Should Your Site Have HTTPS?

HTTPS is a secure, encrypted way for websites to pass information to visitors.

While originally it was designed to be used anytime sensitive information was passed from a user to a website (like a contact form or payment submission), in 2016 the Electronic Frontier Foundation (along with the Tor Project and most major web browsers) joined forces to push the HTTPS protocol to all websites.

In general, this push was successful. Most major browsers now show a warning in the address bar if you visit a non-HTTPS site. To try this out, visit NeverSSL.com – which, as the name says, doesn’t use HTTPS encryption – and look at your browser’s address bar.

Protip: If you’re trying to visit HTTPS sites on a poorly-configured Wi-Fi network, visiting NeverSSL.com can let you get registered on the network easily.

If you’re running a website and you’re not sure if HTTPS is worth the time and complexity to implement, I ran across a helpful site to answer any concerns you may have: DoesMySiteNeedHTTPS.com.

This site answers a lot of questions that site owner may have about the need for HTTPS, but I think that the first couple of questions really show the benefits of SSL – not just for data security, but for personal security.

Q: “But my site doesn’t have forms or collect information from users.” A: Doesn’t matter. HTTPS protects more than just form data! HTTPS keeps the URLs, headers, and contents of all transferred pages confidential. — Q: “There’s nothing sensitive on my site anyway.” A: Your site is a liability! Just because your site is hosted safely in your account doesn’t mean it won’t travel through cables and boxes controlled by who knows how many corporate- and state-owned entities. Do you really want someone injecting scripts, images, or ad content onto your page so that it looks like you put them there? Or changing the words on your page? Or using your site to attack other sites? This stuff happens: on airlines (a lot, and again), in China, even ISPs do it (a lot). And HTTPS prevents all of it. It guarantees content integrity and the ability to detect tampering. If we encrypt only secret content, then we automatically paint a target on those transmissions. Keep which of your transmissions contain secrets secret by encrypting everything.

https://doesmysiteneedhttps.com/

(Emphasis mine)

There are a whole host of other concerns answered, and if you have a site (which you should), it’s worth making sure you’re doing what’s best for both your site and your visitors.

If you have questions about HTTPS, feel free to contact me or leave a comment below.