Please support verification via meta tag in homepage and/or verification file in root folder, don't require https


#1

Hi,

Given that I’m struggling to get my site verified, I’d like to suggest a few points that would make verification for the average website publisher easier:

  1. Don’t require https. There’s still alot of websites out there that don’t have implemented https.
  2. Allow ownership verification by inserting a meta tag in the homepage. Google Search Console allows this, why not bat?
  3. Allow ownership verification by uploading a verification file in the website’s root folder. Google Search Console allows this, why not bat?

Thanks.


#2

Thanks for the feedback @Schuetze!

cc @Asad, @nvonpentz and @alex


#3

@Schuetze thanks for the feedback!

The problem with the approaches you mention is that it is trivially easy to spoof ownership without HTTPS & with a meta tag.

A simple comment on a page could inject a meta tag and a stranger could pretend to own your domain.

We do allow ownership verification by uploading a file to a trusted location on the root of the domain, was that not present when you tried to verify?

HTTPS is effectively the standard now and it’s free if you use Let’s Encrypt. https://letsencrypt.org/
Modern browsers are creating warnings for users if the domain does not use HTTPS. It’s highly encouraged that you add it for your domain.

Cheers!


#4

I have written another post about the problems I encountered trying to get verified here:

It really seems to boil down to the fact that I’m not using https. So once I have implemented it, I’ll get back here if I still encounter problems getting verified.