SEO is always on the minds of webmasters, so head of Google’s webspam team Matt Cutts is always busy answering questions. Recently, he seemed to leave the questions about HTTPS websites behind. Many seem to think that these types of websites never appear at the top of a Google results page (SERP), and people want to know why. This was a big issue last year when Cutts explained it in May, and the lack of an update leads many to believe that the answer is still the same.

If you missed the discussions, don’t sweat it. Below explains exactly how these websites work and the SEO impact of having this type of secure website.

What is an HTTP or HTTPS Website?

For those who are unfamiliar, an HTTPS website is a way to keep your website incredibly secure using a Secure Sockets Layer (SSL). This means that a website equipped with the “S” on HTTP (HyperText Transfer Protocol) allows it to transfer encrypted data over the Web.

In general, any company that is accepting credit card information over the Internet should have a website setup with SSL (or at least set the pages that collect this information to https). On that same note, consumers should make sure they are only giving their credit card information to sites that are HTTPS. A little lock icon appears at the top of the browser to illustrate to consumers that the website is setup to keep your information secure. You can learn more about how to create a secure HTTPS website here.

So what are the difference between HTTPS and HTTP? The differences are actually quite important. The biggest difference is that HTTP sends this important data across the web in plain text, so it does not encrypt the data. This means that it’s much easier for someone to steal the information because it’s easier to read and find.

Top Things to Consider When Optimizing an HTTPS Website

  1. Loading times. Sometimes the loading time is much longer on an HTTPS website, which isn’t good for SEO or user experience. Fix this by either encrypting only the pages that transfer sensitive data, or by using a high performance host.
  2. Robots.txt file. Using this file will help you let the Google bots know which of your pages should be crawled and indexed. Remember, though, that the robots.txt is only valid if you place it within the https protocol. Learn more about this here.
  3. Files. Keep all of your files, such as images and content, within the https protocol in order to avoid popups and spam.
  4. Certification. You will need to get an SSL certification from an SSL certificate provider. Make sure to always keep this updated if you want the best SEO. In this case, you really can’t get away with something that is expired.
  5. HTTP versions. Although it’s possible to optimize your https pages, companies are still making sure their websites are full of http pages in order to really make sure they make it in the rankings. Make sure your pages full of content are set to HTTP and you’re linking to them through guest posting and other optimization efforts.

Conclusion: What Cutts Said

The best answer we’ve gotten from Cutts came to us about one and a half years ago in this video. He explained that he is not aware of anything in the code that should prevent an HTTPS website from ranking well on a Google SERP; however it’s important to test first (as always!). The example he gave was PayPal, a site that certainly uses a SSL and yet still ranks well on a Google SERP. This is still true today, and does prove that a secure site should be able to rank well if optimized using some of the tactics discussed above. Still, this seems to be one of the only instances we can find.

Lastly and interestingly enough, Cutts also mentioned that it’s uncommon to see sites do this. Hopefully in 2013 this will no longer be the case as more and more companies start to understand the importance of security and the web.