There are many websites that come with or without HTTPS (Hypertext Transfer Protocol Secure). Lately, search giant Google has announced that it is giving HTTPS sites higher search rankings.
Hypertext Transfer Protocol Secure (HTTPS) is a communications protocol for secure communication over a computer network, with especially wide deployment on the Internet. Technically, it is not a protocol in and of itself; rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. The main motivation for HTTPS is to prevent wiretapping and man-in-the-middle attacks. In short, HTTPS is used for protecting page authenticity on all types of websites, securing accounts and keeping user communications, identity and web browsing private.
A site should be completely hosted over HTTPS, without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance. For example, having scripts etc. loaded insecurely on an HTTPS page makes the user vulnerable to attacks. Also having only a certain page that contains sensitive information (such as a log-in page) of a website loaded over HTTPS, while having the rest of the website loaded over plain HTTP, will expose the user to attacks. On a site that has sensitive information somewhere on it, every time that site is accessed with HTTP instead of HTTPS the user and the session will get exposed. Similarly, cookies on a site served through HTTPS have to have the secure attribute enabled.
According to Google, security is a top priority for them and HTTPS provides authentication of the website and associated web server that one is communicating with, which protects against man-in-the-middle attacks. Additionally, it provides bidirectional encryption of communications between a client and server, which protects against eavesdropping and tampering with and/or forging the contents of the communication. In practice, this provides a reasonable guarantee that one is communicating with precisely the website that one intended to communicate with (as opposed to an imposter), as well as ensuring that the contents of communications between the user and site cannot be read or forged by any third party.
Few months ago at Google I/O, Google called for “HTTPS everywhere” on the web. Later, Google saw more and more webmasters adopting HTTPS on their website, which is really “encouraging” for the search giant. These have given Google a positive vibe and now it has decided to start to use HTTPS as a ranking signal. For more details, hit the link below.
Source: Google (Webmaster Central Blog)
[ttjad keyword=”security”]
