• Skip to main content

Stratus Concept

  • Home
  • News
  • About
  • Contact
    • Contact
    • Support
    • Tools

Dec 11 2016

Why should your website use HTTPS now?

If your site collects any kind of data through a form or an account login, then the short answer is “Yes”. Before I discuss why, it is important to know what HTTPS does for you.

keyboard with "Afraid" keyHTTPS is the secure version of HTTP, the protocol that is used to move data between your user’s browsers and your website server. HTTP is an open text protocol. In other words, when you fill out a form in your browser, that information is sent as readable text to the web server. Using HTTPS the browser will encrypt the form data and the web server will decrypt the data. This protects the data from being read anywhere between those 2 points.

For HTTPS to work properly, it relies on SSL Certificates. Like Domain Authorities that issue the domain names you use for your website, there is a known set of trusted Certificate Authorities that issue SSL certificates. The SSL Certificate can be authenticated by a Certificate Authority, this ensures that the browser is not connecting with a fake version of your website.

Because of the privacy that HTTPS offers, Google’s Chrome, Apple’s Safari and Mozilla’s Firefox browsers have been encouraging website owners to move to this encrypted protocol. However, Google has announced (https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html) that, in January, Chrome will take this “HTTPS everywhere” concept to the next step by not just identifying sites with HTTPS as secure, but it will mark a site without HTTPS as “Not Secure” if the site has any input fields.

This means that visitors to your website may be told by their browser that your site is not a secure site. Many visitors may not feel comfortable providing information to a website that is labeled ”Not Secure”.  Your best choice is to switch to the secure protocol for your website.

To convert a website from HTTP to HTTPS you need to add an SSL certificate and tell the web server to use the new protocol. The seemingly straight forward task of switching your site to HTTPS with an SSL certificate can easily be mismanaged. Some of the challenges you will need to address are:

  • What kind of certificate do you get?
  • Is the certificate installed properly?
  • Does the content on your pages need adjusted?

There are a variety of validations used by Certificate Authorities and depending on the validation used and SSL certificates run in price from under ten dollars per year to hundreds of dollars per year. Choosing the right level of validation can save you money, or prevent you from having to redo the process.

Many servers don’t disable deprecated ciphers. Testing against known vulnerabilities will highlight any configuration deficiencies with the installation of the certificate.

Your website pages may reference internal content in a non-secure way. This is a typical problem found on sites that were converted from HTTP to HTTP after being deployed. Links to internal content may still be coded to use HTTP. While easily fixed, this will block the browser form displaying the secure page indicator.

Should your website use HTTPS? In the long view, all websites will have HTTPS, you just need to decide when you want to make the change.

Written by postit · Categorized: security, Uncategorized

· Copyright © 2023 · Stratus Concept LLC ·

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}