Have you guys heard of this HTTPs thing that Google is all hell-bent on? No? Oh, wow. You must be living under some pretty amazing looking rocks then, because this issue is everywhere. So for those still in the dark wondering what is the difference between HTTP and HTTPs, we’re here to help.
What is HTTPs and what is the difference between HTTPs vs HTTP?
What is HTTPs, or Hypertext Transport Protocol Secure, is a form of site security that protects the confidentiality of your website visitors’ data. A secure site is a safe site, and a safe site is a friendlier place for your users, especially if they are required to supply your website with any sort of data. Different from HTTP, adding HTTPs to a website ensures that whomever is inputting data into any form on said website is communicating solely with the authorized owner of the site and no one else.
Say you’re signing into Amazon Prime to watch yet another Nic Cage flick, okay? Check out the URL of the page you’re on.
See that? HTTPs, sucka! You know that when you enter in your login information on Amazon, only they will have it. Without HTTPs? Who knows? And we don’t think you really want to find out, do you?
But what does HTTPs really mean, what is HTTPs and what of your information?
We’ll just let Google take this one:
With HTTPS, information is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:
- Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
- Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
- Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.
“So that’s HTTPs. Got it! Do I need it, though?”
The short answer is no. The long(er) answer is still no but there’s a caveat. Why wouldn’t you have HTTPs on your site? Here’s the thing, we’re pretty sure Google wants to see HTTPs across the web so this whole dang thing is a safer place. There have even been rumblings that Google will now warn users when they are not on an HTTPs secure site. If this is true, then the era of HTTPs seems like a simple algorithm update away.
With HTTPs implemented on your site…
You’re essentially helping search engines see your site as secure. And that can never be a bad thing. What if Google flips another switch and says, “That’s it! We’ve had enough of these non-secure site. Your rankings will now go down if you are not secure!” Because they might. (And they probably will…)
So what do you do?
According to Google’s handy-dandy checklist, you:
- Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.
- Use relative URLs for resources that reside on the same secure domain. For example, use to refer to a page on your site example.com, rather than. Doing so ensures your links and resources always use HTTPS. It also has the side benefit of making local development less error prone because images, pages, and other resources are loaded from your local development environment instead of the production environment.
- Use protocol relative URLs for all other domains (e.g. //petstore.example.com/dogs/biscuits.php), or update your site links to link directly to the HTTPS resource.
- Use a web server that supports HTTP Strict Transport Security (HSTS) and make sure it’s enabled.This mechanism tells the browser to automatically request pages using HTTPS even when the user enters http in the browser location bar. It also tells Google to serve secure URLs in the search results. All this minimizes the risk of serving unsecured content to your users.
HTTPs is extremely important for any site requiring users to submit any sort of information. Now that you see what HTTPs is exactly, it’s time to implement.
How to implement HTTPs / TLS on your website
Implementing HTTPs on your website isn’t all that difficult. The quickest way is to make sure your web hosting company (GoDaddy, etc.) offers this sort of encryption. Contact them and request they “turn on” HTTPs for your site. In most cases, this will be an additional charge. But what’s a couple extra bucks to know your users’ private data is safe?
With HTTPs on your site, you are now offering a safe and better user experience for all of your visitors.
Comments on this article are closed.