an arrow

What is HTTPS and Why do I need it?

back

One of the main goals of this blog is to help de-mystify the web for our clients & partners. One of the things I see the most confusion around is HTTP vs. HTTPS. You'll always see one of these acronyms at the front of a domain and may have no idea what it means. So let's break down what these things are, the differences between them and why you, as a business owner with a website, should care about them.

What the heck are these things?

Both HTTP & HTTPS are protocols used to send data over an internet connection. When you enter a URL into your browser, this prefix will tell the browser to either use HTTP or HTTPS to connect to the resource you're requesting (usually from a web server). HTTP, which stands for Hypertext Transfer Protocol, was first developed in 1974 (holy cow!) and was the web standard for a long time. HTTP usually uses what is called TCP, or Transmission Control Protocol, to actually transfer the data packets over the web when you request them. TCP dictates that every bite of information must be delivered to the user, no matter what. This is great for things like webpages where having all of the content delivered is critical. However, in some cases (like live video streaming) HTTP uses UDP, or User Datagram Protocol, which dictates that the user must receive as much data as possible, as fast as possible. A great example of UDP in action is FaceTime. Apple has built FaceTime to use UDP and prioritize the audio over video. This is why, when your connection gets weaker, your FaceTime video will get more pixelated, but the audio usually stays clear. With things like streaming or two-way video, you want the user experience to be as close to real time as possible, so you may need to drop the video resolution in order to make sure the thing someone just said gets to the user faster. While all of these protocols have made the web as we know it today, there was one critical flaw with HTTP that eventually created the need for a new transfer protocol; HTTPS.

HTTPS stands for Hypertext Transfer Protocol Secure, and aims to secure the data that is being transferred. HTTPS works essentially the same as HTTP; it still uses TCP and UDP depending on the circumstance, however HTTPS places these transfers within what is called a TLS handshake. TLS stands for Transport Layer Security and it allows the data being transferred to be encrypted while it is in transport. One of the biggest flaws with HTTP is that, because the data being sent is not encrypted, someone could gain access to said data by simply connecting to the network you are sending/ receiving from. All of this is great info, but now let's go over why you should be concerned about this as a business/ website owner.

Why should I care, as a business owner?

The main concern for you as a business owner regarding these protocols is how modern browsers & search engines treat them differently. It is always the best practice to prioritize security - because of this, browsers and search engines will treat your website differently if it doesn't provide a safe & secure HTTPS connection. For example, if a site meets certain criteria, Firefox will stop the web page from loading entirely and tell the user there is a "Potential Security Risk" on your site. One of the main criteria for this warning is the use of HTTP instead of HTTPS, though there are many other factors at play when browser's give out these warnings. This can drastically decrease traffic to your website, drive potential sales away, and create fear about the safety of your site in those potential customers. The other main concern is how Google & other search engines use the data about your site to index your SEO ranking. If you website uses HTTP only then Google will rank your site significantly lower and could potentially flag your website as unsafe, which could further decrease your site's traffic and sales.

If your current website uses HTTP, we at Black Cat Studio would love to help you get HTTPS setup; feel free to reach out to us at info@blkcatstudio.com.