HTTP to HTTPS: Why you need HTTPS for your website, today

by | April 27th, 2016

Think you don’t need HTTPS for your website? Well, you do. Even if your site does not sell products via e-commerce, web security risks exist for plain HTTP connections. And search engines are starting to lower non-HTTPS sites in search ranking. Even the US government is moving all their sites from HTTP to HTTPS. Here’s why you should, too.

example of HTTPS site

Why Move from HTTP to HTTPS

Without HTTPS, a user’s connection to your site can easily be monitored or modified. Non-HTTPS connections could even allow your site to be impersonated by a hacker.

According to, a properly-configured HTTPS connection guarantees three things:

  1. Confidentiality
    Over HTTPS, a visitor’s connection is encrypted. This obscures their stored cookies and other sensitive user data.
  2. Authenticity
    HTTPS ensures a visitor is talking to your “real” website, not to an impersonator or a “man-in-the-middle” who stepped in.
  3. Integrity
    HTTPS connections mean data sent between a visitor and your website has not been tampered with.

Additional Considerations

In addition, there are some newer incentives emerging that make moving your site from HTTP to HTTPS even more important.

  • HTTPS for SEO 
    One of the biggest reasons besides security to move to from HTTP to HTTPS is that Google may soon start penalizing non-HTTPS sites in search results.
  • HTTPS for User Experience 
    Browsers are starting to design more noticeable security icons for the address bar. Users are going to get accustomed to an icon that indicates HTTPS, and may suspect your site if it doesn’t have it.
  • HTTPS for General Security
    In principle, all form submissions should use SSL/TLS by default, even if there is no explicit compliance requirement. Those requirements are based on universally acknowledged best information security practices. If the data your site is handling is confidential in any sense, you should be using these same practices. This is especially relevant when credentials or other personal information are being passed over HTTP.


Want to know more about this topic? Read my entire HTTPS post over on Medium. Over there I answer questions, such as:

Is there any particular type of organization that should care more about having HTTPS than others?


If I don’t offer e-commerce, why would I want HTTPS on my site?


What does upgrading to from HTTP to HTTPS involve?


How does moving to HTTPS fit into an overall security plan/update?


What is the cost to upgrade to HTTPS?


Is this worthwhile? Do people even notice the new security flags in their browsers?

That post again is: