At one time, websites used HTTPS primarily for protecting sensitive information submitted on their website. But if it wasn’t necessary, most sites wouldn’t use it. It could be costly and there was a performance hit. And although this rationale may have made sense at one point, as the web continues to evolved, there are more and more reasons why it makes sense to switch all traffic to HTTPS.
Why HTTPS?
1. Security and Privacy
The fundamental reason for using HTTPS has always been security. Since the traffic is encrypted end-to-end, any information sent by users is protected from outside eavesdropping. This included sensitive information like passwords, credit card numbers, but also includes generic information about user browsing activity. With HTTPS in place, users can have confidence their activity is not being spied on somewhere between them and the server.
2. Content Integrity
In addition to security, HTTPS also protects the integrity of the webpage. Users won’t have to deal ISPs inserting add or trackers into the page as in travels through the network.
For example, last August, Jonathan Mayer documented how AT&T was injecting advertising into sites that he visited while connecting to the Internet via a nearby hot spot. If these sites had been served over HTTPS, though, the ISP would not have been able to actually change the contents of the pages, since the data would have been encrypted. Using HTTPS means both the website owner and users know that what is displayed in the browser is the same code that is being sent by the server.
3. Better Search Rankings
Over the past couple years, HTTPS has begun to play a factor in the world of search engine placements. According to Google, the use of HTTPS is a ranking signal they use. And although it may be a small factor in the algorithm, it’s a factor nonetheless, which provides another reason for anyone interested in search results to make the switch.
4. New Functionality
Another incentive for HTTPS is that it is required for new features. For instance, Service Workers requires HTTPS. The same is true of the use of getUserMedia() (which allow taking pictures or recording audio) as of Chrome 47. Chrome 50 requires that Geolocation, with getCurrentPosition() and watchPosition(), also be used over HTTPS. In general, utilizing HTTPS gives developers the possibility of using new features in the ever evolving platform of the web.
5. Improved Performance
And finally, HTTPS also has performance implications. In the past, the objection was that it would cause too much of a performance hit, but that is beginning to change. Many of the recent technological advances that promise to improve the speed of a site are beginning to require the use of HTTPS.
HTTP/2, for instance, is currently only being supported by browsers when over a secure connection. The same is true of the Brotli compression format, which Firefox only supports via HTTPS. The AMP Project, which has been garnering attention lately, is another place where HTTPS plays a significant roll, being required for many of the allowed tags.
Why Not?
We’ve taken a cursory look at some of the reasons for switching to HTTPS. And the number of the reasons to do so will only continue to grow as time goes on.
Although buying and setting up a security certificate was once a costly proposition, services like Let’s Encrypt are changing that. Now it can be done quickly and at low (or no) cost. Which is one more reason to go ahead and make the jump if you haven’t already.