Security is an ever-evolving area of website management. After all, it is not for nothing that, for instance the UK is investing as much as $2.5 bn in cyber security. It is likely that you are aware of the series of letters before a web address that reads either HTTP or HTTPS. Although you may not have given either of these much thought as a casual internet user, if you are starting your own website or doing so on behalf of a customer or client, it is important to understand the difference and why it is different.
First though, before we dig any deeper, it is important to get a handle on what HTTP and HTTPS actually are. After, we can discuss their differences and why one might be better than the other.
WHAT IS HTTP AND HTTPS?
HTTP is an abbreviation for Hypertext Transfer Protocol. In the most basic of terms, it enables communication to happen between different systems. HTTP is normally used to enable the transfer of data to an internet browser from a server so that users can view pages of a website. All early websites used this protocol.
Unsurprisingly then, HTTPS is shorthand for Hypertext Transfer Protocol Secure. The main issue with standard HTTP is the information is not encrypted when it is transferred to a browser from a server, making it vulnerable to theft.
HTTPS solves this problem by making use of a secure sockets layer or SSL certificate. This establishes an encrypted and therefore, secure connection between the browser and server. With this in place, any sensitive information is more greatly protected from theft while it is being transferred.
MAIN DIFFERENCES BETWEEN HTTP AND HTTPS
As it is probably becoming clearer, HTTPS offers additional security in the form of SSL that HTTP doesn’t. Essentially, HTTPS is the same as HTTP with extra security. The point is though, that the addition of this security is significant. This is especially true for websites that obtain sensitive information from their users, like passwords and credit card details. [/vc_column_text][/vc_column][/vc_row]
WHAT DOES THE SSL CERTIFICATE DO THAT MAKES HTTPS SECURE?
An SSL certificate takes any information supplied to a website by a user and converts it into code. Therefore, even if an individual could steal the information as it is passed between user and website, they would not understand what it meant, thanks to the encryption.
Additionally though, HTTPS also benefits from what is known as Transport Layer Security or TLS protocol. This ensures that the integrity of the data is upheld, to stop the corruption or modification of the transfer process as well as providing authentication, to give users the peace of mind that the website they are communicating with is legit.
You can tell if a site is secure or not by reading the address. If it starts with HTTP, it isn’t secure. Whereas, if it starts with HTTPS, it is secure.
HTTPS IS NECESSARY & HTTP IS GOOD ENOUGH
With all this in mind though, are there any circumstances where HTTP is good enough to use for a website?
The short answer to this is that, it depends. Before 2016, the thought was that only websites that were involved in the transfer of sensitive information such as bank details, passwords and other important pieces of personal data needed to use HTTPS. Generally, if you weren’t involved in the transfer of sensitive data before that time, you might be fine with HTTP.
What changed in 2016? Google made the announcement that from 2018 they would take whether a site used HTTPS into consideration when it came to ranking. In other words, sites with HTTPS could have a higher spot in the rankings than other sites that didn’t use it.
A lot of website owners didn’t really see the amount of fuss involved in changing their website from HTTP to HTTPS for the small boost in ranking worth it so many didn’t change.
WHY HTTPS IS ALWAYS BEST
In line with the above, many people hold the misconception that HTTPS is only necessary for sites that handle communications and data transfers of a sensitive nature. However, any unprotected request between a site and a user can reveal information about the identities and behaviour of users.
While a single visit to an unprotected site might not seem too serious, there are some intruders and hackers that will look at the combined activity of your viewers to build ideas of their intentions and behaviours and figure out their identities. A good example of this is employees giving away that they have health condition just by the medical articles on unprotected sites they read.
HTTP VS. HTTPS FOR SEO – ADVANTAGES OF HTTPS
When it comes to SEO, there really is no argument, HTTPS is always best. There are a multitude of advantages to the SEO of your site if you have HTTPS, including:
- Better Rankings
- No Login Not Secure Warning Message
- Referral Data
- More Compatible With Mobile Devices
- Quicker Browsing
Google, back in 2014, made the announcement that most sites with HTTPS would receive a boost in the rankings over any without HTTPS. This was something of a soft signal from Google. For two websites with the exact same content relevance and technical spec, Google would give priority to the web-pages with HTTPS. As we now know, since then, this has developed into a stronger signal.
No Login Not Secure Warning Message
When Chrome 57 is released, it will give users security warnings to the bottom of the page of any form fields if a site does not have HTTPS. As early as 2017, Chrome had started to give users the Not Secure warning if they used a site without HTTPS that asked for credit card or login details. Just think about how a user would feel about conducting business such as a credit card payment on a site that featured a warning that told them it wasn’t secure.
With HTTP, any traffic passing through it, when recorded by analytics software, appeared as direct traffic. When using a site with HTTPS, the traffic passing is preserved as secure referral sources.
More Compatible With Mobile Devices
With the addition of Google’s brand new mobile index, websites are being encouraged to use HTTPS and this could more significantly affect the rankings than searches from desktop devices. Google needs websites that use SSL to convert website pages into AMP. In turn this will have a big effect on the rankings organically generated by mobile users.
With HTTPS, it provides your users with the peace of mind that your website is legit and the site they are supposed to directed to. As noted earlier, it also encrypts all sensitive information, such as browsing history, financial details and logins, while offering protection against breaches from third parties.
As the majority of web browsers now support HTTPS, this provides users with enhancements not available through HTTP sites. When you use HTTPS therefore, users experience quicker browsing speeds, in addition to the increased safety and security.
With all of the above in mind, it is easy to see that although HTTP would seem easier to deal with, particularly if you already have that protocol in place for your website; the actual reality is that HTTPS is becoming essential, for all websites.
Cider is a Software Development Company based in the heart of Silicon Valley. We combine business domain knowledge and technology expertise of more than 50 development studios spread around the world. We specialize in custom web development, as well as customization of CMS based websites. We have experience in building websites across different verticals: from eCommerce to Healthcare.
We will be happy to help you analyze current state of your web property and move it to next level together. Reach out to us for a FREE Quote!