Welcome to WebmasterWorld Guest from 54.162.19.123

Forum Moderators: phranque

Over 50pct of Web Pages Loaded by Firefox are Using HTTPS

     
12:23 pm on Feb 1, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24156
votes: 522


According the Let's Encrypt Stats released by Mozilla and on web pages loaded by Firefox using HTTPS has now reached over 50%.

The growth in certificates shows that the count is now over 25 million fully qualified domains active. Huge changes since the figures started back in November 2015.

Take a look at the stats on this page, which is updated daily.
[letsencrypt.org...]
1:39 pm on Feb 1, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts:348
votes: 50


Wow 50%. That's more than I would have thought. The Internet is definitively going https.

I am glad I made the switch last year, it's not only safer for the members of my forum, but it has also improved the speed of my site, thanks to the use of http/2.
4:45 pm on Feb 1, 2017 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2637
votes: 80


90% of page loads not sites. A lot of those are probably a handful of big sites.
6:56 pm on Feb 1, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member topr8 is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 19, 2002
posts:3288
votes: 24


>>90% of page loads not sites. A lot of those are probably a handful of big sites.

i agree with graeme_p i wonder how many of those page loads are facebook alone.
8:26 pm on Feb 1, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8347
votes: 339


it has also improved the speed of my site, thanks to the use of http/2
Too bad many (most?) shard hosting servers don't support HTTP/2. This may end up a long process in itself.
9:45 pm on Feb 1, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1427
votes: 178


About 36% of the top million sites employ HTTPS [httparchive.org ].

Not sure how representative that Telemetry data is, considering it's an opt-in feature in Firefox.
9:15 am on Feb 2, 2017 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:24156
votes: 522


It seems logical, especially when you see the number of certificates issued, and it'll only continue to increase.
It's a shame, in one respect, that every site is going to end up going https.
9:20 am on Feb 2, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:8347
votes: 339


It's a shame, in one respect, that every site is going to end up going https.
Why do you feel it's a shame engine?
10:58 am on Feb 21, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:July 29, 2007
posts:1757
votes: 86


I think it's a shame too. Regardless of what Google says HTTPS is not appropriate for all sites(unless it's free) because some sites do not pass any personal information or sell anything or accept credit cards etc. Some are just hobby sites and there is nothing to protect with encryption and I suspect many of these will simply go offline instead of pay up another $100 or so(prices change, I just saw that price on a popular hosting service tonight).

Shouldn't google be checking to see which sites do not need it, much like they check to see if sites are up to date on wordpress, and not penalize or shame them for not being HTTPS if they don't need to be? It's not a free service.

I understand their argument of forcing it on all sites, it's the same argument that tells you to let wordpress update your site for you, but it's simply not going to do an ounce of good for many sites so why should they pay cash for it or be shamed out of rankings? The crowd that simply says you need to do it without being able to answer why on those types of sites sites is a bit aggresive about it too.... again, it's not free or even cheap compared to the registration cost.
11:16 am on Feb 21, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Nov 13, 2016
posts: 348
votes: 50


You can get SSL certificate for free, and most of CMS or Web host now propose a button to press just to switch to SSL. The arrival of Let's Encrypt , which is free and which can be queried automatically greatly helped.

Also, beside sensitive information that a site can collect or not, there is still the risk of a "man in the middle" attack, when an intermediate server, router, or what ever else is compromised, and can inject malicious code into your page during its transmission between your server and the client device. SSL prevents this (if I don't make mistakes).
11:28 am on Feb 21, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1427
votes: 178


The content of a website can be sensitive too, even if it's just information. It all travels over the wire in plain-text. What's sensitive to some may not be sensitive to others, so it's impossible for Google (or anyone else) to tell. It's best to encrypt everything. And $100 is a ripoff obviously.
1:57 pm on Feb 21, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3233
votes: 149


The kind of certificate that hobby/personal/information sites can use is easily under $5US a year. If you don't collect PII or require accounts and passwords there's no reason to spend more in case a host doesn't offer the free LetsEncrypt/CP certificates. Cost is not an excuse.
6:40 am on Feb 23, 2017 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2637
votes: 80


What does bother me is centralised control. Someone why can get to all certificate authorities (the US gov, maybe?) could force a site off the web.

As I just said in another thread, the problem with SSL is that it ties encryption to identity. SSH does just encryption so its free and easy to implement.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members