Do you need HTTPS?

What is HTTPS?
It’s the encryption-enabled version of Hyper Text Transfer Protocol. You can tell it’s secure because of the S. This protocol helps computers transmit information (text, image files, good stuff) from your website’s server to your customer’s computer. HTTPS scrambles info while it’s being transmitted so nobody can snoop on your customers and their info.

What is SSL?
The Secure Sockets Layer (SSL) is a protocol that provides secure communication between client and server. Here the client is your browser and server is the web site you’re communicating with. Secure communication has three main goals: privacy, message integrity, and authentication.

Four Reasons to use HTTPS

1. Top-notch Security: With SSL, your connection is encrypted. A virtual tunnel is created through which only the server and the browser can communicate. Nobody else can interpret that channel. Even if the attacker taps into that channel, he wouldn’t be able to make sense of the encrypted data. He would need the private key which is only known to the browser.

2. Scrutiny: HTTPS requires and SSL certificate and acquiring the latter for a business is a serious process. It requires official documents to be submitted which are verified by the Certificate Authorizer (CA). Only when the documents pass the validation tests, the SSL certificate is issued.

3. Legitimizes Businesses: When you visit a SSL secured site, you can be certain of the site’s credibility. You can always obtain the necessary contact details of the owner from the site’s SSL certificate.

4. Data Integrity: Data integrity refers to the consistency of the data requested and the actual data received. Consider this example: Someone visits your site for a particular post on XYZ server setup instructions. At the end of the post, you leave an affiliate link. On an unsecured site, an attacker could easily tap into the connection and send your visitor the compromised data. In all probability, he’ll replace your affiliate link with a phishing link. Thus there’s a monumental difference in the data requested and the data actually received – the integrity of the data is destroyed. With SSL, none of this is possible!

Here’s The Catch:
Establishing a secure connection requires substantial computation power both by the server and the client. This results is a slower transfer rate when compared to HTTP. That’s why most sites don’t use HTTPS all the time. They wait till the moment you try to login or make a purchase. E-commerce sites like Amazon and Newegg follow this rule. This way the browsing is blazing fast and purchases are secure.

…But, do you need HTTPS?
There are two benefits to having it:

  • a small boost in rankings (possibly larger in the future)
  • a more secure site for your users

If you run a big site, even a small boost in SEO results in tens of thousands of visitors per month.

However, if you’re starting out, you’re not going to see a real difference in your search traffic.

In the future, it could make a bigger impact, but for now it won’t.

All in all, if you’re expecting to get a significant amount of search traffic in the next few years, you should plan on switching to HTTPS.

What about security?
If you just have a blog and all you require from your users is to enter their email addresses to opt in to your email lists, you probably don’t need HTTPS for security reasons.

However, if you accept payments or important personal information for any reason, you need HTTPS on those pages at a minimum.

Between those two factors, you should know whether you need to implement HTTPS on your site at all. A large portion of sites should have it, but not all do.