As shocking as it may sound right now, this transition began a very long ago, back in 2014, when it was announced that the best practice is for sites switch to HTTPS. The reasons are many, and the reluctance to do so have been many as well. Now, after four years, Google Chrome has put up a stronger stance, and not only putting a stop to not just HTTP sites altogether, but also HTTPS sites that have pages which have content, such as images, videos, stylesheets etc. that load over HTTP. These “mixed content” are going to be blocked too, by December 2019.
What does this mean for us?
HTTP (Hypertext Transfer Protocol) is basically something that allows communication between systems by transferring data between web servers and browsers. You’ll be able to access web pages using HTTP, which, in the very beginning of the internet, was used as a protocol for all websites. It’s being bashed because the transfer of data (if you’re not already aware) isn’t encrypted, and anyone with a will to do so can view sensitive information being transferred. If you’re browsing an HTTPS web page (Hypertext Transfer Protocol Secure) the information being transferred is encrypted, and not easily accessed by anyone. This is done by an extra measure, called an SSL (secure sockets layer) certificate. Information cannot be stolen any more. It’s good, right? Then why the delay, and mixed reactions?
Why people are so reluctant
At first, I thought that it made sense that websites would be more secure. What’s wrong with that? After some asking around, I heard a lot of people whining about different aspects of why it’s inconvenient. Then, I sat down with our developer, Faizan Riaz, and as an experienced developer, either validate or reject those claims with sound reasoning. He was quick with his responses, as if he has been waiting till the day someone finally asked him those questions!
So is it true that using HTTPS instead would slow down the loading speed?
This additional protection adds some complexity to your website. All the cypher suites, validating SSL certificates, running crypto coded for each request, etc. It potentially does make it seem like it’ll go slow. Isn’t this a drawback? The answer is simple- Saving a few seconds and allowing thousands, if not hundreds of thousands of attackers to steal your information? No, thanks. I’d further asked Faizan about speed, and his answers were quite enlightening.
Are there any measures we can take to prevent any drawback in speed?
First of all, it’s not a drawback. HTTPS Doesn’t have to slow you down. Period In 2015, Google stated officially that your site using HTTPS is a qualifying factor for high ranking SEO. So you could be doing all that and saving your precious few seconds, and another website could still be miles ahead of you.
Secondly.there are so many ways to make your website or web pages load much faster. (we covered that in this article). “Image optimisation, file compression, dynamic content, caching behaviour… so many factors play a role in loading speed," Faizan stated, "It’s a myth that HTTPS will make your websites slower. Of course, using your keys to open your door takes longer to get in, but no one stops investing in keys and locks. And there are people who take no time to unlock their doors.”
Thirdly, things have changed. The SSL or TLS (Transport Layer Security- another network protocol) are way more efficient and thousands of successful, high ranking, secure and fast HTTPS websites are the evidence.
Is it expensive to migrate to HTTPS?
“There are hosting providers that are offering SSL and TLS certificates for free. Just look into it, and you'll find out. The prices vary, but it’s best to buy them from your hosting provider.” Faizan Riaz said to me. “Another thing,” he went on, “Some people are concerned about the higher cost of internet, since more packets of data are obviously exchanged because of this extra layer of security. People should understand that it’s not unimaginably, unbelievably expensive, and that this is the basic cost of security and a necessity and not a luxury.”
How about the inconvenience of migration? Isn’t it a hassle?
After hearing some horror stories about how hard it was to transition, there was one question on my mind- how much of a hassle is it to redirect all the old page URLs and embedded URLs to the new (https) URLs when making the transition? Faizan had an easy response to that- “Yeah, that depends on a lot of stuff as well, and there are always ways to make it more convenient. The website framework of most new websites is accustomed to such transitions. Usually, we just add code to access the .htaccess file. For redirection, there are some really simple rules. In fact, if you’ve got a WordPress website, all you need is one plugin.”
Is it necessary for all kinds of websites? Is Chrome forcing us to do something we don’t need?
I’d read and heard a lot, that not all websites need to run their websites on HTTPS. Websites that aren’t eCommerce don’t need it. If you’ve got a blog or an entertainment website, it’s ridiculous to go through those measures… right? Well, I wouldn’t want to imagine any visitor of my website subscribing and having their email address exposed and stolen. Yes, most people don’t care that their email address is seen by hackers, against their will. Some do mind it. Who are we to decide whether the invasion of someone’s personal privacy is our business or not? If they’re trusting our website to subscribe to it and visit it, it becomes our business to protect their privacy, and I won’t smirk when it comes to removing any HTTP resource or link.
I’m cheering Google on for gradually and finally coming up with this decision to protect people’s data and their privacy. We might see a lot of popular sites disappearing for a while, but all will be well. It might be hard for some to accept or transition, but the change is here, and we could either cry about it or embrace it!