What is HTTPS
HTTPS, an abbreviation for “Hypertext Transport Protocol Secure” is the same as the HTTP protocol but uses a “Secure Socket Layer” (SSL) for security purposes. The HTTPS protocol is used to encrypt the data being sent back and forth from the website to the browser. If a malicious entity tried to capture the data being transferred it would be unrecognisable and of no use. When you visit a website you can usually tell whether the website is using HTTPS by the way of a padlock appearing in the address bar of your browser. In addition to this, most major browsers will now flag any page with login or credit card fields as “Not secure” if the website is not using HTTPS.
For all websites an HTTPS domain SSL certificate must be acquired from one of the many certificate authorities. Such popular services are “Let’s Encrypt” and “Cloudflare”, both providing free SSL certificate services.
I don’t need HTTPS because I don’t handle payment details
There are many misconceptions about HTTPS, for example, some may suggest you don’t need HTTPS if your website does not contain any sensitive information or handle payments. However, even if your website does not contain or transmit any sensitive information, using HTTPS can protect your site from someone injecting malicious scripts, images and adverts into your pages. This often happens on airlines and hotels websites, due to their popularity and accrued traffic. HTTPS guarantees content integrity and has the ability to detect tampering.
HTTPS Will slow my website
It has also been (falsely) reported on blog and forum sites that HTTPS is slower then HTTP. Modern servers can now load faster over HTTPS especially when the newer HTTP/2 protocol is being used. So, whilst it isn’t a magic switch to speed page load times, providing your content is already well optimised you should notice a slight increase in performance.
HTTPS will hurt my website ranking and SEO
Actually, HTTPS will improve it. The only time it may impact your search rankings is if you are trying to use HTTP and HTTPS together, e.g. mixed content. ‘Always’ use HTTPS for all your website content.
What HTTPS isn’t
Even though HTTPS guarantees website integrity and provides a secure communication between the browser and server website, owners or site administrators will still need to follow best practices when dealing with sensitive data such as passwords. This helps ensure that once data has reached the server it is securely encrypted when saved in the database.
HTTPS is being adopted at a fierce rate across the globe. All the major players on the web such as Google, Microsoft, Facebook and Twitter are in the process of moving or have moved from HTTP to HTTPS. As mentioned earlier, browsers such as Chrome and Firefox have also recently started to warn or even block websites that are not HTTPS, there is even a deadline set for when search engines won’t return websites in queries if they do not have an SSL. Visitors to websites which do not implement HTTPS inevitably do not return to those sites again.
Whenever you enter personal or financial information on a web site ‘always’ ensure you use a web address that starts with https:// and that the padlock icon appears in the address bar of the browser, this then indicates your data will be secure between the browser and server.