HTTPS Everywhere – Do you need a secure website? (Part 1)

You can make your site secure by running it over HTTPS, which stands for Hypertext Transfer Protocol Secure.

Using https protects the integrity and confidentiality of your user’s data.

Here are some reasons why this is important:

  • HTTP is an insecure protocol, which means everything that is sent between the browser and your server is in plain text and readable by anyone tapping the internet connection. This could be a government agency (eg. NSA, …) or someone using the same free unencrypted free WIFI hotspot as your user.
  • HTTPS on the other hand encrypts the communication between the browser and the server. As such nobody can listen to your users “conversations”. A https certificate for a website also proves that users communicate with the intended website and not a fake website run by malicious people.
  • Since the summer of 2014, Google has publicly said that having a https site can give a ranking boost in the search engine results.
  • Google’s Chrome browser will start to mark http websites as insecure in the near future

It is also vital that you secure all parts of your website. This includes all pages, all resources (images, javascript, css,), all resources hosted on a CDN, …

When you would only use https for eg. a login into a forum or a credit card detail information page, your website is still ‘leaking’ sensitive information hackers can use.

More in detail this could be a session identifier or cookies which are typically set after a login. The hacker could reuse this information to hijack the users session and being effectively logged in without knowing any password.

In October 2010 the Firesheep plugin for the Firefox browser was released which intercepted unencrypted cookies from Twitter and Facebook, forcing them to go https everywhere.

We also recommend to only offer an https version of your site and redirect any users accessing the http version to the secure version.

Now continue with Part 2 of our HTTPS Everywhere series, where we will explain which https certificate you should buy for your site!

Wim Bervoets
Follow me

Share this Post

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.