HTTPS and why it matters
For the last 18 years HTTP, also known as hypertext transfer protocol, has been the fundamental building block for all communication over the world wide web. Its not hard to imagine that the security concerns of the world have changed drastically in the nearly two decades since. Today HTTP information can be intercepted, read and manipulated fairly regularly without added layers of security.
Fear not! There is a solution called HTTPS. The “S” stands for secure and, without nerding out on you, lets just say it adds another layer of security to the protocol by encrypting the transfer resources. HTTPS has two subsets (called SSL and TLS) with SSL being the predecessor and having known weak points in its encryption. This means TLS is more regularly updated and some people consider SSL to be outdated – with Google being one of them. As a result Google encourages you to use TLS to best secure your website.
Clearly HTTPS has been around long enough to have multiple subsets, so why bring it up now? While I’m sure there are many reasons, the two most important are:
- Credibility – over 9 out of 10 internet users were more likely to trust a website if it displays security indicators. This includes both purchases as well as leaving personal details and information. For HTTPS this added security is relayed as a green lock symbol in the address bar as seen below.
- In addition to highlighting sites that are secure, Google Chrome is soon to be openly calling out sites which are not with a red “not secure” alert in the address bar. Currently this is only shown for non-SSL pages that ask for a password or credit card information. However, Google has made it clear this will not be the case forever. In effect, it’s another method to urge sites to conform to HTPPS lest they be seen as insecure.
- HTTPS as a ranking signal. After realizing the risks of not running TLS based HTTPS, Google “called for HTTPS everywhere on the web”. Most likely in an attempt to push websites to this protocol, Google added it as a “lightweight signal” for ad ranking. They followed up that statement with the notion that weight could be added to the signal for ad ranking. That was over 2.5 years ago, and more recent research shows sites with HTTPS consistently have higher ad ranks.
Is HTTPS worth it for you?
Like any major site-wide change, you have to consider the broader business case, costs, and benefits. Google is doing what it can to incentivize and nudge the web to adopt these security measures. I suspect that pressure from Google will increase, especially as adoption increases, and that we’re within a year of a tipping point where at least half of page-1 results will be running on HTTPS.
Today’s users are more aware then ever about their security on the web. HTTPS is no longer just for retail or transaction-based businesses but also form submissions or requests for information. With Google’s algorithm taking security into consideration, can you afford not to?