Google has changed its indexing system and is now indexing HTTPS pages by default. This means that if a website supports both HTTP and HTTPS protocols, the HTTPS version will be indexed preferentially and be shown in the search results. However, there are exceptions. If certain criteria are met, then the HTTPS page will not be indexed: Any HTTPS page that contains insecure dependencies. Any HTTPS page that is blocked by your robots.txt file or via a noindex meta tag or even via X robots tag http header. Any HTTPS page that redirects to an HTTP page. Any HTTPS page that rel=”canonical tag” to its equivalent HTTP URL. Any HTTPS page containing on-host outlinks to HTTP urls On top of that: Your TLS certificate must be valid Your sitemaps must list HTTPS URLs or alternatively should not be listing the HTTP version of the URLs Google has brought in this change to help boost web security and improve users’ browsing experience. Webmasters who want to make it clear to Google that they want the HTTPS version of their website indexing, can do so by redirecting their HTTP site to their HTTPS site using wildcard redirects, and implementing a HSTS header on their server.