How to Make a Secure Web Server More SEO-Friendly
If you have pages on your Web site where users provide sensitive data, such as a credit card number or other type of account information, you can make these pages both secure and SEO friendly.
The Internet solution for protecting sensitive information is to put those Web pages on a secure server. Technically, this means that the Web page is on a secure port on the server, where all data is encrypted. You can tell when you’re looking at a Web page on a secure server because http: changes to https: in the URL address.
Secure servers can cause duplicate content problems if a site has both a secure and non-secure version of a Web page. Two versions of the same page end up competing against each other for search engine rankings, and the search engines pick which one to show in search results. Also, because people link to both versions of the page, neither page can rank well because they’ve split their link equity.
Here are some SEO-minded best practices for handling secure servers:
Don’t make duplicates. Many times, people just duplicate their entire Web site to make an https version. This is a very bad practice because it creates instant duplicate content. Never create two versions of your site, or of any page on your site. Even if you exclude your secure pages from being indexed, people link to them at some point and the search engines find the secure versions through those links.
Only secure the pages that need to be secure. If the page doesn’t receive sensitive account-type information from users, it doesn’t need to be secured. This is easily handled with a rewrite rule.
Spiders shouldn’t be allowed to crawl secure pages. Search engines do index secure pages, if they can get to them. Banks usually have secure pages indexed because they often put their entire site on an https. Because of the nature of their business, it makes sense that banks want to give their users the utmost level of confidence by securing their whole site. However, the best practice is not to try to rank for pages on a secure server.
Access secure pages through a logon. The cleanest way to handle secure pages is to put them behind a logon. Search engine spiders can’t crawl pages that require a logon to access, so they definitely won’t be indexed. You also raise the user-friendliness of your site by including a logon because users will clearly understand why they’ve moved into a secure server environment and feel more comfortable entering their account information there.
If your Web site has secure pages that violate these best practices, here’s how to fix it:
Identify which pages on your site need to be secure.
Secure only the pages where users need to enter account information.
Make sure your secure pages are not duplicated.
Your secure pages should only have an https:// version. Do not offer a non-secured duplicate version. All links to and from secure pages should be full path links; that is, they should begin http:// or https://. Adding relative links to secure pages is just asking for trouble.
Clean up duplicate pages using 301 redirects.
If you currently have secure pages that don’t need to be secured, redirect them to the http version using a 301 permanent redirect. That way, any links going to the secure pages are automatically redirected to the right pages. The same goes for non-secure pages that should be secured, only vice versa.