In a blog post published in February 2018, Google announced that it would mark sites not running HTTPS as ‘Not Secure’ with the release of Chrome 68 on July 24 2018. With the imminent arrival of this next Chrome version, time is running out for sites who have not made a move yet.
With Chrome currently having over 60% of the web browser market share, this move by Google will have a significant impact on sites still running HTTP. Google’s move to push a more secure web by driving sites towards HTTPS is nothing new. Sites not using HTTPS have been ranked lower in Google’s search rankings for some time now. In the current version of Chrome, sites running HTTP are marked with an informational “i” in a circle which only states ‘Your connection to this site is not secure’, however, with the release of Chrome 68, any site running HTTP will be clearly marked as ‘Not secure’ in the browser’s URL bar.
Why Sites Resisted the Move to HTTPS
HTTP has long been considered an insecure protocol, but many sites have resisted the move to HTTPS. The reasons have been varied and may have been valid in the past. However, with the advances web technology has made in the past few years, along with new services which have come online, there is no longer any reason sites should continue serving pages over HTTP.
Caching
One of the primary reasons sites challenged the move to HTTPS was that you could not cache content. A lack of caching support meant slower load times for users, especially those situated in locations which were not close to the site’s server. Although this fact may have been true in the past, progress made in server, browser and CDN technologies now fully support HTTPS caching.
Certificates
Another reason sites did not want to move to HTTPS was that the certificates required to enable SSL were expensive and had to be renewed every few years. While SSL certificates do come at an additional cost, the prices have not been astronomical and new services which have come online, like Let’s Encrypt, provide this service for free.
Speed
HTTPS was also considered to be slower than HTTP due to the additional overhead needed in setting up and creating the encrypted connection between the site and the user. Whereas this may have been true a couple of years ago, advances in server and browser technology make this argument irrelevant today. In addition, HTTP/2 is only supported over HTTPS and is faster in both performance and site load times than the original HTTP protocol.
The Added Benefits of HTTPS
There is no valid reason a site should not be running HTTPS today. In fact, there are several benefits over and above encrypting traffic to a website which HTTPS has to offer.
Better Site Ranking
As mentioned, Google ranks sites which run HTTPS higher than sites which only run HTTP. In a world with billions of websites, ranking high on a Google search could mean the difference between a business succeeding or failing. The fact is any commercial inquiry these days starts with a web search, and if your site does not feature in the top few places, you are at a disadvantage.
Security
HTTPS is more secure than HTTP. After all, this is why the protocol was introduced in the first place and why Google and other industry players are pushing for HTTPS and a more secure web. By encrypting the traffic which is sent between the website and the user, HTTPS ensures information stays private. Over and above the apparent benefits of encrypting usernames and passwords, HTTPS also verifies the identity of the site a user is visiting. This site verification is particularly useful in preventing phishing attacks where fake sites set up by attackers trick users into revealing their login credentials.
HTTP/2
As mentioned your site needs to run HTTPS for it to take advantage of the benefits HTTP/2 has to offer. Over and above the speed benefit, HTTP/2 supports multiplexing which allows a user’s client to load multiple requests on the same connection. It also allows for prioritization which gives developers the ability to tag their code with dependency levels, so that site assets, like JavaScript, CSS, or image files load in the order they specify. In addition, HTTP/2 is binary and not textual which significantly reduces the amount of data being transferred and, as is the case with HTTPS, Google ranks sites running on HTTP/2 higher than those using the original protocol.
Increased Customer Confidence and Conversions
The Internet as we know it, with websites, apps, and services, all made possible with the introduction of HTTP, has been around for over 20 years. As a result, users interacting with websites on a regular basis have come to know security. With so many data breaches making the news, hacking featuring in movies and tv shows, and the continuing education on security awareness which has been driven by the technology industry, users have become security conscious and are very cautious when entering their username and password on Internet sites. Sites not running HTTPS run the risk of losing visitors and potential customers who do not want to interact with a site they deem insecure. The added measure of clearly labeling sites as ‘Not Secure’, which Chrome 68 introduces, will highlight site insecurity and drive down customer confidence and conversion even further.
Make the Change to HTTPS if You Have Not Already Done So
There is no longer any reason your website should still be running on HTTP. The previous HTTPS disadvantages of no caching, cost and reduced speed are no longer valid. In fact, moving to HTTPS has several benefits which include increased security, better customer conversion, HTTP/2 support, better search engine ranking, and of course not being labeled as ‘Not Secure’ by Chrome 68.
At CDNsun we offer our customers HTTP/2 website acceleration and free custom SSL services. Contact us today to find out how we can help move your site to HTTPS and improve its performance.