Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Why don't all websites use HTTPS?

user-image
Question added by Dana Qaisi , Social Media Specialist , N/A
Date Posted: 2015/12/29
Montaser Maher Tomiza
by Montaser Maher Tomiza , Senior Product Designer UIUX & Product Manager , ArabiaWeather

years ago I would have agreed with the other answers that HTTPS is unnecessary for most web sites. Today, I'm no longer convinced it's optional. 

  • Encrypted connections reduce the opportunity for ISP and government tracking, both a problem in most countries, including the US.
  • Encrypted connections reduce the opportunity for on-the-wire malware and spoofing.
  • Encrypted connections make up for the inadequacy of the insecure DNS infrastructure to some extent.
  • The browser enforces a slightly higher security policy for HTTPS connections, reducing hack opportunities on the client regardless of the communication channel.
  • If HTTPS is not present, even once, for one web site, a user is vulnerable to all of the above attacks or tracking.
  • A computer which is hacked even once is owned by the hacker, forever or until it's reformatted and restored to a safe state.

The cost of HTTPS are also minimal for each web connection.

  • The CPU cost of-bit encryption is very low, comparable or lower than compression algorithms.
  • The extra ~ms latency of the7-way SSL handshake only occurs once per web connection.

The benefits far outweigh the costs in the modern computing environment on the Internet.

Faris Hassan
by Faris Hassan , Technology Consultant , Miramar Films

HTTPS is not required for all site since some are just information sites. They dont require any secure communication like for money transfers or confidential data exchanges.

Deleted user
by Deleted user

HTTPS is secure (SSL) version of HTTP Protocol. Main purpose of HTTPS is used to secure the data communication from Sniffers. 

However, it is not a good practice to implement it with every website, because if a website is public and do not require any authentication then, there is no need to attach an additional encryption/decryption overhead to the data communication process.

Also, it is good (not mandatory) if the website Security Certificate is required to be signed by an Trusted signing authority.

Now-a-days, almost every website is using HTTPS for the user/session specific webpages and HTTP for the public pages.

Therefore, If someone is not using HTTPS accordingly, then it must not have awareness about the circumstances.

Ajaya Mohanty Ajaya
by Ajaya Mohanty Ajaya , District Project Officer , Odisha State Disaster Management Authority

Only secure website use https

Ahamed Mujtaba nayeem
by Ahamed Mujtaba nayeem , Senior IT Officer , Techno Q

Not all websites require security features like encryption.

 

Also it adds cost for buying a SSL certificate to run a website on https.

 

However, SSL certfificates are getting cheaper nowadays

Haji Raheemuddin
by Haji Raheemuddin , IT Support Engineer , Abdulla fouad holding company

HTTPS( the SSL) adds latency which means a slower connection but surely secure.

just the HTTPS connection means a much slower world than todays technology.

SSL connection costs an extra buck compared to the normal HTTP & it doesnt support the virtual hosts.

hence considering the impact of HTTPS, many general websites still use HTTP connection for a faster browsing experience with minimal outage & less cost.

Rehan Farooq
by Rehan Farooq , WEB DEVELOPER/DIGITAL MARKETING EXPERT , Upwork

I would say not everyone can afford the SSL as one have to buy a dedicated IP to host the SSL certificate and it costs lot for those who are just running small level websites.

 

However now hope within few coming years people will tend to get the SSL due to Google latest release of giving priority to HTTPS sites over HTTP.

asker ali
by asker ali , Web Developer , Techmart Solutions Middle east

The most common type of SSL certificate requires that each Web site has a dedicated IP address. Shared hosting allows many sites on a single IP address; if we were to have every site on its own IP address we'd soon run out, assuming we don't switch to IPv6 which has its own problems. There are ways around this, but they're not universally supported in all browsers.

ashraf taha
by ashraf taha , مدرس - teacher , مراكز تعليمية - Educational centers

Because of the difference between the sites - social - educational - entertainment - Chat

Syed Quadri
by Syed Quadri , Accountant , Deccan Radio (107.8 MHz)

They have their own privacy which they can't share with anyone , that's the reason they build or prepare a software according to their comfortable and policies

Baha'a Alsayyed
by Baha'a Alsayyed , IT-Manager , Taibah University

Not all websites required to provide an additional security for their own sites.

Some of them are not sensitive contents. 

More Questions Like This