Google has never taken user security for granted. Thus, websites serving HTTPS pages instead of HTTP were given a slight ranking boost in 2014.
However Google has not stopped there as they have been pushing hard for the more secure HTTPS protocol to be used everywhere.
The next step they took in this process was to prioritize the indexation of HTTPS pages:
We’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalent of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL if:
- It doesn’t contain insecure dependencies.
- It isn’t blocked from crawling by robots.txt.
- It doesn’t redirect users to or through an insecure HTTP page.
- It doesn’t have a rel=”canonical” link to the HTTP page.
- It doesn’t contain a noindex robots meta tag.
- It doesn’t have on-host outlinks to HTTP URLs.
- The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL.
- The server has a valid TLS certificate.
So basically, if you have both an HTTP and an HTTPS version of a certain page on your website, Google will index the HTTPS version by default.
The search engine giant is becoming more and more strict with their HTTPS policy so I won’t be surprised if, sooner or later, they start giving a bigger rankings boost to HTTPS pages. As usual, we’ll have to wait and see.