As your website designers, you often ask us if you need HTTPS for your website. You should consider adding HTTPS if security and search engine rankings are your top priority. All of our websites have basic SEO incorporated, but there is additional work we can add to a website to help it get to that No.1 spot. One of those elements is to add an SSL certificate (HTTPS) to the website.
In days gone past the only sites to incorporate HTTPS were financial institutions and the larger companies such as Google, Amazon and Ebay.
Things are about to change as in August 2014 Google announced that they wanted to make the internet a safer place. To that end they have established “HTTPS everywhere”, their push to ensure that all websites are secure by default.
To encourage the take up, Google have let it be known that as they go about ranking the worlds websites, their algorithm will apply additional marks to websites secured with an ssl certificate. Although this ‘bonus’ score is small at the moment, it is intended to become a larger overall percentage of a website’s SEO ranking over time.
What exactly is HTTPS?
HTTPS includes an additional second layer of data that is transferred between the browser and the server. Access to this additional layer is the result of an SSL certificate that contains a code that encrypts data transferred between browser and server.
This ensures three things:
- Authentication between browser and server (where your website is stored)
- Data integrity – what leaves the web browser cannot be altered enroute to the server.
- Encryption – Data between browser and server is unreadable by third parties. For example, any information you pass via wi-fi is available for others to intercept. A website with https would be passing unreadable data that could not be hijacked, stored, manipuated etc.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS is the successor to the Secure Sockets Layer (SSL).
TLS encryption is just one consideration for website owners. TLS wont make your site bombproof, and further consideration should be given to adding levels of security within your website to make it impossible to hack.