TECH NOTE: The Trend to put web sites on an HTTPS server
Web sites are served up over a protocol called HTTP, which stands for “hypertext transfer protocol —this is a standard way your computer communicates with the web site you’re viewing. A secure site uses a security certificate called SSL, which changes the URL to HTTPS. This added security basically protects your computer’s communications so that it’s harder for other people to listen in and figure out what you’re doing or get the information you’re sending online.
You probably know that a web site that collects sensitive information like credit card data needs to be on a secure server. These servers have the prefix "HTTPS" in front of the domain name rather than the usual "HTTP" prefix. These servers encrypt information going to and from the server, preventing hackers from sniffing out sensitive information as it passes through the Internet. When you load a web site over plain HTTP, your connection to the site is not encrypted. This means anyone on the network can look at any information going back and forth, or even modify the contents of the site before it gets to you.
In the past, you only needed to provision your site with HTTPS server if you collected sensitive information from your visitors such as credit card data. However, the trend today is a move towards making ALL web sites secure. Google is the principal force driving this change.
Since July 2018, Google's Chrome browser started marking all "HTTP" sites as “not secure.” The Chrome browser warns users about this with an extra notification in the address bar as shown in the image to the right. Chrome currently marks HTTPS-encrypted sites with a lock icon to show that these sites are secure. In Google’s opinion, users should expect that the web is safe by default and they should be warned if a site is not.
Why This Is Important
- Google Chrome is now the dominant browser in the world, accounting for 80% of the market as of the end of 2018. In comparison, Mozilla Firefox accounts for 10.1% and Apple Safari 3.4%. So, the chances are 4 out of 5 that visitors to your web site will see a message indicating that your site not secure. NOTE: the other major web browsers (Mozilla Firefox and Apple Safari) are also moving to a user interface that will warn users about insecure pages.
- Google search began down-ranking unencrypted sites in 2015. Google Search is the dominant search engine on the Internet, with a market share estimated at 90%. That means that, in spite of the best Search Engine Optimization, your web site will come up lower in the search results on Google if it is not using an HTTPS server.
Recommendations
We recommend that all our clients consider moving their sites to an HTTPS server. It isn't mandatory, but the benefits may be worth it to you. The following table shows examples by the type of information your web site visitors enter.
1. Is read-only information only with no forms |
Optional |
Main benefit is better search engine ranking |
2. Has a contact us page e-mail form |
Optional |
E-mail addresses entered are secure; better search engine ranking |
3. Sells products via shopping carts like Mal's |
Recommended |
Personal information entered is secure; better search engine ranking |
4. Has a customer login area using a User ID and password |
Recommended |
Login information is kept secure; better search engine ranking |
Benefits and Costs to go to an HTTPS/SSL Platform
We've provided a short list of the benefits and typical costs below. The costs shown are for a typical situation. However, your site may need a different type of SSL certificate. For a detailed price quote, please contact us.
Benefits of going to HTTPS/SSL
- Data entered by visitors on your web site is secure.
- Your search engine ranking will improve.
- You will earn the trust of your web site visitors.
Costs of going to HTTPS/SSL
- Initial cost: typically $119. This includes purchasing a certificate for first year, installation on server and re indexing site for search engines.
- Annual cost: typically $69. This is for renewal of the HTTPS/SSL certificate.
Posted: April 2019