Internet Marketing Tips, Suggestions, & Ramblings

The Difference Between HTTP and HTTPs & How To Add HTTPs to Your Website.

Adding HTTPs to your Web Site.  What is HTTPS

Have you guys heard of this HTTPs thing that Google is all hell-bent on? No? Oh, wow. You must be living under some pretty amazing looking rocks then, because this issue is everywhere. So for those still in the dark wondering what is the difference between HTTP and HTTPs, we’re here to help.

What is HTTPs and what is the difference between HTTPs vs HTTP?

William Miller Almost Famous Letter U
It’s actually the letter S but it’s also so much more than that.

 

What is HTTPs, or Hypertext Transport Protocol Secure, is a form of site security that protects the confidentiality of your website visitors’ data. A secure site is a safe site, and a safe site is a friendlier place for your users, especially if they are required to supply your website with any sort of data. Different from HTTP, adding HTTPs to a website ensures that whomever is inputting data into any form on said website is communicating solely with the authorized owner of the site and no one else.

Say you’re signing into Amazon Prime to watch yet another Nic Cage flick, okay? Check out the URL of the page you’re on.

What is HTTPs

 

See that? HTTPs, sucka! You know that when you enter in your login information on Amazon, only they will have it. Without HTTPs? Who knows? And we don’t think you really want to find out, do you?

But what does HTTPs really mean, what is HTTPs and what of your information?

We’ll just let Google take this one:

With HTTPS, information is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

  • Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can “listen” to their conversations, track their activities across multiple pages, or steal their information.
  • Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.
  • Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

“So that’s HTTPs. Got it! Do I need it, though?”

The short answer is no. The long(er) answer is still no but there’s a caveat. Why wouldn’t you have HTTPs on your site? Here’s the thing, we’re pretty sure Google wants to see HTTPs across the web so this whole dang thing is a safer place. There have even been rumblings that Google will now warn users when they are not on an HTTPs secure site. If this is true, then the era of HTTPs seems like a simple algorithm update away.

With HTTPs implemented on your site…

You’re essentially helping search engines see your site as secure. And that can never be a bad thing. What if Google flips another switch and says, “That’s it! We’ve had enough of these non-secure sites. Your rankings will now go down if you are not secure!” Because they might. (And they probably will…)

So what do you do?

According to Google’s handy-dandy checklist, you:

    • Redirect your users and search engines to the HTTPS page or resource with server-side 301 HTTP redirects.
    • Use relative URLs for resources that reside on the same secure domain. For example, use <a href="/about/ourCompany.php"> to refer to a page on your site example.com, rather than<a href="https://example.com/about/ourCompany.php">. Doing so ensures your links and resources always use HTTPS. It also has the side benefit of making local development less error prone because images, pages, and other resources are loaded from your local development environment instead of the production environment.
    • Use protocol relative URLs for all other domains (e.g. //petstore.example.com/dogs/biscuits.php), or update your site links to link directly to the HTTPS resource.
    • Use a web server that supports HTTP Strict Transport Security (HSTS) and make sure it’s enabled.This mechanism tells the browser to automatically request pages using HTTPS even when the user enters http in the browser location bar. It also tells Google to serve secure URLs in the search results. All this minimizes the risk of serving unsecured content to your users.

HTTPs is extremely important for any site requiring users to submit any sort of information. Now that you see what HTTPs is exactly, it’s time to implement.

How to implement HTTPs / TLS on your website

Implementing HTTPs on your website isn’t all that difficult. The quickest way is to make sure your web hosting company (GoDaddy, etc.) offers this sort of encryption. Contact them and request they “turn on” HTTPs for your site. In most cases, this will be an additional charge. But what’s a couple extra bucks to know your users’ private data is safe?

With HTTPs on your site, you are now offering a safe and better user experience for all of your visitors.

Need more help implementing HTTPs on your website? Contact an SEO Inc Trusted Advisor today, and we’ll help guide you through it.

 

About Garry Grant

Garry Grant is a veteran expert in search engine optimization and the digital marketing industry. With nearly 20 years of experience, Garry has successfully built a multi-service operation at SEO, Inc., developing proprietary technologies through complex strategic solutions. He has extensive experience in key initiatives and operational responsibilities grounded in information technology and performance management.

Garry’s expertise and esteemed reputation, coupled with SEO Inc.’s impressive client success record has earned him such accolades as Entrepreneur Magazine's 2005 Hot List for the Hottest Internet Property, Inc. 500 2007 Honorary award for Fastest Growing Private Company in America, an Inc. 500 top 50 Company in San Diego, and interviews with The New York Times, The Wall Street Journal, WIRED, Entrepreneur and The Huffington Post.

Garry Grant began his online career in 1993 creating strategic Web and e-business solutions for Homepage.com, The Rush Limbaugh Show, Premiere Radio Networks, Clear Channel Communications, EarthLink and Artisan Motion Pictures. Today, Garry and SEO Inc.’s highly skilled digital strategists develop proprietary technology and strategic digital marketing direction for Fortune 500 companies including, SC Johnson, McAfee, Entrepreneur.com., Inc Magazine, IGN, Tacorri, LPL Financial, National Kidney Foundation, G4 TV, Fuel TV and Sony, just to name a few.