HTTPS, or Hypertext Transfer Protocol Secure, is an internet protocol that allows your computer, smartphone or any other internet connected device to securely connect to a website. HTTPS was once only recommended for websites that transmitted sensitive information, such as user logins or credit card data. Nowadays, there's a push to secure the web by implementing HTTPS on as many websites as possible, big or small, no matter the functionality. Many of the top websites use HTTPS by default and if you have a website, yours should too.
HTTPS is the secure version of HTTP, which is a protocol that your web browser uses to transfer data when communicating with websites. The internet is built on HTTP, but it's also inherently insecure. Any other computer in the middle of these communications can see the data being transferred and can access it, read it and modify it. This can range from a malicious user trying to steal your information to your ISP trying to insert ads into the websites you’re browsing. HTTPS helps keep your data private and secure by encrypting web communications between the browser and the website, making sure nobody else can access it. This is very important when transmitting sensitive data that you don't want other to see, especially on insecure networks like public wifi, where anybody on the same network has the ability to access your browsing data if you're visiting a website that doesn't use HTTPS.
To know if you're browsing a site using HTTPS, just check the url in the web browser. If using HTTPS it will start with https://. Most browsers also display some sort of lock or secure icon to let you know you're browsing a secure website. You can click on the icon to get more information about the site as well.
Moving away from HTTP
In recent years, there has been a big push in the internet community to move away from HTTP and secure all web traffic by using HTTPS. The US government has required every public facing government website to run over HTTPS. Google has been transitioning all of its products and services over to HTTPS and many of the top sites on the internet have been moving to HTTPS as well. The next version of HTTP that’s built into web browsers, known as HTTP/2, will only support secure connections and HTTPS enabled websites will actually load faster in HTTP/2, so moving to HTTPS will help future proof your website.
There are obstacles in moving to HTTPS, including the cost of obtaining a secure certificate and the complexity of getting your site up and running with HTTPS enabled. To help alleviate these issues, in 2015 the Electronic Frontier Foundation launched Let's Encrypt, a certificate authority that provides free identity certificates and an automated solution to renew these certificates, greatly reducing the barrier of entry for running a secure website.
Google Chrome, the most popular web browser today, is doing its part in notifying users when they are browsing insecure websites. Currently Chrome shows a warning when entering in passwords or credit card information on sites only using HTTP. Starting in October 2017, Chrome will start displaying the warning when entering in any data on any website not using HTTPS, whether the information is sensitive or not.
A website's SEO, or Search Engine Optimization, affects its placement in search results from internet search providers such as Google and Bing. Having solid and comprehensive SEO on your website is crucial ranking higher on SERPs (search engine result pages).
Starting in 2014, Google started using HTTPS as a ranking signal when indexing websites. If all aspects of the result are equal when comparing to another, a site with HTTPS enabled will be higher up in search results than a site without HTTPS.
Google is also moving to a mobile-first indexing of the internet, as more people use Google search on a mobile device than on a desktop. This means search results will show up based on the mobile version of the website, including mobile compatibility and content available on the mobile version. To go along with their mobile-first version on of the internet, Google has been pushing their AMP, or Accelerated Mobile Pages, framework which allows mobile pages to load almost instantaneously on your mobile device. AMP enabled pages also show higher in Google's search results, and as you've guessed, AMP requires HTTPS to be enabled to integrate with a website.
Help is on the way
All of this leads to HTTPS being a best practice for your website. Your site will be easier to find in SERPs, your visitors will know your site is secure while browsing and you can rest easy knowing your site is future proofed for upcoming technologies. If you have a website that is still running on HTTP, get in touch with us and let's talk about transitioning your site to HTTPS.