Why you need to start thinking about securing your whole site under 'HTTPS Everywhere'

Any website that collects and transports sensitive, personal and payment information absolutely needs those functions secured under HTTPS (with an example of the myriad of commercial providers of SSL certificates out there, shown below:).

An example of an SSL certificate...

HTTPS being the secure handshake and connection between a user’s web browser and the server such that the information being collected and transported is encrypted and so cannot be read in the event of it being intercepted or watched.

Standard, standard stuff.

(There is also the matter of how the data that has been collected is stored and transferred off of the server (e.g. credit card data being sent to a payment gateway) though that is a separate issue and a separate blog.)

But are there other applications for HTTPS outside of securing forms and ‘My Account’ areas and other such areas of websites, whether because the information should be secured or to give the users comfort that we are securing their information?


The answer is yes

In the past few years, accessing Google has been increasingly under HTTPS.

In fact today, you would have to try very, very hard to be able to search on Google without the pages being secured. (Queron Jephcott wrote a blog a fortnight ago about the impact this has had on SEO.)

Why is Google doing this if the information we are asking of it – and which it is giving us – does not need to be secured under the traditional definitions?

I mean, it is not as if Google has always been secured like it is today… so what has changed?

Simply, that Google wants the web more generally to be a safer and more secure place, starting by securing its entire website.

It inarguably makes browsing the website more secure to for user (either by indiscernible fractions or leaps and bounds depending on how the website has been built) as much as giving the user greater confidence in browsing the website.

Both things which are important.

And now Google wants other websites to do the same with something called ‘HTTPS Everywhere”.

And it is incentivising web developers and website owners to do so by introducing HTTPS to its algorithm such that websites that are sufficiently covered by HTTPS will be rewarded with increased traffic.

And those not secured with HTTPS will be penalised by less traffic.

According to this article (with thanks to Guy Macarthur), the impact of the Google Algorithm has started small and there are nuances to how it is being introduced.

For now, the quality of your content and user experience and of course the speed of your website should be much more important focuses.

Though you would be well advised to start the conversation with your web developer to gauge the complexity of moving to ‘HTTPS Everywhere’.

Because as with all things internet, it will either be really simple or total pain in the arse.

Google wins again.