Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Google Boosting HTTPS Pages in Search Results

Google is adjusting its indexing system to crawl HTTPS pages in favor of their HTTP equivalents, the Internet giant announced on Thursday.

Google is adjusting its indexing system to crawl HTTPS pages in favor of their HTTP equivalents, the Internet giant announced on Thursday.

The move is meant to further promote the use of the HTTPS protocol, which should result in increased user security, the company notes in a blog post. Google also explained that it will start crawling HTTPS equivalents of HTTP web pages, even when the former are not linked to from any page.

The announcement follows last year’s adjustment in Google’s indexing system, which gave HTTPS pages a bump in rankings. By promoting HTTPS pages, the company shows its commitment towards making the web browsing a more private experience, and “not subject to eavesdropping, man-in-the-middle attacks, or data modification.”

The company has already implemented the security protocol in many of its services, including Gmail, Google, and YouTube, and the new change is expected to determine more website owners to follow suite. However, the change won’t affect domains that have only HTTP pages, it appears.

The company will favor HTTPS URLs instead of HTTP ones from the same domain only if they do not contain insecure dependencies, are not blocked from crawling by robots.txt, and do not redirect users to or through an insecure HTTP page. Additionally, HTTPS pages should not have a rel=”canonical” link to the HTTP page and should not contain a noindex robots meta tag, Google said.

Google also explains that HTTPS pages will be indexed if they do not have on-host outlinks to HTTP URLs and if the server has a valid TLS certificate. Another condition that these pages should meet is that sitemaps list the HTTPS URL, or doesn’t list the HTTP version of the URL.

Domain owners also looking to boost HTTPS pages can set their HTTP URLs to redirect to their HTTPS version and can implement the HSTS header on their server, which will determine other search engines to index the more secure page equivalents.

Advertisement. Scroll to continue reading.

“We’re excited about taking another step forward in making the web more secure. By showing users HTTPS pages in our search results, we’re hoping to decrease the risk for users to browse a website over an insecure connection and making themselves vulnerable to content injection attacks,” Google’s Zineb Ait Bahajji wrote.

In the wake of fast-evolving online threats and attacks on user privacy, many tech companies have joined forces to make the Internet a safer place. One of the most recent examples is Let’s Encrypt, the free and open certificate authority (CA) focused on making it even easier for websites to adopt the HTTPS encryption, and which entered public beta earlier this month.

The initiative was proposed by the Electronic Frontier Foundation (EFF), but has received support from a variety of organizations and tech companies, including Mozilla, Cisco, Akamai, Automattic, the University of Michigan, IdenhTrust, and the Linux Foundation, which revealed in April of this year that it would host the project.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...