Letâ€™s start with the latest news: from the next Firefox 70 update, expected in October, the Mozilla browser will report with an icon that the site on which you are browsing does not use the HTPPS protocol or has problems with the certificate. After Chrome, then, Firefox as well continues its campaign to ensure more secure browsing for users on sites that adopt the latest resources in terms of security in data transmission.
What is the HTTPS protocol
As we quickly explained in another article (dedicated more generally to website migrations), the HTPPS protocol is just this: a more secure communication system between site and user, thanks to the use of the SSL certificate that encrypts incoming and outgoing data.
What HTTPS means
The term HTTPS means Hypertext Transfer Protocol Secure and, again, refers specifically to the secure hypertext communication protocol, made possible by creating an encrypted connection between the user and the website that uses SSL/TLS encryption (Transport Layer Security).
Certificate and safety of sites, necessary clarifications
Anyway, it is good to clarify again some aspects on what really means security concerning the HTTPS theme: being secure is the connection between users and the site, as said, and therefore not the navigation as a whole nor the site itself. Wanting to put it extreme, even a phishing page could possess an SSL certificate, but this does not mean that it is a safe site (and in recent weeks the FBI alerted us all on this topic): regardless of the locks and browser indications, then, it is always good to keep your eyes open when it comes to entering sensitive data on the Web.
What is the new certificate for
Using the new system, the information entered during navigation are indecipherable for any malicious third parties, and ultimately the user can complete the operations with greater peace of mind. For this reason, the adoption of the protocol has been recommended first to websites that perform economic transactions or contain forms for the insertion of personal data, but has then extended to all online sites, including blogs and editorial portals that do not include any transmission of sensitive data.
Google and HTTPS, pushing toward the adoption
To push for the spread of sites with HTTPS certification was for sure Google, which first adopted a soft approach – inviting site owners to embrace the new method – and then push on the accelerator: for a long time now, in the Chrome browser connections to sites with old HTTP are identified as “unsafe”, with a writing in the address bar stating it, but even more interesting was the SEO aspect of the issue.
HTTPS as ranking factor to Google
The use of the SSL certificate has become in fact a ranking factor on Google, or an element that is evaluated by search engine algorithms to determine the rankings related to queries, but there are also other advantages of using HTTPS compared to the old HTTP.
The benefits of the Hypertext Transfer Protocol Secure
For instance, it is estimated that the connection via HTTPS is faster than the connection to the previous protocol, and this can make a difference in terms of performance, while in more practical terms you need a valid SSL certificate and then HTTPS to be able to use AMP – Accelerated Mobile Pages – pages which, as we know, are getting great attention from Google, which uses them to make browsing more mobile friendly, integrating them into both Gmail and image search.
The importance of a valide SSL certificate
It is important to remember that only a valid SSL certificate – in use on all the pages of the site – allows to establish encrypted HTTPS connections. The absence of encryption or the presence of errors makes all data sent and received from the site visible, exposed and therefore potentially manipulated by third parties.
To verify the validity of the SSL certificate we can perform manual tests on the pages, and find out if the browser correctly identifies the lock, or use some special tools.
How many HTPPS sites are there in the world?
Despite this, however, there is still some brake to the complete expansion of sites with HTTPS protocol that, according to the latest report by W3techs updated in May 2020, represent today a share just over half of the total sites surveyed. To be precise, HTTPS sites are 60.1 percent of all sites, with a constant growth rate that has not yet led to the expected dominance over unsafe mode.
The obstacles to the spreading
According to the experts, among the reasons for the lack of global dissemination of HTTPS there are technical, economic and practical issues: adopting the SSL certificate has a cost that for many sites is excessive, especially for small projects that maybe do not process sensitive user data; often, then, HTTPS does not work with the cheapest virtual hosts and loses the cache capacity. However, these kind of problems can be overcomed even with the advancement of technology.
Important sites still not in HTTPS
On the subject of developing the consideration of the certificate, we refer to this article published almost exactly a year ago, which presented a list of “shame” of important sites that had not yet adopted the HTTPS standard for their pages. Of that list (which also included large editorial portals such as Foxnews and BBC, sites of hotel chains such as Hilton and even the institutional portal of the United Nations!), today only a few remain with http connection: it is, curiously, prestigious universities sites such as UCLA (University of California University of Los Angeles) and Oxford in England, which have not yet deemed necessary the passage.