HTTP is an internet protocol that allows your browser to request web pages from the World Wide Web; HTTPS on the other hand, is a combination of HTTP and SSL.
Secure Sockets Layer or SSL are cryptographic protocols that provide security to communications that take place across the internet. So HTTPS allows you to not only send requests to servers, but it adds a layer of security on top of this HTTP request.
The main purpose of HTTPS is then to authenticate a visited website and to prevent your private information from being stolen. This means that the information you exchange with a web page is encrypted and cannot be accessed or hijacked by a hacker or other eavesdropper.
I am sure that you have heard of websites that has been exposed to malicious malware or unwanted advertisements. Whilst firewalls and anti-virus software help to protect your computer from these attacks, the encryptions and added security of using HTTPS can stop these problems occurring in the first place.
You can imagine how important this security is, if you have to submit your contact details, credit card number, password and even your social security number to a website. So when you are ready to submit your personal details to a website, make sure that you can see HTTPS in the browser.
Why don’t all websites use HTTPS?
One of the main reasons that a lot of websites do not have a SSL certificate and use HTTPS is that they do not sell anything online. So the belief has long been that if you don’t sell online, then you don’t need to use HTTPS.
Other reasons include the following:
- SSL certificates cost too much and you have to pay an ongoing, yearly fee.
- Installation of SSL certificates is too time consuming and too difficult.
- HTTPS dramatically slows the loading times of web pages.
All of these three reasons have been true to one degree or another, so lets’ look at each one in turn:
- Cost: Yes, SSL certificates used to be quite costly, but they are relatively inexpensive now. You can even have one SSL certificate that secures multiple websites on the same server, which cuts these costs down even further.
- Installation: If you try and install them yourself, you can still have some difficulty, but most hosting companies will do this for you, so this is no longer a valid reason not to have a SSL.
- Loading times: With the advancements in digital technology, the difference in speed today is minimal. If you are still worried, there are also a variety of tools available to help you increase the loading speed of your website, such as compression, cashing, etc.
So does your website really need HTTPS?
The short answer is yes, your website should use HTTPS. Even if you do not cover financial transactions on your website, you might still ask for visitor’s personal information for one reason or another. Having a SSL certificate gives visitors confidence in your website and in your company and helps to build trust.
If that isn’t enough to persuade you that your website needs to use HTTPS, then consider this – Google is now selectively promoting secured websites ahead of non-secured website development. This is in a similar vein to Google promoting mobile friendly websites over non-mobile friendly websites.
It is the way the internet is heading and sooner or later you will have to use HTTPS, just as you will need to make your website more mobile friendly.