Use of HTTPS (which stands for HTTP Secure) has grown from 13% of the top one million websites to 19% in the past year. With major media sites such as NYTimes.com joining the movement, now over half of all web requests are served securely to the browser.
Two years after the launch of Letâs Encrypt, this is fantastic progress. In this new era of state sponsored hacking and fully professionalized cybercrime, it is heartening to see engineers get seriously organized and tackle something on the scale of securing the entire web.
Even a few years ago I would have been skeptical this would be possible. Until very recently, setting up HTTPS meant purchasing and managing certificates and configuring them correctly to work with your web server. This is a non-trivial effort and many people and companies didnât bother with it. This was especially true with the long tail of websites, but also included many major ones.
The drive to HTTPS the web did not happen by accident. It is akin to an old-fashioned barn raising but on a global scale, organized by engineers with good intentions to protect users, and ensure that the web remains a vibrant and trusted ecosystem into the future.
A few things had to come together for securing (HTTPSâing) the web to become reality:
The global internet security community had to get serious about this problem. With Google now stiffly penalizing the SEO of non-HTTPS sites, and Chrome and Firefox escalating browser warnings, website owners are rapidly supporting security. Certificate management had to become cheap and easy. We have Letâs Encrypt to thank for that. Website technology providers had to make HTTPS a turnkey experience. This is happening now.When you bring up Feld Thoughts in your browser, you should see something like the following:
I am happy with what the Pantheon team has built. They didnât cut any corners:
HTTPS is available for free as a turnkey service for all plan levels Because this feature is deeply integrated into their CDN, you donât pay a performance penalty for deploying HTTPS Their CDN speeds up pageloads by 50% to 300% by caching full page content (traditionally almost impossible to achieve with dynamic CMS systems)When you load your website, do you see the happy green box of Secure âhttpsâ? If so, nice work! If you donât, do your website visitors a favor â email your website developer and ask them to help you set it up.
If they tell you it is too much work and/or too expensive, then you should look into changing hosts.
Also published on Medium.