From Intern to Designer
8 min read
You may have seen a lot of articles about site security, Google rankings, and HTTPS recently, so we decided to break it down for you, with our guide to ‘HTTP vs HTTPS’.
What are HTTP and HTTPS?
Hypertext Transfer Protocol or HTTP as it is more commonly know is a practice that allows communication between one system and another, it is primarily used for passing data between servers and browsers in order for you to be able to view web pages.
If a website begins with HTTP and not HTTPS it effectively means that the data passing between the server and browser is not secure (hence the ‘S’) i.e. it is not encrypted and therefore could be viewed and captured by 3rd parties.
“HTTP and not HTTPS effectively means that data passing between the web server and the web browser is not secure.”
Securing a website and making it HTTPS requires the addition of an SSL (Secure Sockets Layer) certificate to the website (this will show as a padlock icon in your browser’s address bar). This SSL certificate encrypts any data passed between the servers and the browser, thus making it secure.
Why is HTTPS Important?
Firstly, as of October 2017, with a long-term view to making the entire web more safe and secure, Google now penalises websites that are not HTTPS and in their own browser, Google Chrome, warnings will be shown when people try to visit your website. Which is not ideal considering 57.41% of all web users are using Chrome.*
This Google update also means that HTTPS is now considered as a factor when deciding search rankings, and failure to install an SSL certificate will result in your website falling down the rankings. This will decrease visitors to your site, and less traffic equals less business… definitely not something you want.
SEO and rankings are not the only issues however, HTTPS is particularly important for websites where any sensitive personal data is being captured or financial information is being processed, such as e-commerce websites, with customer log-in capabilities, that accept online payments.
We would never launch an e-commerce store without a valid SSL certificate and we wouldn’t buy anything from one either. Seeing that little green padlock helps build trust and ensures your customer is safe in the knowledge that their private data remains private!
Finally, with the introduction of new GDPR legislation in May 2018, having an SSL-secured website is a fundamental stride towards becoming GDPR compliant.
Types of SSL
1. Domain Validation (DV)
Domain SSL certifications are validated against the domain and not the organisation using it, proving that the company with the certificate has control over the domain.
Domain SSL certificates are usually validated via either email or DNS (Domain Name Servers) and can be implemented within minutes to a couple of hours.
Once the certificate has been validated, certain browsers will indicate that the site has an SSL installed with a secured HTTPS connection.
2. Organisational Validation (OV)
An organisational validated SSL certificate (or OV certificate) is similar to a domain validated certificate, however, it requires additional verification of not only the domain ownership but also the organisation.
This type of SSL can take up to a few days to install owing to extra validation required, and when installed on a website the SSL certificate in the browser will show the company information.
3. Extended Validation (EV)
Similar to the OV certificate, and extended validation certificate (EV) requires organisation and domain-ownership validation, however, it also requires the organisation to certify their company’s identity via the certificate authority (CA).
Like the DV and OV certifications above, EV will provide HTTPS status and the padlock in the browser, however, instead of just saying ‘Secure’ it will also show the verified site owner, e.g.Twitter.
Due to the additional verification steps extended validation certificates are more expensive and can take longer to be installed, however, they do offer a greater level of trust!
How to switch from HTTP to HTTPS
Then update all htaccess applications (Apache, Nginx etc.). Then update marketing campaigns, landing pages, PPC and paid search links, as well as updating Google Analytics and Search Console. And don’t forget the 301 redirects!!
Maybe not so easy after all! Luckily, here at eJIGSAW, we’re experts at it, and we offer several options for your website as part of our eSERVE packages.
For more information head to our eSERVE page or give our team a call on 0333 987 4224 and we can make your site secure today!
*(Source | StatCounter Global | http://gs.statcounter.com | Correct as of February 2018)