Why HTTPS? Well that’s a stupid question.

Matt | December 15, 2016

Everybody is moving to their websites to HTTPS! Google says it’s a must. You even get a nice green shield on the url bar – see below – security proven! It’s clear that HTTPS is a good thing for your website and the entire web is moving quickly to adopt HTTPS.

HTTPS Example

Better get on board or your traffic is going to tank! Woah woah woah… That’s not necessarily true, but let’s explore they what, why, and how of HTTPS.

What is HTTPS?

HTTPS is a combination of two things – HTTP(Hypertext Transfer Protocol) and TLS(Transport Layer Security).  This security layer essentially encrypts communications between the website server and the visitors device. It doesn’t protect your device or server themselves from intruders (they should have their own security measures), but it does protect the communications from being read or altered by intruders. This way a visitor to your website can be ensured that their data is not being mined when they send you a contact form message or digital payment. If a website has HTTPS enabled correctly it will have a green shield in your browser’s address bar and “https://” before the site address – refer again to the image above. An incomplete/incorrect implementation will have a red shield, x, or some other error/warning message to go along with the “https://” to warn visitors of non-encrypted or unsafe data transfer.

How to HTTPS?

HTTPS requires an SSL(Secure Sockets Layer) or TLS(Transport Layer Security) be installed on the web server. To get more technical… these terms are now used interchangeably as SSL3.0 was the last SSL version in use and TLS1.0 is often referred to as SSL3.1. The latest production version as of writing is TLS1.3 which is probably what your “SSL” is using. All of that aside – you need to buy these “Security Certificates” through your hosting provider to apply to your domain name. Ask your hosting provider, web developer, or marketing company to set up HTTPS for you!

Why HTTPS?

Well it’s far from perfect, but it’s the best, most standard communications security that is currently have available. And guess what? It’s going to continue to be upgraded as attackers get more sophisticated – see SSL 3.0, TLS 1.0, 1.3, etc… Your hosting provider and your devices security systems will also be upgraded as intruders try new methods.  Google thinks you should use HTTPS. WRC – the international consortium that develops web standards thinks you should. Even the slow moving bureaucracy that is our government requires it for their websites. So clearly it’s a must have for security and visitors trust (this can increase lead conversion).

There’s one more reason that you probably weren’t even thinking about. HTTP2! Yes, that’s right, the first HTTP update since HTTP1.1 in 1999. Before HTTP2 came along, HTTPS could increase a websites loading times because of the extra time taken for encrypted connections. With HTTP2, your devices can access multiple resources from a website at the same time! Before this, a visitor would have to load a single websites average of 30-100 resources 1 at a time. This change allows HTTP2 to decrease load times by 17-50% as reported by WPengine and CloudFlare. What does this have to do with HTTPS you ask? Well HTTP2 doesn’t require a security certificate, but browsers require security certificates for HTTP2 to function. So if you’re host has HTTP2 enabled and you have a Security Certificate installed – you get a website speed increase AND a security increase. Win Win.

Down the Rabbit Hole

Internet security is a deep and interesting subject with lots of reading material. With the emergence of the “internet of things” powering unprecedented DDoS attacks and botnets infecting massive amounts of devices – the web is a warzone. For us little fish, we have to hope that the big guys have our backs. As we await “Quantum Computing”, you can be sure, Google and others are preparing TLS defenses for your small business website!