The number of websites supporting HTTPS—HTTP over encrypted SSL/TLS connections—has skyrocketed over the past year. There are many benefits to turning on encryption, so if your website not yet support the technology it’s time to make the move.
Recent data from Chrome and Firefox show over 50 percent of web traffic is now encrypted, on both desktops and mobile devices.
Further survey’s conducted in February of this year have revealed that 20% of the world’s top 1 million most visited websites support HTTPS compared to around 14% back in August.
There are various reasons for the accelerated growth of HTTPS. Some of the previously challenging hurdles are easier to overcome, the costs have decreased and there are many incentives to have it in place.
One of the longstanding concerns regarding HTTPS is its perceived negative impact on servers and page load times. Encryption usually comes with a performance penalty, so why would HTTPS be any different?
Well thanks to improvements to both servers and client software over the years, the impact of TLS (Transport Layer Security) encryption is negligible at best.
Not only is the impact minor on the backend, but makes browsing quicker for users who have HTTPS turned on. The reason for this is that modern browsers support HTTP/2, a major revision of the HTTP protocol that brings around many performance improvements.
Bad HTTPS is worse than no HTTPS, because it gives a false sense of security to users.
Due to poor documentation, continued support for weak algorithms and new attacks constantly being discovered, there used to be a high chance for server admins to end up with vulnerable HTTPS deployments.
Mixed content can be a headache
Adding resources like images and videos over unencrypted connections into an HTTPS website will prompt security alerts in a user’s browser, and because many websites are reliant on external content for their functionality, the mixed content issue has kept many from migrating to HTTPS.
The good news is that many third-party services have added HTTPS support in recent years. The proof this is not as bad a problem as it used to be is that many online media websites have already made the switch to HTTPS.
Other possibilities include using services such as CloudFlare, which acts as front proxy between users and the web server that actually hosts the website. CloudFlare encrypts the web traffic between end users and its proxy server, even if the connection between the proxy and the hosting web servers remains unencrypted. This secures only half of the connection, but it’s still better than nothing and will prevent traffic interception and manipulation close to the user.
Add Trust & Security
One major benefit of HTTPS is that it protects users against MitM attacks that can be launched from a compromised or insecure network.
Hackers use techniques like this to steal sensitive information or inject malicious content into websites. MitM attacks can also take place at the highest levels of the internet infrastructure.
Furthermore, Wi-Fi hotspot operators and even some ISPs use MitM techniques to inject ads or messages into users unencrypted web traffic, HTTPS can prevent this.
Penalties Not Having HTTPS
Google started to use HTTPS as a search ranking signal in 2014, meaning that websites with HTTPS available, receive an advantage in search results over those that don’t. While the impact of this ranking is currently minor, Google has plans to strengthen this over time in order to encourage HTTPS adoption.
Browser creators are also pushing for HTTPS. The latest versions of Chrome and Firefox display a warning if users enter passwords or credit card details into forms loaded on non-HTTPS sites.
In Chrome, websites that don’t implement HTTPS are prevented from accessing various features such as geolocation. Chrome plan on going a step further and display a “Not Secure” indicator in the address bar for all non-encrypted websites.
Unsure how to implement an SSL on your website? Get in touch today and we can take care of your requirements.