HTTPS Everywhere

The encouragements to have all websites using HTTPS (i.e. encrypted connections using TLS) probably started in 2014 with Google stating they were going to have it as a "ranking signal". In other words, Google search results would give some extra weighting to sites that were using HTTPS. However, it was Google's announcement that their Chrome browser (version 68), available at the end of July this year, would mark all websites using plain HTTP as "not secure" that was the jolt that site owners needed to make the switch, if they hadn't done so already.

For any website handling sensitive information, using HTTPS was always essential. Any form of ecommerce needs to use a secure connection as does online banking, account management and user logins. However, it used to be common practice for websites to use HTTPS for these specific purposes but otherwise use plain HTTP for everything else. Some people argue, even now, that for some purposes using HTTPS is overkill as it adds an administrative burden, adds cost and slows connections speeds. These points may be partially true, but it does miss the wider picture.

The first point is that people may not be accessing your website from trusted locations. Sadly, it is not uncommon for public WiFi access points to inject advertisements, or worse, into the web pages people are viewing. If you use HTTPS this cannot be done.

In a similar manner unscrupulous WiFi providers, or ISPs, can eavesdrop any communication between your users and your website, if you use plain HTTP. By using HTTPS you protect your users and yourself.

Thirdly, as we mentioned at the start of this article, browsers are starting to mark websites using plain HTTP as "not secure". Many, if not all, users would be wary of using any website if so identified.

Lastly, search engines, such as Google, are giving extra weighting to sites using HTTPS. So, using HTTPS may improve your sites listing in search results. If all your competitors' websites are using HTTPS and yours isn't, it may harm your search results position.

For all these reasons it makes sense to have HTTPS everywhere and to automatically switch users to HTTPS if they attempt to access your site via HTTP.


Crann Tara, The Coach House, Spean Bridge, Lochaber, PH34 4DX, Scotland

Powered by: Python, Django and Mezzanine.

Copyright © Crann Tara 1994-2018