You might be asking yourself: What’s the difference between HTTP and HTTPS and which should you use?
Many people still don’t even consider the difference between the two when setting up a new website. And yet, back in 2014, Google announced they’d give any website which switched over to HTTPS a minor increase in their organic ranking. So it’s clearly something the world’s most prolific search engine considers important. But why? Which should your website use? Let’s start with the difference between the two.
HTTP is short for Hypertext Transfer Protocol, and it’s an application protocol (or set of rules) for transferring files from a web server to a browser on the internet. Every website is stored or ‘hosted’ on a server somewhere, and HTTP facilitates the transfer to a user’s browser. The moment a user opens their browser, they’re using HTTP to send a request to a web server, which in turn sends the file or files associated with the request back to their IP address.
When they click on another hyperlink within that website, they’re sending another request back to the webserver to open the files associated with the page they’re moving on to. In short, HTTP is a method of file transfer which allows users to access and view site content on the web.
The obvious difference between these two acronyms is the ‘S’ at the end, and it represents the most important difference between HTTP and HTTPS: the SSL certificate. An SSL, or ‘Secure Sockets Layer’ certificate is another level of security not available on HTTP. It encrypts all the data which passes between the website and the user’s browser by translating it into code.
Even if a hacker manages to break into the communication between sender and recipient and steal the data, encryption means they wouldn’t be able to understand or use it. So if a user has entered data (which could be just their name and email, but could also be something more important like a password or credit card details) on an HTTPS site, they can be sure it won’t be readable.
The other key difference between the two is that HTTPS also stops data transfer from being corrupted and authenticates your website, so users will know it’s the real site. You may have seen ‘unsecure site’ warnings when trying to open sites on Chrome.
Many website builders will tell you that unless your site is selling something, there’s no need for HTTPS. We disagree. After all, why wouldn’t you want your site to be as secure as possible? But let us give you three good reasons why.
Google recommends HTTPS. Google’s SEO algorithms obviously want to send the most users to sites which are not just relevant, but safe. In fact, an HTTPS certificate does contribute to your ranking. If there were two sites which were almost identical but one used HTTPS, that safer site would rank higher.
Your site will also rank better on mobile. There are several jargon-heavy reasons for this, and we won’t go into them, but Google’s mobile first index prefers HTTPS sites.
Using HTTPS proves you care about user data and its safety. In a post-GDPR world where many high-profile sites have had user information leaked publicly, ever-savvier users care more about their data than ever before.
Convinced yet? Talk to us about installing HTTPS on your website, or about building a new, safer site.