There’s a good chance that you’ve seen the small green lock icon that appears in the address bar of websites that you visit.
This icon indicates that all communications between your browser and the website are encrypted, or secure as the page is using HTTPS (Hypertext Transfer Protocol Secure).
Put simply, HTTPS encrypts all communication to protect information that’s being shared. This includes usernames, passwords, or credit card details. In order for this encryption to take place, the website in question must be using HTTPS, or, the secure version of HTTP.
As a website owner, you’ve probably been wondering whether you should make the move from HTTP to HTTPS as well. After all, there’s a lot of buzz currently circulating the net regrading HTTPS, and many high-level websites have already made the switch.
Does it matter? Should you update your website? What’s it all about anyway?
Making the move to an HTTPS site can offer a number of benefits. For one thing, it can add a layer of security to your website. This is especially important if you’re processing information like credit cards, or even messages.
Additionally, HTTPS is quickly becoming the new web standard, and Google’s continuing to provide incentives for people to make the move. These incentives include prioritizing websites with HTTPS over ones without in search engine rankings.
Finally, there’s the issue of peace of mind. For customers, having the green icon badge at the top of the page can give them confidence to continue with their transaction.
If you’re on the fence about moving to HTTPS, read on to see what it is, what it means, and why you’ll want to think about making the switch.
HTTPS: What’s It All About, Anyway?
It’s been over three years since Google first announced it was using HTTPS as a ranking signal.
Since then, websites have been gradually moving over to HTTPS.
You can tell if a website is HTTPS or HTTP by looking at the website’s address bar. A website with HTTPS will have a green lock and ‘Secure’ in the address bar, followed by the https.
How Does It Work?
With HTTP, when a browser and a web server communicate, that information is out in the open and capable of being intercepted by a third party. An SSL/TLS Certificate, though, enables an encrypted connection. With encryption, all communication is encoded, so only the authorized party can read it. This allows data to be shared between browser and website, without having to worry about it being intercepted.
An SSL/TLS Certificate also authenticates the identity of the company that’s holding the certificate.
When a company obtains SSL Certification, they’ll receive the certificate and files from the Certificate Authority, and can then install it on their server, and configure the server for HTTPS.
To show visitors that the website is HTTPS secure, the green ‘Secure’ badge will appear in the address bar when they visit the site.
Here’s a look at the steps that take place when a website with HTTPS is accessed:
- The devices determine how to encrypt the data.
- The server sends the certificate to authenticate and identify. This is known as a ‘handshake.’
- The computer receives the certificate and begins encrypting it.
- The server begins to encrypt as well.
- Now all messages and communication are encrypted.
While HTTPS does not necessarily guarantee that a website itself is not malicious, it does help to keep visitors’ communication with the site itself secure, and safer from potential hackers.
Why Does It Matter?
The issue of HTTPS becomes especially relevant for e-commerce stores.
According to a GlobalSign survey, 84% of users say that they would abandon a purchase if data was sent over an insecure connection. Additionally, a large majority are concerned about their data being intercepted or misused online.
If someone were to walk into your store and raise a concern, you’d take them seriously. So the fact that potential customers feel uneasy about the idea of being on your HTTP website should be enough to encourage you to make the switch. Ideally, you’ll want to do everything that you can to make your customers peace of mind, something that an HTTPS website can do.
Additionally, Google has said that it will give a slight preference to HTTPS websites over HTTP ones in search engine results pages (SERP). This means that if two websites rank the same for keywords, relevancy, etc., then Google will give the HTTPS one priority over the HTTP one.
Of course, there’s also the issue of security.
With an HTTPS website, your customers know that their data is secure and they will be more likely to give you their credit card information to make a purchase on your site.
Then there’s the fact that Google’s goal is to make HTTPS the default that users expect as the bare minimum in internet security today.
HTTPS represents three main security properties which will become the standard or default for all websites in the very near future.
Your browser receives a certificate that provides proof that it is the real domain you are speaking to, not a fraudulent imposter.
This guarantees your browser and the server that only they can read the data that is being exchanged and eliminates eavesdropping.
The HTTPS guarantees that the information that is being sent from your browser to the server is the data that the server receives and it is not modified or changed.
More Benefits of Moving to HTTPS
But wait, there’s more! Now, let’s take a look at a few additional reasons you’ll want to think about making the switch to HTTPS.
