Even newbie web developers know the difference between HTTP and HTTPS. Simply put, it’s just a matter of security. But other than that, there are several other little-known advantages to using HTTPS.
For several years now, both Facebook (2013) and Gmail (2010) have made HTTPS their default URL. However, it was not reliably switched over at the start and users often had to manually opt for the protected version. It was not until 2014 that Google announced Gmail was using HTTPS only so “no one can listen in on your messages… no matter if you’re using public WiFi or logging in from your computer, phone or tablet”.
With such big hitters making the commitment, it’s a surprise that so few independent websites have made the leap. A 2014 Moz Poll reveals that almost 25% of webmasters are planning to make the switch, with just over 17% stating their sites are already using HTTPS. But still the majority (58%) has no intention of making the switch any time soon.
The most obvious advantage is greater security. This added protection relates to users posting and sharing data, and brands whose websites may be infiltrated by ‘Men in the Middle’ hackers. It also prevents websites from being hijacked by unwanted pop-up advertisements.
These are strong reasons to adopt the HTTPS address, but there are several others. We take a look at just 6 of them.
With HTTP still so widely used, it’s clear that web browsers have been happy enough to leave internet users and webmasters to decide on security levels for themselves. But that is changing. Already, browsers are highlighting HTTPS sites as being secure, but the next step is just around the corner. Both Google and Mozilla have announced they are to highlight HTTP sites as ‘non-secure’, a move designed to warn web users off them.
If browsers are planning to identify HTTP sites as ‘non-secure’, then obviously it will affect the trustworthiness of those sites. And with a lower level of trust, their page ranking is obviously going to drop. Google confirmed in August 2014 that HTTPS would become a factor in their ranking algorithm. This threatens more than promises. While ranking downgrade is certain, ranking improvements are likely to be minimal at best. Still, it is best to err on the side of caution.
When it was launched almost 20 years ago, HTTP was seen as the be-all and end-all. But in the face of HTTPS, its shortcomings have been glaring. In May this year, a complete overhaul was finally finished and HTTP/2 is beginning to be adopted by the major browsers. However, encryption remains vital. As Mark Nottingham of the IEFT HTTP Working Group puts it: “If you want [the major browsers] to use it with your Web site, you’ll need to have HTTPS URLs”.
When a user navigates between websites, a Referrer header is sent by the browser allowing others to see the sites being visited. It’s a cornerstone of analytics. But because HTTPS websites are protected, that Referer header is not delivered to HTTP sites. That means HTTP sites are not going to learn about all of their visitors, which in turn affects their analytics and ultimately marketing strategies. So, for more accurate analytics, switching to HTTPS is going to be necessary.
With the continuing growth of mobile devices globally, it is impossible to design a website without considering mobile compatibility. Both apple and Android have identified security as an essential aspect of all apps. Apple in particular has insisted that, for iOS 9, all connections must use SSL (or TLS). They stated that new apps “should use HTTPS exclusively”. They also said that “communication through higher-level APIs needs to be encrypted using TLS version 1.2”. And if these are not done an error is thrown out.
As part of its commitment to security, pages on HTTPS websites are not able to load HTTP resources. This directly affects many of the third party components used. But with the swing now moving away from HTTP, web designers are going to have to make the change. It may not be convenient, but it’s something that must be done. So, it’s preferable to remove the old components and opt for compatible components that complement the new wave of change.
Upgrading a website to the more secure HTTPS is not a simple process. This is especially so for large websites.