Google have continuously worked towards encouraging a more secure web environment for users. One approach last year, was to bring in a small ranking boost for HTTPS URLs in the search results pages.
Since then, the promotion of HTTPS by Google has been ongoing, and in their latest announcement Google have stated that their website indexing system has been adjusted to find more HTTPS pages. In particular, they will begin to crawl HTTPS equivalents of HTTP pages, even in cases where the HTTPS versions are not linked to from other pages.
If two different URLs from the same web domain have exactly the same page content, but are served over different protocol schemes (i.e. one being HTTP and the other HTTPS), the HTTPS URL will usually be indexed if:
It doesn’t have insecure dependencies.
The robots.txt file isn’t blocking it from being crawled.
It doesn’t redirect users to an insecure HTTP page.
It doesn’t have a rel=”canonical” link to the HTTP page.
There isn’t a noindex meta tag on the URL.
It doesn’t have on-host links out to insecure HTTP URLs.
The HTTPS URL is included in the sitemaps, or if the HTTP version is not included.
The server holds a valid TLS certificate.
Although Google will look for the HTTPS version of a URL, it is best practice to redirect your HTTP site and all pages to the HTTPS version. This will make it clear to Google and the other search engines that there is a secure HTTPS version of your site.