Last week I finally took the time to configure all my sites to use HTTPS by default. If you look up at the address bar you will notice there is now a small lock icon next to the url.
If you own a website and haven not switched to HTTPS, now might be a good time to do so. Depending on your server setup, this might take a little bit of effort, but if you host your site on Amazon S3 and CloudFront like me, it is super easy. Earlier this year, Amazon announced AWS Certificate Manager, which greatly simplifies setting up SSL for your AWS resources.
Why should I bother? My website is just pictures of cats wearing silly hats
HTTPS makes the web more secure for everyone. The faster all websites transition to HTTPS, the faster regular HTTP connections can be marked as unsafe. Google even announced plans to eventually mark all HTTP pages as unsafe and displaying this warning:
On today's web, this feature would make the internet feel very broken, as demonstrated in this article, where the writer enables the
Mark non-secure origins as non-secure option which already exists in Chrome.
Who cares about a little red triangle...most of my visitors are color blind
Congratulations on finding your niche of color blind cat lovers. Perhaps you care about your site's ranking in Google's search results though? As early as 2014, Google announced that it would be rewarding HTTPS pages with a higher ranking. While initially this ranking signal was very lightweight, it is likely that Google has increased the importance of the signal over the years, as they indicated they would do.
The magic green lock
It might be a hassle to enable SSL for your site, but there are plenty of reasons to do so. Don't procrastinate like me. Go out and procure this magic green lock.