Google Inside Search | Inside Search

Web Search

I want to search more securely with Secure Sockets Layer (SSL) search

  • SSL Search

SSL Search

With Google search over SSL, you can have an end-to-end encrypted search solution between your computer and Google. This secured channel helps protect your search results and, in most cases, your search terms (exceptions outlined below)from being intercepted by a third party. This provides you with a more secure and private search experience.

As we make SSL available, SSL search will be the default when you are signed in. When SSL search is in use, the URL will contain https (note the extra "s") followed by the Google domain, e.g. https://www.google.com, and your browser may also provide a visual indication that you are using SSL, such as a lock icon in the URL bar. You can also navigate directly to https://www.google.com or to https://encrypted.google.com if you are signed out or if you don’t have a Google Account.

Throughout this article, we use Google.com as the example Google domain, but SSL search is now available on most Google top-level language domains (e.g. Google.es and Google.fr).

What is SSL?

SSL (Secure Sockets Layer) is a protocol that helps provide secure Internet communications for services like web browsing, e-mail, instant messaging, and other data transfers. When you search over SSL, your search queries and search traffic are encrypted so that intermediary parties that might have access to your network can't easily see your results and search terms.

What can I expect from search over SSL?

Here's how searching over SSL is different from regular Google search:

  • SSL encrypts the communication channel between Google and a searcher's computer. When search traffic is encrypted, it can't easily be decoded by third parties between a searcher's computer and Google's servers. Note that the SSL protocol does have some limitations — more details are below.
  • Under most circumstances, when you use https://www.google.com your search terms are encrypted and are excluded from the referrer headers that are part of the request sent to the result site you visit. The landing site will still receive information that you are coming from Google, but not the query that was issued -- namely, the host is still part of the referrer being passed. There are a few exceptions to this:
    • If your network administrator has redirected you to a NoSSLSearch configuration that we have for schools (see below), your query may not be encrypted, because you have been redirected to a non-encrypted http session.
    • If you have configured your browser’s search box to send search queries to http://www.google.com, you’ll be redirected to https to get your encrypted results, but your query will be initially sent unencrypted
  • If you click on an ad on the results page, your browser will send an unencrypted referrer that includes your query to the advertiser’s site. This provides a mechanism to the advertiser so that the advertiser can improve the relevancy of the ads that are presented to you. If you are concerned about referrer information being sent without encryption to the website you clicked on, we recommend using our existing encrypted search service at https://encrypted.google.com. Many web browsers also provide the ability to disable referrers as well.
  • At this time, search over SSL is available on Web, Images and all the search modes except for Maps.
  • Your Google experience using SSL search might be very slightly slower than you're used to because your computer needs to first establish a secure connection with Google.

Google logs the same information about your search when you’re using SSL search as we do for unencrypted search. SSL search does not reduce the data that Google receives and logs when you search, or change the listing of the items in your Web History.

SSL options for schools

When students search using SSL on https://www.google.com, existing programs to restrict certain kinds of content from school networks may be disrupted. With SSL, content filters and proxies on your network may not be able to see or modify the search query or Google’s response.

If the scenario described above is problematic for your school, Google provides a "NoSSLSearch" option. The network administrator can adjust the DNS configuration for any Google domain (e.g. www.google.com) to point to our NoSSLSearch end point. For regular http traffic, the user will see no difference.

Information for school network administrators about the NoSSLSearch option

To utilize the NoSSLSearch option for your network, please configure the DNS entry for any Google domain (e.g. www.google.com) to be a CNAME for nosslsearch.google.com. We will not serve SSL search results for requests that we receive on this hostname. If we receive a search request over port 443, the certificate handshake will complete successfully, but we will then redirect the user to a non-SSL search experience along with an initial message explaining so.

All customization and personalization is dependent on SSL availability, thus some features may be absent. Utilizing the NoSSLSearch address will not affect other Google services outside of Search. Signing into Gmail, Google Apps and authenticating to different services will continue to work (and will occur over SSL).

If you are still experiencing an issue with SSL Search after attempting to implement our solution, please fill out this short form to help us look further into your problem.

Blocking access

  • When students search using https://encrypted.google.com, content filtering systems in place on your network may not be able to read their searches or Google’s response. If this is problematic for your school, you can block https://encrypted.google.com. When students continue to search using http://www.google.com, your content filtering will work as it always has in the past.
  • We do not recommend blocking https://www.google.com. Instead, consider using the NoSSLSearch option described above.

Does SSL provide complete security?

While SSL helps prevent intermediary parties, such as internet cafes or ISPs, from seeing the response to your query, they could still know which websites you visit once you click on the search results. For example, when you search over SSL for [ flowers ], Google encrypts the results that Google returns. But when you click on a search result, including results like maps, you would exit the encrypted mode if the destination URL is not on https://. (Google Web search and search modes support SSL.)

Although SSL offers clear privacy and security benefits, it does not protect against all attacks. The benefits of SSL depend on your browser’s list of trusted root certificates, the security of the organizations that issue those certificates, and the way in which you and your browser handle certificate warnings.

In addition, while the connection between your computer and Google will be encrypted, if your computer is infected with malware or a keylogger, a third party might also be able to see the queries that you typed directly. We recommend that everyone learns how to prevent and remove malware.

SSL availability

SSL Search is now available on most Google domains. Secure searching on https://www.google.com may not be available if your network administrator utilizes the "NoSSLSearch" mechanism to downgrade searches on https://www.google.com to http://www.google.com without the encryption. If that happens, you can still use https://encrypted.google.com to perform encrypted searches. If https://encrypted.google.com is blocked, please escalate the issue with your network administrator.

See a warning?

When you perform a search on https://www.google.com you might see a warning if a page has some non-secure components. Depending on your browser settings, you might see the lock icon turn into a warning sign, a pop-up message, or some other form of alert. This issue is often referred to as a "mixed content error." This may occur due to browser plugins that inject content into the search results page or there may also be some rare cases in search over SSL that generate a mixed content error. We'll work to prevent such errors, and you can help if you report any errors through our Help Forum.

Related