In 2016, HTTPS adoption doubled and the majority of web traffic started to go via HTTPS websites. Adoption has continued into 2017 too, but is the protocol essential for all websites – even those without forms or stores? In this post we will explain why HTTPS should be a top priority for all websites.
We outlined the main benefits of switching to HTTPS in a previous post. Now we will address a common question about the protocol: “does my website need HTTPS even if it doesn’t have forms or a store?”
In a word, our answer is certainly: “yes”. Let us explain why.
HTTPS is an encrypted protocol that plays a critical role in the fight for an open web and net neutrality. Because of this, Google and the wider industry are championing the protocol and encouraging websites to adopt it. All signs point toward rapid adoption and HTTPS swiftly becoming a standard across the web.
One of the strongest techniques being used to drive adoption are in-browser warnings that alert users when they are on a website that uses an insecure HTTP connection. This technique is being used by other browsers too, but in slightly different ways. In Chrome and Firefox, for example, those warnings are put in the address bar when a page has forms that require users to submit information.
Both browsers will continue to build on these initiatives. Google are planning to place those in-browser warnings on all HTTP websites, whether there are forms or not. Likewise, Firefox will put a non-secure reminder alongside forms on all HTTP websites. Security online and net neutrality are hot topics so as your audience becomes more literate in terms of these subjects, they are going to be far more suspicious when they see non-secure warnings.
Google also confirmed in 2015 that HTTPS adoption is a ranking factor in search results, so you also stand to lose traffic by failing to adapt. As mentioned in our previous HTTPS post, data shows that HTTP websites are being served less and less in Google’s search results.
If you are still using HTTP, it is just a matter of time until your page will be marked as insecure, so you should plan out your HTTPS adoption strategy sooner rather than later. In terms of making the move to HTTPS, Google have some great guidance.