Protecting your site with HTTPS is mandatory, even if your site doesn't have sensitive information. In addition to providing crucial security and data integrity for websites and user data, HTTPS is a mandatory requirement to be able to get new features on the browser, especially in web applications. progressive.
- Intruders, whether vicious or benign, can exploit each resource between the site and the user.
- Many intruders analyze the aggregate behavior of a site, to identify users.
- HTTPS not only blocks site abuse, it is a requirement for many of the advanced features and technologies that enable application-like capabilities, for example service worker (Service Worker is a script that runs in the background in a browser, separate from the web page, opening the door to features that don't require a web page or user interaction.)
HTTPS protects the integrity of your website
HTTPS helps prevent intruders from tampering with the communication between the website and the user's browser. Intruders include intentionally malicious attackers, or intrusive but intrusive institutions / companies, such as ISPs or hotels that inject advertisements into pages. Those who subscribe to Indihome must have experienced ad interruptions from Indihome when opening a website page without HTTPS, that is an example of an intruder.
The intruders did exploit on unprotected communications to trick users into submitting sensitive information or posting malware, or insert their own ad into your own resource. For example, some third parties inject advertisements into websites that have the potential to ruin your users' surfing experience and create security vulnerabilities.
The intruder will do exploit to any unprotected resource running between the website and the user. Images, cookies, scripts, HTML… they are all exploitable. Infiltration can occur at any point on the network, including user-owned devices (PCs, laptops, tablets, etc.), Wi-Fi hotspots, or ISPs being compromised, and so on.
HTTPS protects user privacy and security
HTTPS prevents intruders from passively listening to communications between websites and users.
One of the misconceptions about HTTPS is that the only websites that need HTTPS are those that handle sensitive communications / data. Yet every unprotected HTTP request has the potential to reveal information about the user's behavior and identity.
HTTPS is the future of the web
New and advanced web platform features, such as taking pictures or recording audio with
getUserMedia (), allows application offline working with service worker, or create a web application progressive, requires explicit permission from the user before execution. Many older APIs are also being updated to ask for permission to execute, such as the geolocation API. HTTPS is a key component to the permissions workflow for both these new features and the updated API.
If your web server uses EasyEngine, cPanel, Plesk or CyberPanel; then an SSL certificate to get an HTTPS site is very easy to get. So there's no reason not to use HTTPS on your website!