A client came to us recently for some help with a website that was almost ready to launch, but needed a few final edits. We immediately noticed it was running on HTTP instead of HTTPS. When we suggested installing a SSL certificate and enforcing HTTPS, the client naturally asked why. Well, this is a good question. So let’s break down what the difference is between HTTP & HTTPS, and why it matters to you and your website.
What is the difference between HTTP & HTTPS?
Just one letter. Kidding. In a nutshell, HTTPS is secure is HTTP is not. HTTPS is essentially HTTP with encryption. There is all sorts of information out there about the origination of HTTP and HTTPS, but for the purpose of this explanation we’re going to keep it simple and strictly to what you need to know as a website owner today.
HTTP stands for Hypertext Transfer Protocol.
That first part of your website address, http://, tells the web browser to connect to your website over HTTP, which uses Transmission Control Protocol (TCP) normally over Port 80, to send data across the web. TCP was first defined in 1974. You read that right, 1974. And while it’s made some enhancements since then, it’s mostly the same. HTTP operates at an application layer.
HTTPS stands for Hypertext Transfer Protocol Secure.
When your website begins with https://, this tells your browser to connect to your website over HTTPS. HTTPS also uses TCP to send and receive data over the web, but it does so over port 443, within a connection encrypted by Transport Layer Security (TLS), thus making it more secure. HTTPS was originally created by Netscape (remember them?) back in 1994. HTTPS operates at a transport layer.
Most websites that use HTTPS enforce it by redirecting any traffic that comes through HTTP to HTTPS. This is one of our best practices. This means if anyone happens to type in, or link to your website using http://, it will change over to HTTPS automatically, keeping your website secure.
To put it simpley, with HTTPS the data is encrypted before sending your website’s info across the web.
Why should you care if your website uses HTTP or HTTPS?
There are a few reasons why it’s important for your website to use HTTPS:
- User trust
- Performance Benefits
- SEO Advantages
Let’s break down these advantages in more detail:
User Trust is an Important Reason to have a SSL Certificate
HTTPS is the standard these days, and website users have come to expect it. When users are interacting with a website, getting ready to fill out a form or give information, they almost always immediately glance up to the top bar to make sure the website is secure first. User trust is key for your website, and running your website on HTTPS is essential to ensure it.
There are Performance Benefits that come with using HTTPS
In the past it was argued that HTTP was faster because enforcing HTTPS required internet browsers to take an extra step (called a TLS Handshake) to ensure a secure connection before loading the website. However, without getting into all of the technicalities about how and why, the updates browsers (how you access websites) have made over the years have actually made it so that performance benefits are given to websites running on HTTPS. You can actually get a good speed boost simply by converting your website to HTTPS, without any other configuration changes.
Security, of course, is One of the Main Reasons to use HTTPS over HTTP
Almost every website today, especially for a business, has some sort of contact form at the very least. Therefore, you are collecting a person’s sensitive information (their contact information). If sensitive data is entered into a HTTP web page, that data is transmitted in cleartext and can be read by anyone. Anyone. As a business owner, you want to make sure any sensitive data you collect is done so over a secure connection.
There are SEO Advantages to Using HTTPS vs HTTP
Google’s Search algorithms are always evolving, and in recent years one of the changes has included a preference for secure websites. As website developers and digital marketers with a focus of driving traffic to websites, what Google suggests, we take seriously.
The Difference Between HTTP and HTTPS is Important
In closing, having a SSL certificate (HTTPS) installed and running on your website used to be a “luxury” mainly reserved for those running e-commerce websites. Now, it’s a necessity. It’s a common best practice that has come to be expected of every website. And because most good, reputable hosting companies now offer SSL certificates for free as part of your hosting plan, there is really no reason to be without HTTPS these days.
If you’re stuck in HTTP land and not sure how to make the switch, contact us and we’ll be happy to help switch you over!