Website security is an increasingly important issue in today’s interconnected world. As ways to phish, sniff and breach security become more sophisticated, Google and web masters alike are taking more stringent measures to keep users’ information and web content safe.
Enter HTTPS. Hyper Text Transfer Protocol Secure is the secure version of HTTP. It’s the protocol over which data is sent between a browser and the website to which one is connected. It means all communications between a browser and the website are encrypted by way of Secure Sockets Layer (SSL) or, its more evolved form, Transport Layer Security (TLS).
What is HTTPS for?
The purpose of HTTPS first came about to help prevent “man in the middle” attacks, and to prohibit eavesdropping and tampering with or forging the contents of online communication. HTTPS websites give a reasonable certainty that the intended website is not an imposter, and that the content is securely transmitted.
In order to protect user data and website integrity, HTTPS is becoming increasingly widespread. At the dawn of the century, HTTPS sites were mostly limited to those that dealt with payment transactions and the transmission of other sensitive information. But in 2014, Google announced its HTTPS Everywhere initiative. The goal was to stimulate a wider adoption of HTTPS to authenticate a wider range of websites, while simultaneously highlighting the significance of website security.
According to Google, there are three main reasons why you should always protect your sites with HTTPS.
- Intruders both malignant and benign exploit every unprotected resource between your websites and users.
- Many intruders look at aggregate behaviours to identify your users.
- HTTPS doesn’t just block misuse of your website. It’s also a requirement for many cutting-edge features and an enabling technology for app-like capabilities such as service workers.
With increasing demand for keeping user communications, identity and web browsing private, HTTPS is on the brink of becoming the standardized default. As of June 2016, 10.2% of Alexa top 1,000,000 websites use HTTPS as default, 43.1% of the Internet’s 141,387 most popular websites have a secure implementation of HTTPS, and 45% of page loads (measured by Firefox Telemetry) use HTTPS.
There has been some resistance to HTTPS and it mostly had to do with the myth that HTTPS websites are slower than regular HTTP sites. But thanks to websites like HTTPvsHTTPS.com, you can test the load times and see that the secured counterpart generally operates at a faster speed.
In fact, the benefits to HTTPS go beyond user safety and security, and beyond keeping your site safe from attacks (although those are stand alone excellent reasons).
Additional Benefits of HTTPS on websites
To show its commitment to the evolution of online safety, Google has incentivized HTTPS by giving a rankings boost to HTTPS websites. Of course you still need to have a dynamic site with quality content, but this nod to secure sites from Google is a big sign that the shift toward security is picking up the pace.
For web builders, securing websites means purchasing an SSL/TLS certificate. Then it’s simply a matter of installing the certificate properly and configuring your server to enable it. However, you do need to configure your server so that every single page of your entire website is served on HTTPS. This is key as it’s the only way entirely benefit from SSL/TLS, and the only way to get an SEO boost from it.
HTTPS websites protect mobile traffic as well and the trend toward mobile browsing is only set to increase. Further, both Apple and Google are pushing mobile apps towards encryption by default.
While it’s an extra charge and means a few extra steps, there’s no sense in rallying against the tidal wave. HTTPS and secure sites are soon to be the default and the norm so best to dive in now.
If you are looking for a secure website, look no further than Stigan Media. We are experts in HTTPS and understand the importance of keeping your site and your users’ privacy secure.
Our Vancouver based programmers are at the cutting edge of website security. Inquire with us to find out how we can build a site for you that is safe and secure.
Stay tuned, in tomorrow’s blog post we talk about Google Chrome’s latest feature: non-https warning.