Google says it's already rewarding sites that use HTTPS with a slightly higher ranking in internet searches — but it may be cranking up that weighting to stimulate further adoption of the secure comms protocol.
The company has been running trials over the past few months to test the use of secure, encrypted connections as a signal in search ranking algorithms.
"We've seen positive results, so we're starting to use HTTPS as a ranking signal," Google webmaster trends analysts Zineb Ait Bahajji and Gary Illyes wrote in a blog.
"For now it's only a very lightweight signal — affecting fewer than one percent of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS.
"But over time, we may decide to strengthen it, because we'd like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web."
Google said it will be publishing detailed best practices in the next few weeks to avoid common mistakes and make it easier to implement HTTPS, also known as HTTP over TLS, which stands for the Transport Layer Security cryptographic protocol.
Bahajji and Illyes listed seven tips to help websites make the transition to HTTPS. Advice includes choosing between a single, multi-domain, or wildcard certificate, using 2,048-bit key certificates, employing relative URLs for resources that reside on the same secure domain, and protocol-relative URLs for all other domains.
They also suggest allowing indexing of the sites' pages by search engines where possible, and avoiding the noindex robots meta tag and any block on your HTTPS site from crawling using robots.txt.
Websites that are already serving on HTTPS can test their security level and configuration with the Qualys Lab tool, according to the Google blogpost.
The signs that Google is making a concerted effort to encourage HTTPS uptake have been evident for several years. In January 2010 it announced default HTTPS access for Gmail, and in November 2011 it enabled forward secrecy by default.
In April, reports suggested Google was considering giving a boost in its search-engine results to websites that use encryption, but the company said it had nothing to announce at that time.
Then at the Google I/O 2014 conference in June, Google web performance engineer and developer advocate Ilya Grigorik and webmaster trends analyst Pierre Far delivered a session entitled 'HTTPS everywhere'.
More on Google