To Ensure Program Compatibility
Browsers like Chrome are increasingly restricting APIs (Application Program Interface) and other platform features from being run on not secured HTTP sites.
API is essentially the ability for one piece of software to speak to another. As a website owner, the last thing that you’d want is for WordPress or your shopping cart or email service to be restricted or altogether useless because it is not HTTPS, and therefore unable to interact with other necessary programs which would allow it to communicate effectively. Making the move to HTTPS can help to save you from unpleasant surprises.
To Improve Website Performance
Unbeknown to most users, Google has introduced what is known as HTTP2.
With HTTP2, you can respond to multiple communications at one time as opposed to going back and forth. HTTP2 is also proactive, and predicts what you are going to need during a session and it prepares the data, such as scripts and other backend data before it’s requested. This information can also be stored in your cache to be ready for you next session with the URL. But in order to utilize the benefits of HTTP2, you must have HTTPS.
To Prevent Your Website Being Marked as Not Secure
Another issue with using HTTP instead of HTTPS is that Google has started flagging these websites as not secure.
Chrome has recently started displaying a “Not secure” warning in the address bar of web pages that do not use HTTPS when users enter data into it. They’re also displaying this warning on all HTTP pages that users visit in Incognito mode. Displaying “Not secure” could be enough to dissuade a potential customer from entering their data into your website, and may even cause them to click away.
Network Latency When Migrating Is Minimal
While redirects from a HTTP to HTTPS website can be sluggish, there are ways around this issue. The HTTPS platform allows you to use what’s known as a Strict Transport Security Header to speed the connection and only allow access via HTTPS. It can also internally rewrites links so that they are HTTPS.
You can also turn on what’s called TLS false start in your server configuration. In laymen’s terms, this begins the process of the ‘handshake’ or, identification before it completes its formal path. Once a session has been completed you can then set up what’s known as TLS session resumption which is just like saying, “Hey we have talked before, let’s bypass the formalities.”
Allows You to Be Ahead of the Curve
Having HTTPS can help to keep you ahead of the curve. It probably won’t happen tomorrow but what if Google were to change its algorithm and only sites that are HTTPS would get preferential ranking? Would your website be searchable tomorrow?
While it’s unlikely that would Google make such a move, considering that only 30% of all URLs on page one of search results are HTTPS, the truth is that they’re still taking steps to make the entire web secure. It’s best to be ahead of the curve, and to start thinking about HTTPS, if you haven’t done so already.
When you’re ready to make the switch, it’s a good idea to check with your web host to see if they recommend a particular Certificate Authority (CA) to purchase from such as Symantec or other CA.
Another option is to go to SSL Mate to purchase the required certificates and set up an auto-renewal. Or, check out The SSL Store, which will give you several options depending on your needs. The number of certificates that you need and the amount you’ll need to spend will depend on several variables and will be relative to the number of sites, domains, and subdomains that you have.
Following Google’s Best Practices
Often businesses worry that they will lose their current spot in the organic search rankings if they migrate to HTTPS. If you follow Google’s best practices, though, your ranking should only temporarily be affected.
Once you turn on HTTPS for your site, you will want to activate what’s known as ‘301 redirects’ for your site and serve a canonical link element which will reinforce that this is your primary site.
For an excellent checklist to refer to during the migration go to Search Engine Land’s Guide to Securing Your Website. This article provides detailed and technical steps to check, double check, and implement during your switch.
A Seamless Migration
The easiest thing to do to assure a seamless migration of this data is to use the Chrome Developer Tools Security Panel. This tool will allow you to identify and correct configuration challenges that come up during the migration.
Once you’re all set up, you’ll want to track how your new HTTPS site is doing. SSL Labs is a great tool to use for this. It looks at all of the technical and background aspects of your site to ensure optimized performance and security. It also offers suggestions as to what configurations you can make to help protect your site from attacks.
Although making the move to HTTPS may not be at the top of your priority list, if your site has not been updated yet, it’s a good time to consider making the switch –if it’s in line with your budget. For new websites, it’s almost always a good idea to implement HTTPS from the start.
Google is working diligently behind the scenes to establish HTTPS as the industry and web standard, and there’s a good chance that they’ll continue to roll out new changes to encourage website owners to make the switch.
By guiding the migration to HTTPS, Google is helping to encourage a more secure and private web. And by moving your website to HTTPS you can help your visitors to have a safer and more efficient user experience as well.
Are you thinking of making the switch to HTTPS? What’s holding you back?