Make Google Search More Secure by SSL Encrypted Search
With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search terms and your search results pages from being intercepted by a third party. This provides you with a more secure and private search experience.
As google make SSL available, SSL search will be the default when you are signed in. When SSL search is in use, the URL will be https://www.google.com (note the extra “s”) and your browser may also provide a visual indication that you are using SSL, such as a lock icon in the URL bar. You can also navigate directly to https://www.google.com or to https://encrypted.google.com if you are signed out or if you don’t have a Google Account.
SSL search is also available for the following domains:
SSL on these domains is currently not the default; go directly to https://www.google.co.uk, https://www.google.fr, or https://www.google.de to search on SSL.
What is SSL?
SSL (Secure Sockets Layer) is a protocol that helps provide secure Internet communications for services like web browsing, e-mail, instant messaging, and other data transfers. When you search over SSL, your search queries and search traffic are encrypted so that intermediary parties that might have access to your network can’t easily see your queries.
What can I expect from search over SSL?
Here’s how searching over SSL is different from regular Google search:
SSL encrypts the communication channel between Google and a searcher’s computer. When search traffic is encrypted, it can’t easily be decoded by third parties between a searcher’s computer and Google’s servers. Note that the SSL protocol does have some limitations — more details are below.
Under most circumstances, when you use https://www.google.com your search terms are encrypted and are excluded from the referrer headers that are part of the request sent to the result site you visit. The landing site will still receive information that you are coming from Google, but not the query that was issued — namely, the host is still part of the referrer being passed. There are a few exceptions to this:
If your network administrator has redirected you to a NoSSLSearch configuration that we have for schools (see below), your query may not be encrypted, because you have been redirected to a non-encrypted http session.
If you have configured your browser’s search box to send search queries to http://www.google.com, you’ll be redirected to https to get your encrypted results, but your query will be initially sent unencrypted
If you click on an ad on the results page, your browser will send a referrer that includes your query to the advertiser’s site. This provides a mechanism to the advertiser so that the advertiser can improve the relevancy of the ads that are presented to you. If you are concerned about referrer information being sent without encryption to the website you clicked on, we recommend using google’s existing encrypted search service at https://encrypted.google.com. Many web browsers also provide the ability to disable referrers as well.
At this time, search over SSL is available on Web, Images and all the search modes except for Maps.
Your Google experience using SSL search might be very slightly slower than you’re used to because your computer needs to first establish a secure connection with Google.
Google logs the same information about your search when you’re using SSL search as we do for unencrypted search. SSL search does not reduce the data that Google receives and logs when you search, or change the listing of the items in your Web History.
SSL options for schools
When students search using SSL on https://www.google.com or https://encrypted.google.com, existing programs to restrict certain kinds of content from school networks may be disrupted. With SSL, content filters and proxies on your network may not be able to see or modify the search query or Google’s response.
If the scenario described above is problematic for your school, Google provides a NoSSLSearch option. The network administrator can adjust the DNS configuration for www.google.com to point to google NoSSLSearch end point. For regular http traffic, the user will see no difference.
Information for school network administrators about the NoSSLSearch option
When students search using https://encrypted.google.com, content filtering systems in place on your network may not be able to read their searches or Google’s response. If this is problematic for your school, you can block https://encrypted.google.com. When students continue to search using http://www.google.com, your content filtering will work as it always has in the past.
We do not recommend blocking https://www.google.com. Instead, consider using the NoSSLSearch option described above.
Logins for Google Apps for Education and google other authenticated services are currently hosted at https://www.google.com. As long as you allow access to https://www.google.com, your organization should still be able to access all of google’s other services.
Does SSL provide complete security?
While SSL helps prevent intermediary parties, such as internet cafes or ISPs, from seeing the response to your query, they could still know which websites you visit once you click on the search results. For example, when you search over SSL for [ flowers ], Google encrypts the results that Google returns. But when you click on a search result, including results like maps, you would exit the encrypted mode if the destination URL is not on https://. (Google Web search and search modes support SSL.)
Although SSL offers clear privacy and security benefits, it does not protect against all attacks. The benefits of SSL depend on your browser’s list of trusted root certificates, the security of the organizations that issue those certificates, and the way in which you and your browser handle certificate warnings.
In addition, while the connection between your computer and Google will be encrypted, if your computer is infected with malware or a keylogger, a third party might also be able to see the queries that you typed directly.
Secure searching on https://www.google.com may not be available if your network administrator utilizes the NoSSLSearch mechanism to downgrade searches on https://www.google.com to http://www.google.com without the encryption. If that happens, you can still use https://encrypted.google.com to perform encrypted searches. If https://encrypted.google.com is blocked, please escalate the issue with your network administrator.
At this time SSL search is only available for google.com; Google is working to bring this functionality to all Google domains.
See a warning?
When you perform a search on https://www.google.com or https://encrypted.google.com you might see a warning if a page has some non-secure components. Depending on your browser settings, you might see the lock icon turn into a warning sign, a pop-up message, or some other form of alert. This issue is often referred to as a “mixed content error.” This may occur due to browser plugins that inject content into the search results page or there may also be some rare cases in search over SSL that generate a mixed content error. [source]
Email : email@example.com