HTTPS By Default – Making The Case For Going Green With Site-Wide SSL
Back in 2015 on our Georgia Web Development Website we made the switch to full site-wide SSL by default. We even took it a step further and implemented what is known as “Force SSL”. Force SSL utilizes code that automatically redirects all non-secure HTTP requests to the respective secure HTTPS URL. Like it’s name implies, force SSL forces all browser communication with the website to occur over a secure, encrypted connection.
While there are a number of ways to implement Forced SSL on entire websites or even single pages we won’t be going into those options here. Instead I’ll stick with the title of the article and attempt to make the case for why moving to HTTPS site-wide by default not only makes sense but should be the new standard for both webmasters and website owners in 2017.
Back in early 2015 Georgia Web Development began implementing site-wide SSL with all of our new eCommerce Starter Package Websites that we developed, designed and launched for our clients. Obviously we were already implementing SSL on cart, checkout, and forms submissions but it made sense to finally adopt and embrace the site-wide SSL by default approach. We went a step further no long after that and very soon began making site-wide SSL the default for all of our new Starter Basic Website Packages as well moving forward.
We’re thoroughly convinced through our own experience, testing, and working knowledge of deploying Site-Wide SSL that it’s benefits far outweigh any arguments against using it.
SSL/HTTPS – What Is It?
SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This secure link ensures that all data that passes between the web server and browser remains private and integral. Usually when data is transmitted between browsers and web servers (HTTP) it’s done using plain text.
This transmission in plain text leaves the connection open and vulnerable to what is known as eavesdropping. If an attacker or eavesdropper is able to intercept the data being sent between a browser and a web server that’s using plain text transmission then the information can been seen and used.
On the other hand when using a Secure SSL Connection the sessions don’t use plain text transmission. SSL or HTTPS sessions are established using the following technique:
- The user’s Web Browser contacts the server via a secure URL (HTTPS://)
- The Server then responds by transmitting to the the browser it’s public key and a server certificate.
- The client’s browser and server then negotiate the level of encryption to use for the secure communications.
- The client’s browser encrypts a session key with the server’s public key and then sends the encrypted data back to the server.
- The Server then decrypts the message sent by the client’s browser using its private key, and a secure session is established.
- Both the client and the server use the session key to encrypt and decrypt the transmitted data.
Google I/O 2014 – HTTPS Everywhere
On June 25th, 2014 at Google I/O 2014, Google’s Pierre Far and Ilya Grigorik made their presentation calling for HTTPS Everywhere. In summary they reminded all of us that data delivered over an unencrypted channel is insecure, untrustworthy, and is easily intercepted. They also reminded webmasters and website owners of the importance of protecting the security, privacy, and integrity of user data. Google I/O is an annual software developer-focused conference held by Google in San Francisco, California. Google I/O features highly technical, in-depth sessions focused on building web, mobile, and enterprise applications with Google and open web technologies such as Android, Chrome, Chrome OS, Google APIs, Google Web Toolkit, App Engine, and more.
Benefits of Implementing Site-Wide SSL
- Gain Your Site Visitors’ Trust
- Protecting The Security, Privacy, and Integrity of User Data
- Encrypt Information So That It Can Only Be Read and Understood By The Intended Parties
- Added Brand Power
- Guard Against Phishing Attacks
- Marginal Boost In Search Engine Rankings Vs. Non-SSL Sites Being Returned In Relevant Search Queries (*Implementing site-wide SSL on your website is not a predominant SEO Factor. It’s only a very small piece of the whole SEO equation.)
While much more can be and has been written about the benefits of implementing Site-Wide SSL hopefully this short article scratches the surface a bit and helps to make the case for going green with Site-Wide SSL the new default for webmasters and website owners.
FREE HTTPS – SSL Project Consultations
Simply use the form on the bottom of this page to send us your SSL or HTTPS related questions.
From help choosing the right type of SSL Certificate for your website to helping you properly 301 redirect to your new SSL pages we’re here to offer our free expert advice without any fancy sales pitches thrown in (we promise).
Mark D. Hulett is the Senior eCommerce Website Developer & Designer at Georgia Web Development. His experience and working knowledge of eCommerce website development and design spans more than a decade.