Google now using HTTPS as a ranking signal

[Anthony Parsons]

Already use it

Ditto... have for about 4 years now.

 

[Mike Edge]

Dang those certificates are expensive..

Free is expensive these days https://www.startssl.com/

 

[Null]

Whilst this is awesome, it's going to piss off a hell of a lot of web hosts.

IPv4 addresses are already a commodity, and it's getting to the point where even big hosts are having trouble getting enough justification for larger IP pools. With dedicated SSL certificates, every domain's going to be needing it's own IP address.

The world needs to hurry up and adopt IPv6!

http://en.m.wikipedia.org/wiki/Server_Name_Indication

This allows a server to present multiple certificates on the same IP address and port number and hence allows multiple secure (HTTPS) websites (or any other Service over TLS) to be served off the same IP address without requiring all those sites to use the same certificate.

 

[x3sphere]

I played with this a few weeks ago and after I made sure every URL is protocol agnostic in preparation for such a switch I constantly ran into outside content/scripts to break the SSL. We rely on adsense/DFP/Other networks banner ads for revenue. Lots of those campaigns and lots of ad agencies we deal with are not ready for SSL.

I aborted the switchover for that reason. Will wait a few more month and attempt again. But if my google ranking could get improved I may look at this sooner then later.

--
In addition SSL is the foundation for SPDY and SPDY does make sites faster. Safari will soon support it as the last major browser.

Same reason we haven't went full SSL yet. Hoping this push by Google gets more ad providers to support HTTPS soon. I have been wanting to make the switch for awhile.

 

[rdn]

You don't need to set any redirect changing from http to https... you simply force https and that is enough. http to https is actually not a domain change, as http is not considered part of your domain name structure. http / https / ftp / so forth, are web protocols.

You still need to redirect all request to https version.
And that is still 301 redirect as far as I understand.

 

[nodle]

Looks like Cloudflare is looking into it. Looks like they may be even rolling it out for all customers for free!

http://blog.cloudflare.com/google-n...-cloudflare-on-track-to-make-it-free-and-easy

 

[Anthony Parsons]

You can actually feed Google both http and https, its called canonicalisation. Google will pick the best one, BUT, you then leave it to Google to choose. I would never recommend leaving it to Google, but Google do actually do it quite well without any issue. The same as they handle slashes under canonicalisation. Technically adding a slant is a different domain, thus they use canonicalisation to determine the optimal URL cached, identical to www or non-www.

It would depend on how you go about things... normally you just redirect the port, being the simplest way. Anything requesting port 80 gets redirected to port 443. Not really a 301, but it is a redirect of sorts. Again... the designator isn't actually part of a domain name, thus 301 is not really the right way to do it as a 301 uses the domain name, when http to https is a port redirect, not a URL redirect.

 

[dawg]

Couldn't care less.

Won't be switching my site to https any time soon.

Next it will be domains using google dns.

Then sites using google email addressees with G+ integraton enabled.

Then sites hosted completely by google using google proprietary forum software.

And so on.

I'm with you Brogan i could care less.

 

[Anthony Parsons]

Looks like Cloudflare is looking into it. Looks like they may be even rolling it out for all customers for free!

Pretty smart IMHO... considering Google state it means little right now, giving everyone time to start thinking about change... then state, later it may weight more delivering secure websites to users over non-secure. That later thing sticks in my head.

Thinking about this, it could be the coincidence I was looking for in relation to just adding Adsense... in that my site is https and the new 200+ daily traffic is due to the minor factor being given, already using https???

 

[Anthony Parsons]

I'm with you Brogan i could care less.

I think some advantages matter nowadays, considering the constant injection of new sites flooding every niche, all fighting for prominence.

People worrying about meta data and such nonsense... absolute waste of time. But when Google clearly gives you notice that they want to deliver their searchers secure websites over non-secure... it will give you an instant edge over everyone in your niche who isn't secure.

 

[rdn]

I still recommend forcing every request to https where you can speed up your forum using SPDY

 

[rdn]

Having your site on https has two great advantage, SEO for Google and SPDY for speed.
Thanks to @eva2000 for all his article and tutorials.

 

[dawg]

Having your site on https has two great advantage, SEO for Google and SPDY for speed.
Thanks to @eva2000 for all his article and tutorials.

Are you 100% positive you are not a Google employee?

 

[rdn]

Are you 100% positive you are not a Google employee? :wink:

Not sure what you mean by that

 

[dawg]

Not sure what you mean by that

Well google is forcing https and they created spdy. So...
lol

 

[rdn]

But they are not forcing SPDY
But it's very nice to have

 

[eva2000]

Well google is forcing https and they created spdy. So...
lol

question is why not use SPDY SSL - I wrote about the benefits here http://centminmod.com/nginx_configure_https_ssl_spdy.html and you can visually see the difference between SPDY SSL vs non-SPDY SSL for my World Flags demo SSL https://spdy.centminmod.com/spdytest.html

then once everyone dumps IE <8 browsers, then ECC 256 Bit SSL certificates can become a reality too https://sslspdy.com/

 

[TheBigK]

Okay, can someone clarify with authority that http -> https does not require 301 redirects? If it's 301 redirect, I'm going to let my site run on http. But if it's certainly NOT a 301 redirect, I'm all game for the https thingy.

Also, can someone quickly put up an article that shows how to migrate xenforo from http to https?

Update:

Just had a chat with the ssls.com representative and they said you will have to setup a 301 redirect to migrate your site from http to https.

 

[Floyd R Turbo]

@TheBigK not for me, this is what I use in .htaccess

#redirect http to https
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.mysite.com/$1 [R,L]

 

[rdn]

Just had a chat with the ssls.com representative and they said you will have to setup a 301 redirect to migrate your site from http to https.

Then what's wrong with that?