If you’ve been on the Internet for a decent amount of time you’ll probably know what HTTPS is. It’s sometimes called SSL (Secure Sockets Layer) or TLS (Transport Layer Security). It can be seen in most web addresses starting with https:// like https://www.google.com or denoted by the little padlock icon in most modern web browsers like Google Chrome.
HTTPS is a protocol for browsing websites (and other mediums) secured with an SSL or TLS certificate (SSL is the old name and version of TLS, more used today). This certificate is signed by a trusted authority (called a Certificate Authority), served by the website and then verified by your computer (more specifically your web browser) to create an encrypted connection between your computer and the website you’re visiting. Any data sent from your computer, including PII (Personally Identifiable Information), credit/debit card and other sensitive information is encrypted using this certificate as it is sent across the Internet.
So essentially it keeps users safe to an extent, but why do you need one on your website if you’re not handling PII or other sensitive data?
Well, firstly you could be handling PII and not even know it. If you have a contact or enquiry form for your customers to get in touch with you, register their interest in something, generate a quote or sign up to a newsletter, then you’re handling PII.
Secondly, Google Chrome and other web browsers will display a red warning or “Site Not Secure” in the address bar of any website which doesn’t have HTTPS and is requested as such. If this doesn’t put off a potential customer or visitor, I don’t know what will.
Search engines like Google and social media websites like Facebook can even sometimes link to websites with the https:// prefix by default, so if your website doesn’t have HTTPS, this will result in the website not loading or displaying errors and warnings.
Additionally, some search engines like Google will automatically prefer websites with HTTPS over ones that don’t, so if your competitors have HTTPS, they may likely rank better than you on Google and such.
All of these reasons are good enough reasons in my eyes why every website should have a HTTPS certificate and I believe that modern browsers like Google Chrome might completely block “insecure” non-HTTPS websites altogether in the years to come.
If you have a small website and a generous (good) enough hosting provider, you can even get a simple free HTTPS certificate, or a cheap one at least.
It’s a small price to pay for peace of mind.
If you notice a website without HTTPS, feel free to send this article to them. It’s likely they either don’t know they didn’t have HTTPS or don’t know the benefits of having it (or risks of not).
Feel free to get in touch if you need help installing HTTPS on your website. I have a bit of experience in this field.
Thanks for reading.