Find out which pages are served as HTTPS and which are not, and why
Google began rolling out this week a new HTTPS Search Console report that shows which pages on your website are being served via the secure HTTPS protocol which is designed to ensure the safety and security of users, and which are not, and why.
Google aims to achieve 100% encryption, and claims that as of August 2022 91% of its US traffic was encrypted. Continuation in service of older devices and operating systems that don't support HTTPS, as well as the blocking or degrading of HTTPS by the governments of some countries, are obstacles outside Google's control, but favoring HTTPS in page ranking provides a good incentive for site owners to ensure their pages are served up encrypted.
Accordingly, Google reminds site owners (hint, hint) that its "page experience signals" - used in ranking - include serving pages by HTTPS as well as other attributes like Core Web Vitals, mobile friendliness and presence/absence of intrusive interstitials.
Reasons pages aren't served as HTTPS could include among others::
- HTTPS has invalid certificate
- HTTP marked with canonical tag
- Sitemap points to HTTP
- HTTPS has redirect
- HTTPS URL is roboted (that is, HTTPS URL exists but is blocked by robots.txt)
- HTTPS not evaluated, which could mean one of these conditions exists:
- HTTP URL has no equivalent HTTPS URL, or Google encounters 4XX or 5XX error
- HTTPS equivalent URL exists but Google has chosen HTTP URL as canonical (e.g., because you didn't tag the HTTPS URL)
- Google encountered so many errors that crawl was ended
- Site-wide error like bad SSL certificate
- Google has not seen URL yet or has not crawled it
If your HTTPS report shows errors, good places in Search Console to start a fix would be:
- Check Crawl stats report to ensure site is responding to crawl requests.
- Check Index coverage report for multiple 404s that might have terminated crawl
Comments on Google adds HTTPS report to Search Console