Summary for TL;DR – Should I use an SSL certificate? Answer = YES.
- Overview of SSL and HTTPS
- What are the benefits of HTTPS?
- Is HTTPS always necessary?
- Disadvantages of HTTPS?
1. Overview of SSL and HTTPS
Firstly, here’s some background, hopefully in layman’s terms, about SSL and HTTPS.
What is SSL?
SSL is short for Secure Socket Layer, a standard encryption technology used to transfer data from a user’s browser to the web server. SSL uses public and private encryption keys where public key scrambles the information and the private key at the destination unscrambles or decrypts it.
What is HTTPS?
HTTPS is short for Hypertext Transfer Protocol Secure. What? It’s the transport system that transfers the SSL encrypted data between a customer’s browser and your website.
On a website, the secure transfer via a standard SSL certificate is marked in the address bar with https:// in front of the website URL, while http:// represents the standard protocol for websites that don’t use SSL.
Therefore, in summary, HTTPS runs over SSL, not SSL over HTTP. First the SSL session is established, then the HTTP data is wrapped into secured SSL packets and then sent and received securely.
How does HTTPS over SSL work?
HTTPS works by providing three key layers to the protection of your website’s communication.
The data exchanged between your users’ devices and your website is encrypted to prevent anybody stealing information or tracking your users’ activities.
HTTPS prevents the transferred data from being modified or corrupted during transfer. Sometimes defined as eavesdropping.
It confirms your users are communicating with the intended website. For example, HTTPS prevents an attack where the attacker secretly relays and/or alters the communication between two parties who think they’re communicating only with each other. These are often called man-in-the-middle attacks.
HTTPS shows that you’re serious about your business and protecting customers’ information.
2. What are the benefits of HTTPS?
Instills customer confidence
The added security and privacy from the installation of an SSL certificate makes your website more secure and provides peace of mind for your customers. It demonstrates you’re serious about your business and protecting your customers’ information.
When a user sees the https lock and a genuine SSL badge on a website they will feel more secure using their personal information. Plus, the security practice of using HTTPS can also help in maintaining a solid online reputation.
Google ranking boost
In August 2014 Google first announced that HTTPS is a ranking signal – https://webmasters.googleblog.com/2015/12/indexing-https-pages-by-default.html
Again in December 2015 Google announced “…As a natural continuation of this, today we’d like to announce that we’re adjusting our indexing system to look for more HTTPS pages. Specifically, we’ll start crawling HTTPS equivalents of HTTP pages, even when the former are not linked to from any page. When two URLs from the same domain appear to have the same content but are served over different protocol schemes, we’ll typically choose to index the HTTPS URL..“ – https://webmasters.googleblog.com/2015/12/indexing-https-pages-by-default.html
From our experience every website where we’ve implemented a full-site HTTPS there has been an improvement in their rankings.
More accurate analytics
Whenever traffic from a HTTPS site is referred to a HTTP website, the referral data is lost and the traffic is classified as “direct traffic”. However, when your website uses HTTPS there is a record of where the referral traffic actually comes from.
3. Is HTTPS always necessary?
While the use of HTTPS can provides benefits for the future of the web, it is true that a large number of websites that don’t have checkout pages or other data collection forms, may not really need to spend money to get an SSL certificate. However, in the future it could mean the difference between your competition and a higher search ranking.
When is HTTPS a must have?
If you are requesting your website visitors to provide you with personal information or for your customers to enter credit card details then you should always install an SSL certificate and transmit all data over HTTPS.
Always install an SSL certificate if you’re accepting payments on your website.
4. Disadvantages of SSL
There is is an obvious disadvantage when it comes to cost. There is the purchase of the SSL certificate, the installation on your website server and possible configuration of your website.
Performance (not really)
As the information you send has to be encrypted by the server, it takes more server resources than where the information isn’t encrypted. For most websites the performance difference is negligible, but for websites with high traffic it has been reported that the difference may be noticed if the hosting resources are not powerful enough. However, we have not seen any issues with high-traffic websites.
Overall, the disadvantages of using SSL are few and these minor disadvantages are clearly outweighed by the advantages.
With all types of websites across the globe continually collecting users’ personal data installing an SSL certificate should be an essential part of every digital strategy. SSL is an industry standard and one of the most important web security measures available. As SSL gains more attention as one of Google’s search ranking factors it should be considered for both best practice marketing and security.
Any business website would be best served by installing an SSL certificate.