日期:2014-08-13 浏览次数: 返回列表


Webmaster level: all

Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default. That means that people using Search, Gmail and Google Drive, for example, automatically have a secure connection to Google.

Beyond our own stuff, we’re also working to make the Internet safer more broadly. A big part of that is making sure that websites people access from Google are secure. For instance, we have created resources to help webmasters prevent and fix security breaches on their sites.

We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.

We’ve also seen more and more webmasters adopting HTTPS (also known as HTTP over TLS, or Transport Layer Security), on their website, which is encouraging.

For these reasons, over the past few months we’ve been running tests taking into account whether sites use secure, encrypted connections as a signal in our search ranking algorithms. We've seen positive results, so we're starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal — affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content — while we give webmasters time to switch to HTTPS. But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.


In the coming weeks, we’ll publish detailed best practices (it's in our help center now) to make TLS adoption easier, and to avoid common mistakes. Here are some basic tips to get started:

Decide the kind of certificate you need: single, multi-domain, or wildcard certificate
Use 2048-bit key certificates
Use relative URLs for resources that reside on the same secure domain
Use protocol relative URLs for all other domains
Check out our Site move article for more guidelines on how to change your website’s address
Don’t block your HTTPS site from crawling using robots.txt
Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag.

If your website is already serving on HTTPS, you can test its security level and configuration with the Qualys Lab tool. If you are concerned about TLS and your site’s performance, have a look at Is TLS fast yet?. And of course, if you have any questions or concerns, please feel free to post in our Webmaster Help Forums.

We hope to see more websites using HTTPS in the future. Let’s all make the web more secure!
Posted by Zineb Ait Bahajji and Gary Illyes, Webmaster Trends Analysts



确 保用户安全是Google的首要任务。我们在这方面进行了大量的投入,以确保我们的服务使用的是业界领先的安全技术(如默认使用功能强大的HTTPS加密 保护)。这意味着,使用Google搜索、Gmail和云端硬盘等Google服务的用户将自动与Google建立安全连接。




因 此,我们在过去的几个月里进行了一些测试,尝试将网站是否使用安全的加密连接作为我们排名算法中的一个信号。我们从中看到了积极的结果,因此我们将开始使 用HTTPS作为一个排名因素。由于我们需要让网站站长有足够的时间来将网站协议转换为HTTPS,因此目前HTTPS这一排名信号中所占的权重非常小, 只会影响全球范围内不到1%的搜索查询,而且其权重会低于其他排名信号(例如高品质的内容)。然而,随着时间的推移,其影响范围可能会扩大,因为我们鼓励 所有的网站所有者将网站协议从HTTP转换为HTTPS,以确保所有用户的上网安全。