HyperText Transfer Protocol (HTTP) is the network protocol that allows your browser to communicate with a web server. HTTP makes it possible to send and receive information across the internet.
HTTPS is the secure version of HTTP.
For a long time, you only needed HTTPS if you used sensitive data that needed to be secure. That’s not true anymore.
Google hates HTTP (so does Firefox)
Since 2010, Google has been encouraging sites to move from HTTP to HTTPS. In 2018, Google took stronger steps:
- It showed a warning to Chrome users if they clicked on a non-HTTPS website.
- It threatened web masters that they would lose traffic if they had a non-HTTPS site.
Benefits of moving to HTTPS
- Your users will not leave your site because they see a warning that it is insecure. And yes, users notice this, and they would rather leave than take a risk.
- Your site and your users will be more secure. HTTP leaves you and your users vulnerable to interception and injection.
- Google will be nicer to you – or, at least, not punish you in its search rankings.
Is there a reason to still use HTTP?
Even if you have a static site, you still put your users at risk if you don’t use HTTPS. Read what Scott Helme has to say on this subject.
The only reason sites still use HTTP is because their owners or developers aren’t paying attention.
Named and shamed?
In spite of what I’ve told you, there are still many sites using HTTP. You can see a list of the offenders at https://whynohttps.com/, including some big SA sites that should know better.
How do I convert to HTTPS?
It is really not that difficult:
- Get an SSL certificate. You can get this through your ISP, or from http://letsencrypt.org/.
- Install the certificate on your website.
- Update the domain to point to HTTPS.
- Update your internal links (including your sitemap and robots.txt) to direct to HTTPS.
- Redirect all HTTP pages to HTTPS with 301 redirects.
Do you develop web apps? Remember our Security Spotlight series, which is about web application security.
Here are some resources for further reading: