Difference between HTTP vs HTTPS, learn in detail about why SSL Certificate is important for website and mobile security and how to enable HTTPS.

1. HTTP vs. HTTPS, Do You Really
Need HTTPS?

2. A closer look at why HTTPS is the ideal way
to serve your website
• HTTP is the now 15-year-old protocol on which the world wide web was built.
HTTP stands for “hypertext transfer protocol” and offers a method of data
communication for the Internet.
• The problem with HTTP connections is that they are unsecured. This means that
any data transferred with the HTTP protocol is out in the open-it means that it can
be intercepted and even manipulated by third parties.

3. • To combat this, SSL or Secure Sockets Layer was created. SSL is a protocol for
encrypting communication so that it can no longer be seen or affected by third
parties.
• As SSL evolved it was replaced by TLS, or Transport Layer Security. Both
accomplish the same goal, TLS is just a more secure way of encrypting that
information.
• The rise of SSL/TLS gave way to HTTPS, also called HTTP over TLS. This is a
secure protocol for communication over the Internet.
• HTTPS is by far superior to HTTP, yet many around the web have yet to adopt
the protocol.
• In this article we will look at some of the reasons you should start using HTTPS
and also address some myths and misconceptions about HTTPS.

4. Myth: HTTPS is Slower
• One of the biggest reasons that website have failed to adopt the HTTPS protocol is that there is a
belief among many around the web that HTTPS is slower.
• Speed is everything on the Internet, having a delay in load times can be seen as a major problem
by many web hosts and site operators.
• Fortunately, this is a myth. HTTPS is actually much faster than HTTP.
• But don’t take our word for it, there are numerous websites you can go to that test this theory
and prove our point.
• Our favorite is HTTPvsHTTPS.com. Upon running the test three times on our 85 mbps connection
the site loaded 82% faster using the HTTPS protocol than it did via the HTTP protocol.

5. • This is just one example, and results may vary based on connection speed and a range of
other factors, but the idea that HTTP is somehow a faster protocol is absolute myth.

6. HTTPS Improves Google Search Rankings
• Serving your website over HTTPS offers more than just a secure connection for you and
your site’s visitors.
• It also can increase your Google search rankings. Google, which is typically pretty tight-
lipped about its search algorithm, announced back in 2014 that it would start using
HTTPS as a ranking signal.
• Google is one of the biggest names in the web industry, a titan if you will, and this is a
clear nod from it that Secure Socket Layer and serving your website over HTTPS is of
increasing importance.
• Especially with the advent of HTTP/2, the successor to HTTP, which requires an
encrypted connection in order to work.

7. • But back to the SEO benefits that HTTPS and SSL/TLS can provide, every boost you can give your
business when it comes to your search rankings is integral to your success. No, having an
encrypted connection won’t replace the need for regular dynamic content and running a good site.
• But it could be the difference between page one and page two. And that has a major impact on
both your bottom line and your business’ reputation.

8. Encryption Protects Your Website from Attacks
• There are a couple kinds of attacks that can occur over HTTP that are simply not
possible using the HTTPS protocol.
• One of them is the MITM (Man in the Middle) attack. During the MITM two
parties that think they are directly communicating are having that
communication intercepted and either stolen or altered.
• As you can imagine, this can be disastrous, especially if your website and its
visitors are exchanging personal information or financial information.
• However, with an encrypted connection this kind of attack is easily prevented.

9. • The other kind of attack, or perhaps more appropriately, interference, is content injection. Have
you ever noticed that when you access the Internet on an airplane, that airline’s ads appear all
over the web pages you visit? That’s an example of content injection.
• During content injection, websites served over HTTP can have content injected by anyone in the
chain of custody. This means ads or other content can make their way on to your website without
your consent. Or in other words, the integrity of your website is being affected by a third party.
• Content injection can also be malicious. Whether it be a malicious piece of code or some other sort
of content that’s being injected, a third party can easily affect your website over the HTTP
protocol.

10. Enabling HTTPS with SSL
• In order to enable HTTPS, you must first purchase an SSL/TLS certificate. But before we get to that, a bit of
background. SSL is actually outmoded; it’s just become the colloquial term for TLS at this point.
• So you’re not really purchasing an SSL certificate anymore, you’re purchasing a TLS certificate – it’s just that most
CA’s and re-sellers still refer to it as SSL.
• Now back to enabling HTTPS. The first step is to purchase an SSL/TLS certificate. Then it’s just a matter of
installing the certificate properly and configuring your server to enable it.
• Some servers will refer to it as “enabling SSL,” others refer to it as “enabling HTTPS.” Either way, you need to
configure your server so that your entire website – every single page, not just login and checkout screens – is
served on HTTPS.
• This is the only way to see the full benefit of SSL/TLS, and also the only way to get an SEO boost from it.

11. • After that communication to and from your website is secure and can make use of the
HTTP/2 protocol as that becomes more widely adopted.
• But it all starts with selecting the right SSL/TLS certificate for your needs.

12. Mobile Security with HTTPS
• HTTPS also protects traffic on mobile devices. This is extremely important as
more and more people are using their phones to surf the Internet and make e-
commerce purchases.
• The good news is that the vast majority of SSL/TLS certificates are mobile
friendly, meaning that once you purchase one, install it and configure your server
correctly, you’re good to go on mobile devices.

13. • But what about apps? Well, both Apple and Google, two of the leaders in the mobile phone industry, are pushing
mobile apps towards encryption by default.
• Apple has App Transport Security on its iOS, while Google has the usesCleartextTraffic manifest attribute on
Android.
• Apple’s ATS is pushing towards encryption a little harder as its default setting is to have encryption on, while
on the Android platform it’s not.
• But both are making a clear indication that HTTPS is becoming the standard.

14. Types of SSL Security
• So by now it’s become obvious that encryption is a must, the future of the
Internet is largely contingent upon it. But what type of SSL/TLS certificate is
right for you?
• There are three basic types of SSL/TLS certificate
• Domain Validation
• Organization Validation
• Extended Validation.
• All three offer the same level of encryption. But there are some fairly sizable
differences beyond just that.

15. Domain Validation SSL
• Domain Validation certificates are perfect for small non-e-commerce websites
like blogs and personal sites.
• They simply require you to prove ownership over the domain and you can
encrypt.
• In fact, some companies have even begun to offer no-frills, encryption only DV
certificates for free.

16. Organization Validation SSL
• Above that are Organization Validation SSL/TLS certificates.
• These offer a degree of business authentication, meaning that the Certificate Authority
that’s issuing it will vet your company to ensure that it is indeed legitimate.
• The downside to OV certs is that the visual indicators are nearly identical to EV certs
and often people miss the vital details that come with having your business
authenticated.
• These certificates are good for larger enterprise businesses that already have
outstanding reputations.

17. Extended Validation SSL
• The top-of-the-line SSL/TLS certificates are Extended Validation.
• These require the most vetting but also unlock the most obvious visual indicators a
green address bar with your organization’s name in it.
• These certificates offer an ideal level of business authentication, come with the best
trust seals – another visual indicator of SSL encryption – and are often packaged with
other high-end security products to make them a better value.
• They’re also proven to increase conversions and ultimately will pay for themselves.

18. Conclusion
• The Internet is on the precipice of a huge shift from HTTP to HTTP/2. With it, will come
new requirements for websites to display properly. Soon, websites being served over
HTTP will receive browser warnings about being unsecured. This will dissuade
potential traffic from visiting and will have adverse effects on your website.
• The only way to avoid this and stay ahead of the changes is to encrypt and start serving
your site over the HTTPS protocol. This may sound like a lot, but really it’s as simple as
purchasing or acquiring an SSL/TLS certificate, installing it correctly and configuring
your server to use HTTPS.
• The choice is yours – and it should be an obvious one.

19. Important Resources
• Real time SSL certificate checker tool
• How crucial a trust seal to influence e-Commerce business ROI
• Cyber Attacks and SSL Security

20. For More Information on HTTPS
Blog: cheapsslsecurity.com/blog
Facebook: CheapSSLSecurities
Twitter: SSLSecurity
Google Plus: +Cheapsslsecurity