What is https & SSL

http and https are protocols that your browser and other devices commonly use to facilitate the transfer of data. When you visit a website your browser will make what’s called a http request to the server the website is hosted on. That server will most likely send an http response containing the website resource. Your browser (or other device) will then interpret and display this resource in the intended manner.

http sends information in plain text, meaning anyone who is able to access that request can read its contents. For obvious reasons this makes http unsecure for any website that requires the private transmission of information (especially for eCommerce or where personal/financial information is being sent).

https fixes this problem by utilizing something known as SSL to encrypt the information that is being sent and received. The process by which SSL works is quite technical, but you can trust that if a site is a website is submitting information via https then that information is as safe as possible while in transit.

https and SSL add a layer of protection to data while it is “on the wire” and during the actual communication  between two devices. It does not secure you from any vulnerabilities at either endpoint of that communication. If you had accidentally installed malware that was logging keystrokes, it would still be possible to capture private information submitted through a https secured website. Similarly if the company you are submitting the data to mishandles it after it is recieved, https wont protect you from that risk.

As a website user, never make a purchase or submit private information through a website that is not using https. You can check whether it is using this by a small lock or similar icon in the address bar of your browser. Sometimes it will even display the official company name alongside for extra verification.

As a website owner, it is very important that you ensure https is implemented on any page that transmits sensitive data, especially financial information (eCommerce and checkout pages). Google recently announced that they provide a slight organic rankings boost to websites using https and industry expects predict this to become more important in the future. Google also announced that they will soon begin flagging any pages that contain a form that are not running on https. Although this wont affect usability, it may dissuade users from using the form and affect the overall trustworthiness of your website.

To implement https you need to buy a SSL certificate. This is a text file with encrypted data that helps secure the traffic to and from your website. Most hosting providers also provide SSL certificates, or the ability to set up SSL through them. This is generally the easiest option and can usually be found within your hosting dashboard.  Google also has a handful of technical recommendations to give your web provider if your website is managed by an agency or third party. These recommendations will help ensure you don’t harm the existing SEO of your site.