HTTP to HTTPS: Why you need HTTPS for your website, today


Think you don’t need HTTPS for your website? Well, you do. Even if your site does not sell products via e-commerce, web security risks exist for plain HTTP connections. And search engines are starting to lower non-HTTPS sites in search ranking. Even the US government is moving all their sites from HTTP to HTTPS. Here’s why you should, too.

example of HTTPS site

Why Move from HTTP to HTTPS

Without HTTPS, a user’s connection to your site can easily be monitored or modified. Non-HTTPS connections could even allow your site to be impersonated by a hacker.

According to, a properly-configured HTTPS connection guarantees three things:

  1. Confidentiality
    Over HTTPS, a visitor’s connection is encrypted. This obscures their stored cookies and other sensitive user data.
  2. Authenticity
    HTTPS ensures a visitor is talking to your “real” website, not to an impersonator or a “man-in-the-middle” who stepped in.
  3. Integrity
    HTTPS connections mean data sent between a visitor and your website has not been tampered with.

Additional Considerations

In addition, there are some newer incentives emerging that make moving your site from HTTP to HTTPS even more important.

  • **HTTPS for SEO **
    One of the biggest reasons besides security to move to from HTTP to HTTPS is that Google may soon start penalizing non-HTTPS sites in search results.
  • **HTTPS for User Experience **
    Browsers are starting to design more noticeable security icons for the address bar. Users are going to get accustomed to an icon that indicates HTTPS, and may suspect your site if it doesn’t have it.
  • ****HTTPS for General Security
    ****In principle, all form submissions should use SSL/TLS by default, even if there is no explicit compliance requirement. Those requirements are based on universally acknowledged best information security practices. If the data your site is handling is confidential in any sense, you should be using these same practices. This is especially relevant when credentials or other personal information are being passed over HTTP.


Want to know more about this topic? Read my entire HTTPS post over on Medium. Over there I answer questions, such as:

Is there any particular type of organization that should care more about having HTTPS than others?

If I don’t offer e-commerce, why would I want HTTPS on my site?

What does upgrading to from HTTP to HTTPS involve?

How does moving to HTTPS fit into an overall security plan/update?

What is the cost to upgrade to HTTPS?

Is this worthwhile? Do people even notice the new security flags in their browsers?

That post again is: 

Related Articles

Designing for Digital and Print

Having consistent messaging, look, and feel is essential to providing a seamless experience for users. Translating that across digital and print can be a challenge. ...

Rob McFarlane
By Rob McFarlane
Oct 29th, 2018

All The Tests: PINT’s Overview of Web Testing

To help you get started with testing, we’ve compiled some of the basics: Types of Tests you’ll want to consider and the concept of The Testing Pyramid. ...

Preston Resenbeck
By Preston Resenbeck
Sep 18th, 2018

Tell us about your project

Please fill out your information and submit