HTTPs for websites-why websites need that little green padlock

Posted by: Alex on August 11, 2018

guwii https green padlock

You’re probably familiar with that little padlock symbol in the address bar of your website browser, usually giving an indication that the site has some kind of security, the majority of people glance at it and pay no further attention. So what is it and why does it exist?

What is HTTPs?

HTTP: Hypertext Transfer Protocol
HTTPs: Hypertext Transfer Protocol – Secure
The HTTP protocol is the way in which your computer communicates with the website you’re visiting.

As a non-technical example, HTTP is like you’re talking to your friend in a crowded room, anyone could listen in on your conversation and you might not even notice, this might be okay if you’re talking about common knowledge (for this example, imagine just reading a news article online).
You certainly wouldn’t want someone listening in to your conversation if you started talking about personal information, so we need a new method of communication. In our real-world example, imagine being able to telepathically talk to your friend without anyone hearing what you’re discussing—I know some people would love this skill, but sadly humans can’t yet do this, but HTTPs can!

HTTPs ensures that data you send and receive to that website is encrypted, so anyone snooping in the middle will only see scrambled letters instead of readable data.

The security and anonymity of your data are always vital, but there are situations where it’s even more important, such as wifi networks (eg cafes/airports). HTTPs is a great first stepping stone in ensuring your data isn’t being snooped on.

A little history

HTTPs technically began way back in 1994, created by Netscape—mostly used for securing the most confidential parts of the web, such as payment forms. It wasn’t until 2012 onwards that more websites started to fully enable HTTPS for the whole site, it was still only the largest sites that undertook the large technical difficulties to do this however. Finally, in 2016 HTTPS finally got traction with the vast majority of websites, thanks to services such as LetsEncrypt—which make the TLS/SSL certificate process a lot simpler.

In 2014 Google listed HTTPs as a ranking signal, meaning sites that had HTTPs enabled might gain a slight boost in their Google search position. Sadly, only then was this the turning point for most websites to start focusing on installing an encryption certificate (of course user privacy and security should have been the main driving force, but a lot of businesses started paying attention when there was a benefit for themselves).

Why would you want it?

Simply put, there’s no real reason to not at least start getting your website on HTTPs. Google wants “HTTPs everywhere”, a state where the whole internet uses the secure protocol. It has several benefits; giving website users peace of mind that their data is at least being transferred securely and a possible boost to website rankings on Google (et al). Also, HTTPs is now a major stepping stone in enabling websites to use some of the latest web technologies such as service workers, which can help websites behave more like an app rather than just a simple website.

It’s worth noting that not all HTTPs connections are quite the same, HTTPs relies on a ‘certificate’, these are bits of data that set guidelines and agreements for any data the website sends or receives, some of these certificates use weaker/older encryption methods and Google Chrome now will even show a warning for these. As an example, here’s a warning in Google Chrome 70 showing that even PayPal is using a weak certificate:

PayPal HTTPs Certificate error in Chrome 70

PayPal HTTPs Certificate error in Chrome 70

Why you need it!

Web browsers, such as Google Chrome, now pretty much demand websites to have a special digital certificate (TLS or SSL), thus enabling HTTPs encryption. As of Chrome version 70+ if you try visiting a website that has a form element on it without one of these digital certificates, or even a weak certificate you’ll end up seeing this error:

HTTPs connection not private warning

How can you get HTTPs?

Do you have a website that needs updating and upgrading to use HTTPs? Get in contact with guwii today and we’ll ensure your site loads securely, helps reassure your users of its authenticity and puts your site in the best standing for further SEO.