HTTPS reached critical mass

HTTPS use has finally reached critical mass

HTTPS use has finally reached critical mass

HTTPS has become the norm for many websites. HTTPS is the secure version of HTTP, the markup language that websites are written in. As of April 2017, Firefox has reported 54.76% of all websites visited are secured via HTTPS.

HTTPS has reached a “moment of critical mass.” That’s according to cybersecurity researcher Troy Hunt this week after he published statistics that showed HTTPS (Hypertext Transfer Protocol Secure) usage had grown so substantially that it was becoming the “norm” now rather than the exception.

Many factors contribute to this growth.

  • Google ranks HTTPS sites above HTTP - Google Webmaster Blog August 2014 
  • The costs associated with hosting HTTPS sites have fallen significantly with projects like Let's Encrypt
  • Recent feature upgrade to the HTTP protocol, HTTP/2 was implemented by browsers to only use encryption (HTTPS)
    • HTTP/2 is much more efficient then older versions
    • HTTP/2 is faster then older versions
  • Users are becoming more educated about privacy and security matters, and prefer to interact in a secure method that protects their privacy. 
HTTPS Adoption Graph

Browsers are now holding websites to account for not implementing better security. Recent versions of Google Chrome, and Mozilla Firefox are highlighting that websites are insecure. Giving a preference to sites that implement HTTPS. 

The latest versions of Chrome and Firefox are now warning users when they are accessing webpages that are not adequately secured, which should only drive the trend toward HTTPS further. Sites that aren’t using the protocol are more susceptible to man in the middle attacks where hackers could scoop up data during the occurrence of a transaction. This may mean that your website does not appear to the user as you intended!

These warnings are vital for spreading the word to everyday users, said Hunt, especially when it comes to financial transactions. “Warnings about a site’s security at the time where you’re providing sensitive information is precisely the sort of thing that will force the hand of these sites,” he said.

Over the last two years or so there has been increasing demand for HTTPS, with most major sites now pointing to the need for better security for its users. Earlier in January, the New York Times moved to the protocol by default. Google even favors sites running HTTPS in its search results above those that do not, creating a further incentive for sites to make the move.