases, it sends data via AJAX to the server, however, on it's own, there is no way for anyone to manipulate JavaScript to do anything malicious unless the machine is infected with a virus. (b) If you make SSL certificates free, then you open yourself to a whole world of hurt from people who scam others and fish for banking/credit card info

  2. Compromised computers can mean both hacked PCs and viruses, and the cost of a certificate has nothing to do with level of security – please do not message me again about this.

  3. So, in your world, someone could get a free certificate. Register a .com name, and start selling viagra online taking credit cards. People would think it's secure because of the SSL certificate, but would actually give their details to a crook? Or how about a phising site that pretends to be your bank, SSL would be enabled and the certificate would be valid. And spammers/crooks could push THOUSANDS of websites online for $0 cost to them? Nope. I'd rather pay for SSL certificate thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *