Which traffic is better for a website

GlobalSign Blog

Wait a minute, are there really two of them? Occasional users rarely notice, but HTTP (or http: //) and HTTPS (https: //) are both options for the beginning of a URL, and make an important difference for all the web pages you visit every day. Even if you're not very interested in figuring out how this stuff works, we bet this article will broaden your horizons. Think of this as your first lesson in learning more about internet security.

This is the difference between HTTP and HTTPS as explained by this great infographic from FirstSiteGuide. In the following I will explain the most important points.

HTTP: No data encryption implemented

Any URL link that begins with HTTP uses a simple type of Hypertext Transfer Protocol. This was created by Tim Berners-Lee in the early 1990s, when the Internet was still in its infancy. With this network protocol standard, web browsers and servers can communicate with each other by exchanging data.

HTTP is also known as "a stateless system," which means that it enables a connection when it is needed. You click a link to request a connection and your web browser sends that request to the server, which responds by opening the page. The faster the connection, the faster the data will be displayed to you.

As the "Application Layer Protocol", HTTP focuses on displaying the information but is less concerned with how that information gets from one place to another. Unfortunately, this means that HTTP can be intercepted and possibly modified, leaving both the information and the information recipient (i.e. you) vulnerable.

HTTPS: Encrypted connections

HTTPS is not the opposite of HTTP, but rather its younger cousin. The two are essentially the same as they both rely on the same "hypertext transfer protocol" which makes it possible to display requested web data on your screen. But HTTPS is a little different, more advanced, and much more secure.

Simply put, the HTTPS protocol is an extension of HTTP. The "S" in the abbreviation comes from the word "Secure" and it is supported by Transport Layer Security (TLS) [the successor to Secure Sockets Layer (SSL)], the standard security technology that allows an encrypted connection between a Web server and a browser.

Without HTTPS, all data that you enter on the website (such as your user name / password, credit card or bank details, other data transmitted via forms, etc.) are sent unencrypted and are therefore susceptible to interception or eavesdropping. For this reason, you should always check that a website is using HTTPS before entering any information.

In addition to encrypting the data transmitted between the server and your browser, TLS also authenticates the server you are connecting to and protects the transmitted data from manipulation.

It helps if I think of it this way: HTTP in HTTPS corresponds to a travel destination, while SSL corresponds to a trip. The first is responsible for getting the data on your screen, and the second manages the way to get there. By joining forces, they move data securely.

The pros and cons of HTTPS

As mentioned earlier, HTTPS helps ensure cyber security. It is without a doubt a better network protocol solution than its older cousin HTTP.

But does HTTPS have all advantages? Maybe there is a disadvantage after all? Let's find out.

The advantages of using HTTPS

The security advantages mentioned above - authentication of the server, encryption of data transmission and protection of the exchange from tampering - are the main obvious advantages of using HTTPS. Website owners want and need to protect their visitors' data (HTTPS is actually a requirement for websites that collect payment information in accordance with the PCI data security standard), and website visitors want to be sure that their data is being transmitted securely.

The growing public demand for data protection and security is another benefit of using HTTPS. In fact, according to We Make websites, 13% of all cart abandonments are due to payment security concerns. Website visitors want to know that they can trust your website, especially when entering financial information. Using HTTPS is one way to do this (i.e., it is a way of showing your visitors that all of the information they enter is encrypted).

HTTPS can also help with your SEO. Google announced HTTPS as a ranking signal back in 2014. Since then, some studies and individual experiences from companies that have implemented HTTPS show a correlation with higher rankings and visibility of the page.

Browsers are also making efforts to increase the use of HTTPS by implementing UI changes that negatively impact non-HTTPS sites. At the beginning of this year, Google announced that Chrome would be starting in July (just a few months until then!) all Will mark HTTP websites as unsafe.

Planned changes to the Chrome user interface following Google's original announcement in February 2018 (source)

Even if you look at an HTTP site (on Chrome 66) now, you'll find that Google added a message when you click the More Info icon in the address bar alerting visitors that your connection is in progress is not sure.

Example of an HTTP site warning in Chrome 66 (thanks tobadssl.comfor the sample HTTP site)

Firefox has also announced plans to flag HTTP sites. Imagine the impact this will have on your branding and marketing, customer acquisition, and sales. The only way to face the upcoming change is to embrace it - get HTTPS on your website!

You should consider this before switching to HTTPS

Although the process of switching from HTTP to HTTPS is a one-way street, there are still many people who are likely to be sidelined because of the large number of options possible.

In short, the process mentioned earlier consists of these four steps:

  1. Obtain an SSL certificate from a trusted certification authority
  2. Installation of the certificate on the hosting account of your website
  3. Set up 301 redirects by editing the .htaccess file in your root folder by adding:
    1. RewriteEngine On
    2. RewriteCond% {HTTPS} off
    3. RewriteRule (. *) Https: //% {HTTP_HOST}% {REQUEST_URI} [R = 301, L]
    4. Inform search engines that your website address has changed and that afterwards anyone who visits your website will be automatically redirected to the HTTPS address.

If this still seems complicated to you, don't worry. Your options are not exhausted!

Many hosting companies these days offer SSL Certificates as part of their services and do most of the work themselves (the first three of the four steps above). All you have to do is point out the new addresses to your visitors. But beware! This can cost you a few extra pounds.

The future

Be that as it may, the Internet now has more than 4 billion users, content consumers, shoppers and the like. The combination of user requirements (website visitors are more aware of data security than ever before), regulations (e.g. PCI DSS) and browser support (e.g. plans to mark HTTP websites as unsafe) makes it clear that the full transition from HTTP to HTTPS will be due soon.

About the author

Duke Vukadinovic works for FirstSiteGuide.com. He is passionate about the internet world and can be of great help to web newbies in creating many successful blogs in various niches.

Note: This blog article was written by a guest author to bring a wider variety of content to our readers. The opinions expressed in this guest authoring article are only those of the author and do not necessarily reflect those of GlobalSign.