What is HTTPS?
I recently wrote about how Google is no longer going to alert users that a site is secure. Instead, they’re going to alert users if a web page isn’t secure. This is because most sites nowadays use HTTPS instead of HTTP because it’s is a more secure communication protocol. So, with that in mind let’s take a more in-depth look at it.
The one-sentence version is that HTTPS (The ‘S’ means secure.) secures the connection between your web browser and the web server. When you see the padlock icon in the address bar you know that the web page is secure.
What’s the difference between HTTPS and HTTP?
It’s really pretty simple. HTTPS encrypts the traffic going between your browser and the web server and HTTP doesn’t. That’s why logging in to a web page that isn’t using HTTPS means that the data you’re sending – a username and password, for example – isn’t encrypted and is capable of being intercepted. I shouldn’t have to tell you why this is bad. It’s why you should never enter any sensitive information into a web page unless you’re sure that it’s using HTTPS.
SSL Certificates
All HTTPS pages need something called an SSL(Secure Sockets Layer) certificate. The browser determines that the web page is secure by checking with the issuer of the certificate to see if it’s legit. You can see who issues the SSL certificate by clicking the padlock icon in the address bar. If you then click on “Certificate (Valid)” you’ll see who issued the SSL certificate.
Why you should care about HTTPS
HTTPS is important if you care about keeping your data away from prying eyes. If you entered your name and password somewhere on a site containing an HTTP connection the bad guys could steal it. That wouldn’t be possible if the page were using HTTPS.
According to Let’s Encrypt around 70% of all web pages loaded in Firefox are using HTTPS. This percentage will continue to rise because we’re conducting more and more of our business online. Think about how you were doing things twenty years ago compared to today. That’s a big change that presents enormous security and privacy issues. You need to care for the simple reason that you don’t want someone using the virtual equivalent of “shoulder surfing” as you enter your sensitive data into a website.
Google’s ranking algorithm
No discussion of HTTPS would be complete right now without mentioning the fact that way back in 2014 Google said that HTTPS would be used as a ranking signal. Ranking signals are what’s used to determine if a website is listed on page one in Google search or way down on page ten, or worse. Now, how much weight Google actually gives to this particular ranking signal is anyone’s guess. I get the impression that the jury is still out. However, if you’re curious this article from SEMRush on HTTPS and the Google SERPs is probably a pretty good place to start.