How to achieve HTTPS everywhere and improve Google rankings

HTTPS Everywhere

7557181168 d2969d167f o
Credit: FutUndBeidl

In August 2014 Google announced that part of its security improvement initiative would include factoring in the use of HTTPS/SSL on a website in its search algorithms. The announcement didn't generate nearly as much action/panic as the more recent "mobilegeddon" but it still got site owners moving. If you've been holding off on protecting your entire site with SSL, now's the time to take the leap, and it's never been easier.

I've been managing websites and servers for a long time now, over 15 years I'm sad to have just calculated. Like most areas of technology, HTTPS/SSL have evolved and if you're not keeping up with the latest techniques, you're probably not seeing the modern possibilities. Until recently, I knew SSL to be implemented in a certain way with certain restrictions - most notably a dedicated IP address and an SSL certificate purchased from a signing authority which is installed on your server. It turns out those restrictions are largely removed today, and I had no idea. 

Today, based on an extension to Transport Layer Security (TLS) added back in 2004, Server Name Indication (SNI) allows for multiple domain names to share an IP address and still connect to a client using HTTPS and the proper certificate. This means that with most modern browsers and web servers you no longer need a dedicated IP address to supply an SSL certificate... but it gets even better if you move your DNS to Cloudflare


I'm late to the Cloudflare game, having dismissed it a couple years back when the value add wasn't quite what it is today. Now, the services that Cloudflare is offering for free are amazing. Once you migrate your domain's nameservers over to Cloudflare, a process they make very painless, you have access to a pile of features at no cost - including Universal SSL.

By default, every site running its DNS through Cloudflare is given an SSL certificate on the Cloudflare proxy server which can be used for your website free of charge. The proxy then communicates with your web server on the client's behalf using SSL encryption. The result is that, by using Cloudflare, your website has a free SSL certificate. All you need to do is start using (or forcing the use of) https:// on your domain. There are many other benefits to using Cloudflare but today I'm only focusing on SSL.


It really is that simple, but here are a few things to consider.

1) Your web server will need to respond to HTTPS requests, so you'll need to make sure the site hosting is configured to accept SSL traffic.

2) While the traffic to the Cloudflare proxy server will be using SSL encryption, the traffic to your server from the proxy will not be encrypted using the Flexible SSL option. You should update this setting to "Full" and provision a self signed certificate on your web server.

crypto Cypress North

3) You're technically moving all of your web pages to a new URL in the eyes of Google if you start forcing HTTPS. To prevent any loss of existing URL strength and page rank you should perform a 301 redirect to the HTTPS version of the HTTP page.

Improve Google Page Rank

This continues the recent trend of Google forcing the hand of webmasters by punishing those who are not keeping up and rewarding those who are. Granted, this is a small boost they're offering to a page's rank if it's using HTTPS, but every little bit counts. Compared to taking a non mobile site mobile, this is far more simple to attain.

Below is the video from the announcement last August at Google I/O.

ITWorld DealPost: The best in tech deals and discounts.