The Browser Community is Pushing You Towards HTTPS
Their not-so-subtle encouragement to get secure.
It’s no secret: Encryption is coming. HTTPS, the secure version of the HTTP protocol that is enabled by SSL, is the de facto standard when it comes to secure communication over the internet. But it may surprise you to know that only a small percentage of the internet is using SSL.
For years, SSL has been widely-used, even mandated, in areas like online banking, e-commerce and user portals. But when we look at the entire web, tens of millions of sites – more than 80% – still use HTTP – even though it can be dangerously insecure.
But those days are coming to an end.
There are a number of arguments for encrypting the entire web, but many still think they don’t need secure connections for their site because it’s “just a blog,” or because they don’t have user log-ins. The reality is we are no longer in an era where you can get away with using HTTP on any site.
That’s not just because you should (and in many cases, need to) provide security to your visitors. It’s because the web wants HTTPS to be expected, not an after-thought, and waiting to adopt HTTPS is going to put your website at a major competitive disadvantage.
In the last two years major browsers – including Google Chrome and Mozilla Firefox– have encouraged the use of HTTPS. Let’s take a look at three major ways the browsers are pushing you towards HTTPS:
Guaranteed SEO Benefits
In 2014 Google announced that using HTTPS would become a search ranking signal.
Usually, SEO involves jumping through all sorts of hoops, because no one but Google really understands what goes into the ranking algorithms.
But in this case, it’s crystal clear. All you have to do is install a certificate and configure your server correctly (serving all pages over HTTPS – which in the industry is known as Always-On SSL or HTTPS Everywhere). Some measurements have seen up to a 5% increase in search visibility from this simple switch.
Companies spend hundreds of hours and thousands of dollars on SEO strategies – many of which never bear fruit. But SSL sure does – it’s the closest thing to a guarantee you are going to get in SEO.
Google has said that the effect of this signal may increase over time as HTTPS becomes more widely adopted.
The Best Browser Features are Exclusive to HTTPS
Web browsers have evolved substantially since the inception of the internet. What once just displayed a page of static text can now pinpoint your exact location, access your webcam, and even respond to voice commands.
These cutting-edge features can pose a huge security and privacy risk when used over unsecured HTTP connections. Depending on where and who your users are, their location, audio, or video data can be dangerous in the wrong hands. Using leaky-HTTP almost guarantees that someone else will see the data sent and received by your users.
As a great (spider-)man once said, “with great power comes great responsibility.” That is why Google Chrome now restricts certain features to HTTPS only, in order to protect user’s privacy and data. Google Chrome’s security team has an entire proposal where they define these powerful features – but here’s the one sentence summary: These are features you don’t want to miss out on.
Some major ones – including geolocation and camera/microphone access – are already HTTPS-exclusive. Having access to a device’s orientation will flip to HTTPS-exclusive in the future, and any new powerful features added to Chrome will automatically be HTTPS-exclusive.
Think about the competitive disadvantage you would find yourself at if you didn’t have access to this ever-increasing suite of features. Something as simple as geolocation can be a game-changer for brick-and-mortar and online operations alike. Chances are, you use these advanced features on a daily basis without even realizing it – it’s one of those things you don’t miss until it’s gone.
Suffice to say, if you want to take full advantage of a user’s browser, which is quickly becoming one of the most powerful apps on most desktops and phones – you need to encrypt.
The Unencrypted Web Is Going to Get Ugly.
HTTP provides no security to your users, plain and simple. Right now, that is an ugly fact that the browsers aren’t telling us. It’s just business as usual. But Google and Mozilla want to change that.
They have proposed a plan that will make security an expectation, not a luxury. HTTP will no longer be happily accepted – instead browsers will clearly show that HTTP is unsecure by displaying a negative indicator wherever it’s used.
Today, in a browser, you usually see a harmless looking page icon when HTTP is used. In a multi-step process, Google’s Chrome browser will make that icon increasingly severe.
If you stick with HTTP, that nasty red-x will be living in your address bar, clearly telling every user on your site that their connection is not secure – imagine what that will do to your bounce rate.
This will be a gradual plan, which probably won’t be fully implemented until 2017 at the earliest. But you probably shouldn’t wait until then. After all, it’s better to be proactive than reactive.
Let’s Wrap This Up
We’ve covered three major ways the browser community is pushing your website towards encryption, and that is only the tip of the iceberg. Google recently started displaying warnings on emails sent from unsecured servers; and the entire community has decided that HTTP/2 must be deployed with HTTPS encryption – the internet is making it clear that SSL is no longer optional.
Even if you don’t see encryption as important for your site you simply cannot afford not to encrypt anymore. HTTPS will make your site faster, give you access to the most powerful browser features, boost your search engine rankings, and it’s is being built into the technologies that make up the backbone of the web.
Don’t wait for the rest of the web to zoom past you. HTTPS adoption has been exploding recently – increasing nearly 50% year over year. A time will come when you aren’t just rewarded for using HTTPS, but will be actively penalized for staying with unsecure HTTP.
Don’t wait for that time.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown