Search engines prefer HTTPS

Blog Post created by smillerjones on Dec 29, 2015

Google recently began indexing more web pages via HTTPS and increasing the ranking of pages secured by HTTPS slightly. This means that Google will attempt to access and index your pages using HTTPS instead of HTTP when indexing your website, even if there are no HTTPS links to your pages.


However, there are some search engines that don’t prioritize HTTPS in their indexes, so your pages will most likely continue to be requested insecurely from their search results. To guide other search engines and the most modern versions of web browsers to access your website using HTTPS, you can redirect your HTTP website to an HTTPS versiona and also  implement HTTP Strict Transport Security (HSTS).


HSTS is a web security standard that tells browsers to always use HTTPS, regardless of the protocol specified by the URL. This requirement is communicated via the Strict-Transport-Security response header field, and conforming browsers and other “user agents” are expected to comply.


The header requires one parameter, which specifies how long the security requirement is in effect. For example, the HSTS response:


     Strict-Transport-Security: max-age=31536000


instructs the browser to use HTTPS for one year from receipt of the response.


For  content accessed via Orchestrate Delivery, you can easily add the Strict-Transport-Security header field “at the edge” - no changes to your origin server are required.


If “Configuration self service” is enabled for your Control Portal account, you can add the header yourself (see Custom Request Headers under Request and Response Headers in the Advanced Cache step), or contact Limelight Customer Service for assistance.