Securing your site with HTTPS

Submitted by Bruce Abel on Wed, 09/19/2018 - 12:21
Web browser showing HTTPS connection

What is HTTPS?

HTTP Secure (HTTPS) allows secure communication on the Internet. An example of a secure URL (web address) is: https://www.onlinemedical.com.au

If you visit the website you will notice some indications that the page you are visiting is secure. How this is shown varies depending on the web browser application. Generally, you will see a padlock icon and sometimes the word “Secure”. These indicators are either nearby or within the URL bar where the website address resides.

Why use HTTPS?

There are a variety of good reasons to use HTTPS.

The latest versions of web browsers are now actively marking standard HTTP websites as insecure. Therefore not having HTTPS could mean a reduced number of site visitors. From the point of view of your site visitors, HTTPS provides reassurance as it ensures authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit.

From the larger perspective of the internet ecosystem, the ideal is to create a more secure and privacy-respecting web where all sites and services use HTTPS. For this reason, there has been an active push towards HTTPS within technical circles. Google has indicated that SSL now acts as a “ranking signal” and therefore has a positive effect on search results.

HTTPS allows us to can the benefits and avoid the downside of patients who may be confused or anxious about website security.

HTTP/2

In addition HTTPS allows us to use the next generation of internet connectivity – HTTP/2. Essentially, sites may load significantly faster when running via HTTP/2.

All Online Medical hosted sites (Drupal CMS) are running HTTPS and also HTTP/2.

What does HTTPS mean for me?

There are a few things to be aware of...

  1. Any request to view a HTTP page is now automatically redirected to the secure HTTPS address. So, any old links or bookmarks will go to the secure version of the page.
  2. When quoting the URL of your website homepage (or other link), be sure to use the HTTPS version. While redirection to the HTTPS version will occur, it may make sense to ensure that you update any existing online listings or directories that point to your homepage URL.
  3. For HTTPS to be possible, sites must utilise an SSL Certificate. All websites on the Online Medical servers utilise a common certificate. From a purely technical point of view, this shared certificate is suitable and is essentially the same technology as paid options. You should note that as this is a shared certificate, it is only available to you when hosting your website with us. Some of our clients may decide providing more reassurance to their site visitors is important – and therefore want to purchase a “Validated" SSL certificate. If this is of interest to you, please get in touch.
  4. Any links to pages or resources on your website should always utilise HTTPS. It’s important that any embedded content (for example an iFramed YouTube video) must utilise HTTPS in order to appear on the page.