Ever since the Edward Snowden disclosures, many security-minded websites and those that could be a target for NSA snooping have moved to adopt site-wide HTTPS. That means every page on their website is encrypted with SSL/TLS. You’re probably used to seeing SSL-encrypted pages when you buy online. This protects your billing details including your credit card number from prying eyes. You can tell when this is in effect by the familiar padlock icon in your browser bar and the URL showing HTTPS instead of http.
However, when you browse any other portions of a typical website, HTTPS is not activated. This means that 3rd parties can snoop on the data being transmitted, including your browsing history and search keywords. Enabling HTTPS site-wide protects your customers and clients from this invasive breach of privacy. But there are many other benefits too:
Guaranteeing Authenticity of Information
With non-encrypted websites it is possible to have your site’s content altered by third parties using a man-in-the-middle attack. This is especially critical for news websites, as plain ol’ http can permit an adversary to manipulate your news, and Newstweek shows how easily this is done:
Protecting Your Customer’s Privacy
When your website uses plain http, your users’ search and browsing history are transmitted for anyone to see. But when your website site uses HTTPS, 3rd parties including Internet providers cannot inspect traffic and throttle it based on content so easily. Implementing HTTPS significantly improves privacy protection for your visitors.
Security for Your Customers
When your website uses http, your visitor’s session cookies can be intercepted and used to replicate their active session by others. In other words, 3rd parties can pretend to be your customers. With HTTPS, this issue is eliminated because session cookies are protected with encryption.
Improved Ranking in Search Engines
This is a big one and our tests show it does in fact improve ranking on Google. Google announced as much and for the cost and effort involved to upgrade to HTTPS site-wide – if the security reasons haven’t convinced you it’s a good idea, this should. There is just no reason not to, and the sooner you do it the more of a leg up you will have on your competitors who haven’t made the leap.
Better Analytics for You
Did you know that the referrer that tells you where a visitor came from is dropped when a user goes to an http page from an HTTPS page? This means referrals from secure sites, including Google, are lost for sites using plain http.
Better Site-Wide User Experience
When your website uses site-wide SSL, they won’t see annoying pop-ups warning them that they are switching [back and forth] from http to HTTPS and vice versa. It also makes buying, logging in, registering, and browsing all seamless and without interruption.
So what does it take to switch your website to site-wide HTTPS? If you’re on WordPress, we offer the upgrade as an affordable service (just contact us!). If we designed your website after August 2014, you’re already using site-wide HTTPS! And if not, get in touch and we’ll make it a reality in as little as 24 hours.