Not noticeable but important
You probably didn’t notice that my website is sporting the https feature in the browser address. I wondered for awhile whether it was worth it for me to go the extra step and get one. Now I see Google is preferring that you do.
An HTTPS connection guarantees three things
- Confidentiality. The visitor’s connection is encrypted, obscuring URLs, cookies, and other sensitive metadata.
- Authenticity. The visitor is talking to the “real” website, and not to an impersonator or through a “man-in-the-middle”.
- Integrity. The data sent between the visitor and the website has not been tampered with or modified.
Here are those points explained by Kayce Basques, technical writer at Google.
- HTTPS helps prevent intentionally malicious attackers snd legitimate but intrusive companies from inserting their ads into your websites or onto your users’ browsers. They also like to trick your users into giving up sensitive information or installing malware that will negatively affect user experiences and create security vulnerabilities.
- HTTPS is not only for those that handle sensitive communications. Every unprotected HTTP request can potentially reveal information about the behaviors and identities of your users.
- HTTPS doesn’t just block misuse of your website. It’s also a requirement for many cutting-edge features and an enabling technology for app-like capabilities.
HTTP will soon be considered non-secure
And it’s also important to know that Chrome and Firefox security teams are working on gradually marking plain HTTP as non-secure. Ultimately, the goal of the internet community is to establish encryption as the norm, and to phase out unencrypted connections. This means that not have https, will negatively affect your seo and that having it improves a website’s own SEO and analytics.
Can an HTTPS connection be attacked?
There are only three ways for attackers to get through the https security wall and they are very difficult and require significant expense. In addition, they would all have to be targeted attacks, and not feasible to execute against any user connecting to any website. By contrast, plain HTTP connections can be easily intercepted and modified by anyone involved in the network connection, and so attacks can be carried out at large scale and at low cost.
I was surprised that getting an https on your website is fairly easy and inexpensive to do. Ask your service provider to set it up for you. You can set it up yourself on the control panel at your hosting company. Be sure the https shows up in the url of your browser. If it doesn’t, call your hosting company and ask them to help you out. There might be some settings they need to set on their end. and then rest assured, your visitors will have a better experience.