Earlier this year, we switched over all our sites to use HTTPS by default. In the past, it was common to see HTTPS used for e-commerce sites, or for pages that required confidential information like usernames or password, but there were plenty of sites that didn't use it. But that's starting to change. Now there are plenty of reasons, besides protecting passwords and credit card numbers, why it makes sense for our websites to use HTTPS.
Content Integrity: In addition to security, serving our sites over HTTPS also protects the integrity of each page. We won’t have to worry about ISPs inserting ads or trackers into the page as it travels over the internet -- something which can and does happen, as Jonathan Mayer has documented. In his case, AT&T was injecting advertising into sites he visited while connecting to an airport hot spot. If these sites had been served over HTTPS, though, the ISP would not have been able to actually change the contents of the pages, since the data would have been encrypted. Using HTTPS means both a website's owner and its users can be confident that what is displayed in the browser is the same code that was originally sent from the server.
New Functionality: Browsers have also started requiring HTTPS for newer features. It’s required for Service Workers, as well as APIs used for taking pictures, recording audio, and geolocation. So, if we want to utilize the new features that browser manufacturers are creating, HTTPS is becoming a standard requirement.
Better Search Rankings: According to Google, using HTTPS to serve a web page is a ranking signal they account for. And although it may be a small factor in the algorithm, it’s a factor nonetheless.
Improved Performance: For a while, one of the downsides to using HTTPS was the performance hit it could cause. But now, not only has that performance hit decreased, but many of the technologies that can help with performance are requiring HTTPS to use. HTTP/2, for instance, provides the ability to multiplex multiple requests at once, but is currently only being supported over a secure connection. The same is true of the Brotli compression format, which can be used to decrease the size of assets, and thus the amount of data needed to send over the wire. Less data means better performance, but it too requires HTTPS.
Using HTTPS means sensitive data will be protected when traveling over the network. But that's only the beginning of the benefits it provides. It allows us to protect the integrity of each web page, makes it possible to use new browser features, helps with SEO, and gives us more options to enhance the site's performance. So next time you see the green (or gray) lock in the browser that indicates the site is using HTTPS, remember that the benefits of a secure site go way beyond keeping passwords and credit card numbers safe.