Use of HTTPS (which stands for HTTP Secure) has grown from 13% of the top one million websites to 19% in the past year. With major media sites such as NYTimes.com joining the movement, now over half of all web requests are served securely to the browser.
Two years after the launch of Let’s Encrypt, this is fantastic progress. In this new era of state sponsored hacking and fully professionalized cybercrime, it is heartening to see engineers get seriously organized and tackle something on the scale of securing the entire web.
Even a few years ago I would have been skeptical this would be possible. Until very recently, setting up HTTPS meant purchasing and managing certificates and configuring them correctly to work with your web server. This is a non-trivial effort and many people and companies didn’t bother with it. This was especially true with the long tail of websites, but also included many major ones.
The drive to HTTPS the web did not happen by accident. It is akin to an old-fashioned barn raising but on a global scale, organized by engineers with good intentions to protect users, and ensure that the web remains a vibrant and trusted ecosystem into the future.
A few things had to come together for securing (HTTPS’ing) the web to become reality:
- The global internet security community had to get serious about this problem. With Google now stiffly penalizing the SEO of non-HTTPS sites, and Chrome and Firefox escalating browser warnings, website owners are rapidly supporting security.
- Certificate management had to become cheap and easy. We have Let’s Encrypt to thank for that.
- Website technology providers had to make HTTPS a turnkey experience. This is happening now.
When you bring up Feld Thoughts in your browser, you should see something like the following:
Pantheon, one of our portfolio companies, hosts my website and made this happen, in zero clicks. With Pantheon, HTTPS just works out of the box and they are now providing HTTPS (powered by Let’s Encrypt) for all 200,000 of their websites, free of charge. Even better, it is powered by their new Global CDN, with over 30 points of presence and the most sophisticated Drupal and WordPress caching technology available on the market.
I am happy with what the Pantheon team has built. They didn’t cut any corners:
- HTTPS is available for free as a turnkey service for all plan levels
- Because this feature is deeply integrated into their CDN, you don’t pay a performance penalty for deploying HTTPS
- Their CDN speeds up pageloads by 50% to 300% by caching full page content (traditionally almost impossible to achieve with dynamic CMS systems)
When you load your website, do you see the happy green box of Secure “https”? If so, nice work! If you don’t, do your website visitors a favor – email your website developer and ask them to help you set it up.
If they tell you it is too much work and/or too expensive, then you should look into changing hosts. Email me if you’d like an intro to the gang at Pantheon.