All web traffic should be delivered securely between a website and its visitors. HTTPS is the network protocol that creates an encrypted communication channel that protects your data as it travels over an insecure Internet.
Integrity & Authenticity
HTTPS provides the best method for a website owner to deliver their content to their visitors exactly as it was designed and without any extra code inserted or removed by a third party. The security components within HTTPS require that the website authenticate itself to the visitor’s browser at the very beginning of the connection while also allowing the browser to perform validation checks against the server’s authentication claims.
The Network is Hostile
The path that web traffic takes across the Internet is often unpredictable and increasingly unsafe. Unencrypted web traffic is regularly intercepted, shamelessly manipulated, and arbitrarily censored, usually without the visitor or website owner knowing that these actions are taking place.
With HTTPS the website can only be delivered whole or not at all. HTTPS encloses all of a website’s data, defending against in-transit snooping and tampering as it moves through an unfortunately adverse environment.
All Traffic is Sensitive
Regular unencrypted HTTP connections to websites are a privacy vulnerability and they will always expose sensitive personal information. Third parties monitoring an HTTP connection will see a website visitor's physical location identifiers, login credentials, camera and audio feeds, search terms, medical conditions, political interests, and reading material.
HTTPS helps stop third parties from seeing and tracking the specific content a website visitor looks at. All Internet data should be given the same high level of privacy and protection, whether the website content be social, financial, medical, legal, political, scholarly, or religious.
You Love Your Users
It is the ethical duty of a website owner to provide their visitors with the most secure and safest connection method available. Enabling HTTPS directly benefits a website’s users while also helping the larger Internet — encrypting a website’s traffic removes a number of dangerous avenues of attack that are used by bad actors and malicious entities.
With an abundance of online resources and guides the technical process of adding HTTPS is a solved problem for the large majority of websites. The dollar cost to obtain the required HTTPS authentication certificates has dropped to zero. With clear security benefits and the prevailing technical and financial hurdles of the past all but gone, choosing to provide HTTPS is now a matter of principle that should be eagerly embraced.
Two of the major web browsers are already guiding web development away from insecure HTTP connections and towards an all-HTTPS web. Mozilla announced in April 2015 that they will gradually reduce the website features that Firefox is allowed to access over HTTP connections. Google will soon update Chrome to visually warn users that HTTP connections are not secure. Both companies are working on developing and promoting a number of other background technical processes that will make HTTPS connections faster and more secure.
Three of the Internet’s technical standards bodies have released statements in support of ubiquitous encryption to combat monitoring and manipulation. The IETF, IAB and W3C help define the development and construction of Internet communication and web traffic. Their strong support for encrypted traffic serves as a bellweather for how the Internet of the near future will take shape.