The adoption of the protocol’s secure variant has continued its growth spurt in recent months, crossing the 50-percent milestone for the first time ever.
More than one-half (51.8 percent) of the one million most visited websites worldwide now actively redirect to HTTPS, the secure version of the HTTP protocol over which data between a device and a website is transmitted, according to stats by security researcher Scott Helme.
The figure is a notable improvement over the 38.4 percent of the Alexa top million sites that used encrypted connections as of February 2018. That’s not to speak of the ratio (a mere 6.7 percent as per Helme’s stats) in August 2015. The world’s most popular sites that have yet to switch to HTTPS are conveniently listed on Why No HTTPS?.
“In the previous report it looked like the growth of HTTPS had slowed, which it had at the time, but as you can see from the graph here, adoption has picked up again and we’re continuing to see that sharp incline sustained. The growth shown here in this graph is unrivaled in any other security mechanism and if you think about the effort required to achieve this, how impressive it is becomes crystal clear,” wrote Helme.
The sustained pace of adoption of HTTPS can be safely attributed to two main factors: First, it’s a long-standing push by the likes of Google to eliminate unencrypted connections by nudging website owners to switch to it. Google recently launched the version 68 of its Chrome browser that labels HTTP websites as “Not secure”, with further changes to how the browser treats HTTP and HTTPS pages on the horizon. Earlier this year, the tech giant even rolled out a top-level domain (TLD) that is the first to require HTTPS traffic.
Second, digital certificates that website owners need in order to enable HTTPS on their sites can be obtained in a user-friendly way and at zero cost these days. According to Helme, one certification authority (CA) that appears to be behind much of the recent growth is the non-profit Let’s Encrypt, which was formed with the support of several major industry players in 2016.
The “S” stands for “secure”, which means that all communications passing between a visitor and a web server are encrypted and, as a result, safe from prying eyes while in transmission. On the flip side, it does not automatically mean that the site can be 100-percent trusted, as even a site with HTTPS can be malicious.
written by Tomas Foltyn, ESET We Live Security