What are the reasons and drivers for moving to the HTTPS protocol
Website owners are being encouraged to implement secure transmission of data between computers and their website (by Google amongst others) so that data remains private and unmodified, also cutting out "man-in-the-middle" attacks.
This means moving to the "HTTPS" protocol by installing an SSL certificate.
Adding an SSL Certificate Alone Is Not Enough.
Even having a valid SSL cerificate may not mean that all pages load properly; a warning message may appear when visiting the page; or the green padlock will not be displayed whenever the page contains a reference to a non-HTTPS resource, which is called "mixed content". Active mixed content includes resources such as Javascript, CSS and fonts; browsers will not load these resources meaning the page may not work as required or display properly to visitors. Less severe, passive mixed content includes resources which have a lot less impact on page behaviour, such as links to "HTTP" versions of images, audio and videos; browsers will load these pages but without HTTPS meaning you lose the green padlock that also tells visitors your pages are trustworthy. However, whether active or passive mixed content, your visitors can still be exploited by hackers.
Do All Businesses Need To Do This?
Yes if you want to be certain that data collected on your site (for example via forms including logins, registrations, security questions and answers and newsletter signups) is securely transmitted over the web and that visitors to your site continue to trust your online bran because you have demonstrated a commitment to their online security. In addition, Google has made HTTPS a lightweight ranking factor.
How Do Our Tools Help?
Our tools detect pages with mixed content which you can then update to use secure resources ensuring your data is transmitted under HTTPS and remains private, unmodified and protected against man-in-the-middle attacks. You can use HTTPS Checker pre-migration to identify what will need to be changed and then run it again after migration to ensure your site is free of issues. HTTPS Reporter should then be used to capture real-time reports of mixed content issues or other Content Secuity Policy (CSP) violations you may also choose to set up, such as cross-site scripting (XSS).
Where Can I Find Out More About HTTPS?
Read more about HTTPS for Google's Support Forum, the US Government, the Chrome Browser team, Mozilla Developer Network and Infosec Institute.
Will I Get A Boost In Google Rankings If I Use HTTPS?
Google confirmed on 6th August 2014 that HTTPS had become a lightweight ranking signal so there is a small benefit, although primarily it is about protecting your visitor's data and safeguarding you online reputation as an inclusive part of your regular security best practices.
Download Free For Windows Download Free For Mac OSX Download Free For Linux (.deb) Download FreeOther Platforms Available Here (Windows, Mac & Ubuntu Linux)