SEO implications of entire-SSL site

It's been said that the whole web should be SSL [1,2]. However, website owners care a lot about SEO and there's a potential SEO penalty to SSL. Not certain, but it's a risk and maybe one Google could mitigate with a more explicit policy.

There are at least two reasons search engines may penalise https URLs: (a) they may consider it more likely to be a private URL and/or a misconfiguration by a hapless webmaster just asking to be taken down a notch; (b) if it's a migration from http to https, http forwarding is necessary and there might be a duplicate link penalty. +Matt Cutts addresses the second situation here, and is frankly tentative at best.

(And to the contrary, it's possible some search engines will consider SSL sites to be upstanding citizens deserving of a juice bump, similar to fast loading sites. OTOH SSL is still a potential performance hit, albeit much smaller these days, so performance might be another, indirect, reason for penalty.)

Whether (a), (b), neither, or both apply to Google or any other search engine is hard to say, because secrecy. It's a risk of unknown unknowns. I hope to take the plunge soon with http://player.fm.

1. https://mikewest.org/2011/12/nerdy-new-year by +Mike West 
2. https://plus.google.com/107606703558161507946/posts/4nFT2wi4sxn by +Tim Bray
Shared publiclyView activity