HTTP will soon be a thing of the past, are you ready?
It’s time to start preparing for the future of a totally encrypted web
According to a February 2016 Netcraft report, only 3% of websites today deploy Google SSL requirements/TLS encryption. In turn, this means that a whopping 97% of websites currently lack basic security. This is a shocking and frightening statistic, especially in an era where 90% of large organizations have been hacked or breached and 74% of small-to-medium sized businesses have suffered attacks as well.
(Google SSL requirement explained in just over 1 minute)
Browsers have spoken: encrypt every website with Google SSL/TLS or get left behind
Thankfully, the browser community is taking it upon themselves to turn the tables in this war on valuable information. In the past, SSL certificates were only thought necessary for ecommerce websites or other sites that collected sensitive user information.
But those days have come and gone. With so much of the internet still not secure, browsers have begun to incentivize ALL websites to deploy at least basic SSL/TLS encryption as a minimum standard
These new HTTPS incentives include:
Warning users when accessing non-HTTPS sites
The most aggressive step to encourage all sites to encrypt is actively warning visitors when they visit a website or webpage that doesn’t have SSL/TLS configured. The goal of this initiative is to more clearly display to users that HTTP provides no data security whatsoever.
As opposed to sites with basic Google SSL/TLS Encryption certificates
In addition to Google Chrome, Mozilla announced plans for Firefox in August 2015 to quickly phase out non-secure HTTP as well. Their plan is to make new features available only to secure websites and phase out existing features for non-secure websites.
Google gives an SEO ranking boost to sites with SSL/TLS!
Google made an unmistakable announcement back in 2014 that it would start factoring SSL/TLS into its ranking algorithm. While the impact was fairly minimal at first, the positive effect an SSL certificate has on search results has continued to increase as the community pushes all sites towards encryption.
Websites with SSL are now experiencing as much as a 5% increase in search visibility compared to sites still only using HTTP. Also, referrer data is always preserved and much improved over HTTPS. This allows for greater keyword analytics and analysis for where a site’s traffic is coming from.
Chrome only making powerful features available via HTTPS
Google Chrome is also only deploying certain popular and powerful features to sites with SSL/TLS. One of these features is Geolocation. With version 50 and beyond, Chrome will no longer support obtaining a user’s location on HTTP sites. So, if a website wants local visitors to find their physical location, they need to install an SSL certificate on their domain.
HTTP/2 traffic only being served over HTTPS
HTTP/2, the first major revision of the web’s HTTP protocol since 1997 has recently been ratified by the Internet Engineering Task Force (IETF). Currently, HTTP/2 represents about 18% of global traffic and will continue to rise exponentially. The main benefit of HTTP/2 is significantly faster load times – between 20-30%!
Major browsers will only be serving HTTP/2 over sites with SSL. This is yet another sign that the future of the internet is encryption for all websites.
Gmail marking emails that are sent from non-secure mail servers
- Per Netcraft, 82% of mail servers are not utilizing a publically trusted SSL certificate. In response to this, Google has started marking emails in Gmail that are sent from mail servers without SSL/TLS.
- Once a mail server has an SSL certificate installed on it, Gmail recipients will be told that the email they open was delivered from an encrypted source, along with a link to learn more if they are unfamiliar.
The web is moving towards 100% encryption and with all of these recent browser initiatives – it’s moving fast. While this is ultimately a good thing for the entire Internet and the SSL/TLS industry, hosting companies and other IT service providers need to be pro-active and move fast to ensure all of their customers are using SSL/TLS in preparation for the upcoming changes, before they get left behind. Encrypt or die!
Or, Contact Us and we can do it for you. Until Dec 31st, 2017 if you host your website with us, we will give you an SSL certificate for FREE and as long as you host with us, and we’ll even install it for FREE. Plus we offer free migration services.