POST UPDATED ON: 5/22/2020
ORIGINAL POST DATE: 10/6/2017
Have you ever noticed that some of the websites you visit show a little padlock icon in your browser, or maybe you’ve noticed some sites starting with HTTPS instead of HTTP? It used to be that you primarily saw these signals when you were signing with a password and username, or were checking out for an online purchase. Now, HTTPS is becoming the standard for most web browsers and often considered a requirement for user experience, development, and SEO.
That little padlock, or HTTPS, lets you know that you are sending your information over a secured or encrypted connection. Over time, as businesses and consumers look to protect themselves online, HTTPS has become more common, even on sites that are not dealing with sensitive information.
Let’s take a look at what exactly HTTPS is and why you might want to add it to your site.
What does HTTPS mean?
HTTP is the standard protocol that your web browser uses to communicate with the sites you visit. HTTPS is the secure form of HTTP, meaning that the information being sent back and forth between your browser and the site you are visiting is encrypted.
If your site is currently using HTTP, you can start the process of setting up HTTPS by purchasing an SSL (Secure Sockets Layer) certificate. If you are working with a managed hosting and maintenance provider, they will be able to assist you with the setup, and may have hosting options that include an SSL.
Since 1999, Gravitate has offered website hosting and maintenance services to countless clients worldwide.
Why should I have HTTPS?
There are many security benefits to having an SSL and if you are collecting any information on your site—whether it be payment, confidential financial information, or simply contact details from visitors. When transferring information over a non-secure, HTTP connection, all communication is sent as plain text that could potentially be viewed or modified by a hacker, or really any interested third-party. A secure, encrypted connection prevents third parties from stealing that unencrypted information about users, and also prevents them from modifying the information your server is sending to the visitor’s browser.
Your site can experience a number of benefits from having an HTTPS connection. Google has already said that it gives a boost, or prioritizes, secure sites. Remember, Google has a vested interested in connecting their customers with useful information from safe sources. With all other things being equal, your site should be prioritized over a standard HTTP site. This can have a long-term cumulative effect on your business and search engine optimization. If your site is served relevantly to more visitors, there is a likelihood that they may find additional content on your site useful, and it also presents the opportunity that your site could be shared more regularly on social media. These factors can contribute to long-term improvement in search engine performance.
There is a no question about it, the general public is more cautious and aware than ever before when it comes to sharing information on the internet. Hacks and security have become front-page news, most recently with more than 143 million people having their private information stolen in the Equifax data leak. Just to be clear, the Equifax data breach is not related to HTTP v HTTPS, but it has really sparked an interest in online privacy for many Americans. As digital marketers, we want website visitors to feel safe and we want their information to be safe. With security in the forefront of consumers’ minds, seeing an unsecure HTTP in the browser may be enough to deter a new lead from sharing any information with you whatsoever.
How do I set up HTTPS?
Setting up your HTTP is relatively easy. You can check with your website host to confirm the steps that you will need to take. Once you are setup, remember to keep an eye on your SSL certificate, as those typically need to be renewed annually.
Need some motivation or encouragement?
Even the Space Jam website that launched in 1996 has updated their standards to https. You’ve got this!
Frequently Asked Questions
“The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, where hypertext documents include hyperlinks to other resources that the user can easily access, for example by a mouse click or by tapping the screen in a web browser.”
In other words, HTTP is the protocol for data communication on the internet.
“Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.”
In other words, HTTPS is the protocol for secure data communication on the internet by using an SSL (TLS) certificate.
No. Both will work. However, HTTPS should be used whenever possible. Browsers are making it more difficult to view HTTP websites and eventually may prevent it entirely.
Yes. If you are using “includeSubDomains” on Strict-Transport-Security and then try to load a subdomain without an SSL and over HTTP, the browser should prevent the page from loading. Our recommendation is to use this feature, include the subdomain in your SSL, and load the subdomain over HTTPS. There could be other headers that also prevent the site from being loaded over HTTP.
Yes. Although, ciphers are also an important piece to making HTTPS safer. New ciphers are more difficult to hack / break into. Removing old ciphers from your HTTPS makes the connection more secure, but it also prevents older browsers from connecting. So, if your audience is known for having old versions of browsers, you may not want to disable old ciphers. Here is a diagram of which ciphers are supported by each browser version.