Over the years, Google has worked hard to promote a more secure web and to provide a better browsing experience for users. Gmail, Google search, and YouTube have had secure connections for some time, and Google also started giving a slight ranking boost to HTTPS URLs in search results last year. Browsing the web should be a private experience between the user and the website, and must not be subject to eavesdropping, man-in-the-middle attacks, or data modification. This is why Google has been strongly promoting HTTPS everywhere. As a natural continuation of this, Google now adjusted its indexing system to look for more HTTPS pages. Specifically, Google starts crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, Google will typically choose to index the HTTPS URL if: - It doesn’t contain insecure dependencies. - It isn’t blocked from crawling by robots.txt. - It doesn’t redirect users to or through an insecure HTTP page. - It doesn’t have a rel="canonical" link to the HTTP page. - It doesn’t contain a noindex robots meta tag. - It doesn’t have on-host outlinks to HTTP URLs. - The sitemaps lists the HTTPS URL, or doesn’t list the HTTP version of the URL - The server has a valid TLS certificate. Get the full story at the Google Webmaster Central Blog