skip to main content
Abstract grid pattern 1
Abstract grid pattern 2
Abstract grid pattern 3

Monday Sep 11th, 2017

HTTP versus HTTPS Google’s Pursuit of Security

If you’re a Chrome fan (not to be confused with Canadian electro-funk duo Chromeo) you might be aware of Google’s never-ending pursuit for safe web surfing. Though updates from this tech giant can be frustrating  (it seems they like to switch up platform layouts, algorithms, and policies like a change of clothes), they are particularly vigilant when it comes to online security.

LoginAre You Sure You’re Secure?

In January 2016, Chrome began indicating connection security with an icon in the address bar of the browser. At the time, you may have seen an “i” with a circle around it, followed by “Secure” or “Not Secure.” Previously, Chrome had not explicitly labelled HTTP connections as “non-secure.” Now, the icon has switched to a small lock.

However, in January 2017 Chrome bolstered their user’s security even further by marking identified HTTP pages that collect visitor data or is visited through incognito mode as “not secure.” This heightened security was established for two main reasons:

  1. Credit card numbers, passwords, user names, and just about any other data you’re typing into a site should not be accessible to anyone else on a network.
  2. People using incognito mode had an “increased expectation of privacy” even though HTTP browsing wasn’t (and still isn’t) private to others on the network.

According to Chromium.org, the “Not secure” warning will eventually show for all HTTP pages, even outside incognito mode. By now you may be asking yourself, what makes HTTP so different than HTTPS, and should I be concerned?

Let’s Start with the Basics

The main difference between HTTP, which stands for hypertext transfer protocol, and HTTPS (hypertext transfer protocol secure) is encryption. This added security prevents your information from being intercepted by a third party. For a long while, HTTPS pages were largely used for credit card payment pages on ecommerce, bank logins, financial sites, and so on, while just about every other business was using traditional HTTP.

But times are changing. Businesses are now encouraged to purchase an SSL Certificate, short for secure socket layer. This little piece of code creates a secure connection between the user’s browser and the web server.

HTTPSWhy Should We Care

Because security is a top priority for Google, strong HTTPS encryption has become a ranking signal. According to Google’s blog, “it’s only a very lightweight signal.” However, the gravity of this ranking signal is expected to increase, as Google has also noted, “we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.”

While everyone should be investing in HTTPS websites, it’s paramount for any businesses that collect sensitive data on their website. Without a secure connection, just about any information can be intercepted by a third party, malicious or not.

The reason Google is currently holding off on a heavy penalty for website owners is because they’re giving companies a window of opportunity to reach out to their webmasters and switch over to HTTPS. However, the clock is ticking.

Put simply, having an HTTP address as opposed to an HTTPS address is going to cause a blow to your search authority. Ultimately, the less traffic that makes it to your site, the less business you’re going to get.

Where to Start

It’s not all doom and gloom. A solution is in sight.

First, it’s import to see where your website stands. A simple way to test your site’s security is by visiting SSLLabs.com and entering your URL. This will give you some insight into your backend code, certificates, simulations, protocol details, and more. We ran a quick test on ourselves and we’re happy to announce a big ol’ “A” rating for our security.

A Rating

By reaching out to a seasoned developer who has cyber security expertise (ahem, ahem), you’ll be able to develop a better understanding of what certificates you need for your business (i.e. Domain Validation, Extended Validation, Organization Validation, etc.), how to change your site's address and get it re-indexed, and move your website to a dedicated IP address to ensure your URL meets SSL Certification qualifications.

Of course, with added security there is an increase in cost. SSL Certifications from most hosting companies range between $150 and $750 per year. While this may seem steep, think about the potential cost of getting your website hacked, losing client data, or even getting your site pushed to the back pages of Google search.

Once the SSL certification is purchased, web developers install and configure the validation, configure hard internal links and redirect external links that included HTTP, update code libraries, and set your new HTTPS site up in search console and analytics.

Safe and Sound

Whether you’re aiming give your site a facelift, build a new one, or create an app, cyber security and safe browsing will continue to be an important factor for search engines and their users. It’s critical that businesses both large and small plan for the future by implementing an SSL Certification into their websites.

From the viewpoint of most businesses, shelling out another couple hundred dollars in expenses is not exactly an appealing prospect, but it truly is a small price to pay to ensure your information and your customers’ information is safe and sound. If you’d like to learn more about acquiring and/or implementing your SSL Certification, click here to contact us.