Oh, Hello HTTP/2… SSL & Why You Need It
Posted on August 24, 2017
SSL? HTTP? HTTPS? HTTP/2? What’re those?
At the dawn of the age of the internet (~1991), a man name Tim Berners-Lee came up with an idea that he dubbed Hypertext Transfer Protocol or HTTP for short. Inspired by a need for simplicity in a growingly complicated system (the internet) and to help with the adoption of a new technology, namely the World Wide Web; he came up with this ingenious protocol that we still use today on all modern websites.
There are only a few widely adopted technologies out there from the 90s that we still use today ubiquitously; http is one of them! Nobody’s carrying their old walkman anymore… ya know? That being said, it’s current version (HTTP/1.1) is VERY outdated and does not have the robustness (is that a word?) necessary to continue improving throughput and decreasing latency, especially on handheld devices on/over 3G & 4G networks. As such, industry professionals and large organizations such as Google, Microsoft and Apple all see the need for a major update… Enter HTTP/2 or http version 2!
Ok, I kind of understand http… but what is http/2 and how is it different?
Websites that are efficient minimize the number of requests required to render an entire page by minifying (reducing the amount of code and packing smaller pieces of code into bundles, without reducing its ability to function) resources such as images and scripts. However, minification is not necessarily convenient nor efficient and may still require separate HTTP connections to get the page and the minified resources. HTTP/2 allows the server to “push” content, that is, to respond with data for more queries than the client requested. This allows the server to supply data it knows a web browser will need to render a web page, without waiting for the browser to examine the first response, and without the overhead of an additional request cycle.
Whoa… what does all that mean? Think of it this way… right now in order for a website to communicate with a server, it needs to send that server a request to render a page full of information. Essentially a one-way request from the website to the server and then the server supplies a response which is then loaded on the website. In HTTP/2 this standard functionality is replaced with two-way, simultaneous requests/responses without needing to wait for the website to ask for the information. Or another way to think about it is that the HTTP/2 protocol allows the server to anticipate the needs of the website and supply responses before they are even requested!! AND, on top of that the HTTP/2 protocol accomplishes this while at the same time reducing latency and increasing throughput.
So… what’s the big deal? Sitting at your desktop computer, connected to your super fast wifi or hardwired internet connection, that might not mean very much… but think about being in a remote location and trying to pull up a content-rich website on your cell phone… ugh! “why is it loading sooooo slow?” One might say… Well, imagine that site loading in 1 second or less even over a weak 3G signal! Now, superimpose the notion that the majority of traffic out there on the internet is via handheld devices over fairly weak cellular signals!! Suddenly those devices would have lightning-fast access to any information they needed. Not bad, eh? (Understatement of the year)!
But… here’s the thing. HTTP/2 requires SSL or Secure Socket Layer encryption in order to fully take advantage of the new protocol and the corresponding decrease in latency and increase in throughput (less slow, more fast!) So… what is a website owner to do? It’s simple really… get yourself an SSL certificate and configure it for use on your website! Simple (or not so simple) as that!
Do I really need it?
Yes. Yes you do and here’s why: Google Chrome, Firefox and Internet Explorer have committed to up their security warning game by displaying large/scary warnings on your site if you don’t have an SSL certificate by October 1st of 2017!! It’s important to note that security warnings will likely deter your userbase from visiting your website again in the future… In other words, yes you definitely need to do this and soon!
How do I get an SSL Certificate?
Never fear, the SSL Certificate is something your website host will install for you, usually for a modest fee of around $50-$80/yr (basically a couple $s per month)… However, that certificate then needs your site to have all the old HTTP links, images and scripts to get converted to use HTTPS instead. Do you know that little green “padlock” symbol you see on many websites – there’s actually one at the top of this page you’re reading right now! Well… that’s the symbol that lets you know that your connection to whatever website you see it appear on is secure! Meaning, no hacker could possibly intercept sensitive information about the site and/or it’s users without a revolution in quantum computing. Quantum Huh? – don’t worry about it, quantum computers are a whole other topic though that I won’t even try to get into in the context of this post….
Last, but not least, you’ll need to resubmit your site for indexing via Google WebMaster Tools as the HTTPS version of your site is actually considered to be an entirely different website! So all that indexing and passive search engine optimization you’ve done won’t be worth much unless you resubmit your newly secure site to Google.
Oh my goodness, that sounds like waaaay too much work
The conversion from HTTP to HTTPS is more nuanced than most people realize, it can be hours and hours of hunting through files for the unexperienced to find and replace links, images and scripts with their secure versions… But, never fear – I provide SSL conversion for WordPress users for $149/site and you’ll be staring at the Green Padlock icon next to your URL in no time!
Feel free to Contact Me for a free consultation!