HTTP vs. HTTPS: Why You Need The Latter
If you’re reading this article, you are most likely asking yourself what the difference is between HTTP and HTTPS and why it matters.
Let’s start with the basics.
What is HTTP and what does it stand for?
HTTP stands for Hypertext Transfer Protocol and it is essentially a protocol for data transfer across the internet. HTTP is also used as a protocol for data transfer between proxies and gateways to systems supported by SMTP, FTP and more.
HTTP enables hypertext documents and, basically, the World Wide Web.
To simplify, HTTP is the protocol over which data is transferred between a browser and a website.
What is HTTPS and how does it work?
HTTPS stands for Hypertext Transfer Protocol Safe and it is the secure version of HTTP. This is actually the main difference between the two.
HTTPS uses SSL (secure sockets layer) certificate to create an encrypted connection between the server and browser. Therefore, this protocol is usually used for websites with transactions that need to be secure, such as online shopping, banks, and other password-sensitive websites.
In fact, HTTPS was initially used only for websites such as the aforementioned, but today the shift is to have all websites use HTTPS.
Technical writer at Google, Kace Basques, writes Why HTTPS Matters: “You should always protect all of your websites with HTTPS, even if they don’t handle sensitive communications.”
It doesn’t get any clearer than that. You should use HTTPS as your website connection, even if you do not collect sensitive information from your users.
Why You Should Shift to HTTPS
Why make the change and shift to HTTPS?
- Security! Encrypted connection is vital for websites with sensitive data
- Spammers and hackers may take advantage of data you believe is non-sensitive
- HTTPS enables certain tech abilities HTTP cannot (like AMP)
- Trust & reputation! Users will consider your website safe, and will therefore be more likely to stick around and recommend your services to others
- Last but not least, to better your SEO efforts – HTTPS is considered a Google ranking factor
HTTPS as a Google ranking factor
Back in 2014, Google already emphasized the importance of transitioning to HTTPS and actually considers it one of many Google ranking factors:
…”we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal… But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”
This message is pretty straightforward. It means either get your site secured, or get off the grid. So, if you are looking to boost your SEO efforts, make sure you have HTTPS migration on your list.
In 2017, Google posted in the Chromium blog that Chrome will gradually mark HTTP pages as non-secure if they have sensitive data fields (such as password or credit card info).
And then, in the beginning of 2018, Google firmly stated it will mark ALL HTTP sites as non-secure. Developers can use Chrome’s “Lighthouse” tool to run audits and better understand which pages may still be using HTTP.
Indeed, “81 of the top 100 sites on the web use HTTPS by default.”
The latest Webmaster Central Blog post on why and how to secure your website was released on December 10, 2018. The video in this post addresses some of the myths and/or complaints people raised in relation to HTTPS, and some tips on how to make the shift more smoothly.
Intro to Migrating to HTTPS
In a nutshell, here are some of the main things you should do when migrating to HTTPS:
- Purchase and install an SSL certificate
- Ensure Google Analytics is set up to support the HTTPS version of your website
- Create a Google Search Console HTTPS property
- Re-submit your disavow file
- Redirect all URLs from HTTP to HTTPS
- Ensure that sitemap.xml and robots.txt are available in the HTTPS location
- Edit the sitemap.xml file and submit it
- Update advertisers and 3rd parties (ads, email marketing, etc.) to use the HTTPS version
- Update backlinks (if possible) and social media links to lead to the new HTTPS version
Google I/O 2014 recap on why and how to migrate to HTTPS:
Google addresses some common myths about HTTPS: