Reportedly, around 0.5% of security certificates on the web are broken, meaning that users are potentially clicking on web pages they believe to be secure – as they are HTTPS web pages – which actually aren’t. An HTTPS web page can potentially not be secure for a number of reasons, including third-party content, and the reasons may not be directly related to your site.
As a result of this, Gary Illyes has said that he is experimenting with flagging these broken security certificates in the search results, before the user clicks on the link – as reported by Search Engine Land.
Whilst this is still an experiment only, and it is unclear to what extent a site must be broken before this warning is flagged, it serves as a reminder to keep your site as safe and secure as possible for users. After all, there is a small rankings boost for secure sites.
Following Google’s advice, you should consider these tips for making your site more secure:
• Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
• Use 2048-bit key certificates
• Use relative URLs for resources that reside on the same secure domain
• Use protocol relative URLs for all other domains
• Check out our Site move article for more guidelines on how to change your website’s address
• Don’t block your HTTPS site from crawling using robots.txt
• Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.
Google also said “If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.”
If you would like more help and advice regarding security or your search marketing campaign, talk to somebody at Search Marketing Group today.