Why Doesn’t Every Site Use HTTPS?

by on Mar 27, 2011 | 3 comments

You may have seen that a lot of popular sites such as Facebook, Twitter and Hotmail are moving from using HTTPS only for their login pages to using it for their entire site. For some of these sites, it is a user configurable option right now, but ultimately it will be the default method of access over standard HTTP.

So that may raise the question to you that if HTTPS is much more secure, why doesn’t every site use it? That very question is answered in this excellent article on Ars Technica: HTTPS is more secure, so why isn’t the Web using it?

There are several reasons HTTPS isn’t used everywhere:

  • Adds latency to connections since servers have to process key exchanges and lose the ability to cache
  • Extra cost of security certificates
  • Requirement that a unique IP must be used for an SSL certificate (i.e. no shared hosting which just about every web host employs)
  • Many sites simply don’t need it (if you never send sensitive informatin to a site then there is no reason to secure the traffic)

This is a very interesting read and well worth it. While I think HTTPS will become a bit more commonplace, I don’t see the web ever moving to HTTPS only as it is cost prohibitive for smaller sites.

Free eBook!

Like what you read?

If so, please join over 28,000 people who receive our exclusive weekly newsletter and computer tips, and get FREE COPIES of 5 eBooks we created, as our gift to you for subscribing. Just enter your name and email below:

Post A Comment Using Facebook

Discuss This Article (Without Facebook)

3 comments

  1. Backups kid / March 27, 2011

    I’m not geeky enough to understand what this means “Adds latency to connections since servers have to process key exchanges and lose the ability to cache”, perhaps this covers what I am about to say. A reason why https isn’t used by the entire website is the extra computing power needed in order to encode and decode pages.

    Perhaps for the super large companies this isn’t an issue, but I do know for many SMEs they try to limit the https for login pages in order to limit CPU cycles.

    Reply
  2. Jason Faulkner / March 28, 2011

    Essentially, you have the right idea.

    If you are interested in a more technical overview: http://www.networksolutions.com/SSL-certificates/how-ssl-works.jsp

    Reply
  3. Thor / March 28, 2011

    Facebook won’t start that trend (https on all) until CIA has the capability to crack that level of encription, there probably is a clause to that effect in the contract signed when Rand Corporation funded Facebooks initial IPO. :)

    Reply

Leave a Reply

PCMech Insider Cover Images - Subscribe To Get Your Copies!
Learn More
Every week, hundreds of tech enthusiasts, computer owners
and geeks read The Insider, the digital magazine of PCMech.

What’s Your Preference?

Daily Alerts

Each day we send out a quick email to thousands of PCMECH readers to notify them of new posts. This email is just a short, plain email with titles and links to our latest posts. You can unsubscribe from this service at any time.

You can subscribe to it by leaving your email address in the following field and confirming your subscription when you get an email asking you to do so.

Enter your email address for
Daily Updates:

Weekly Newsletter

Running for over 6 years, the PCMECH weekly newsletter helps you keep tabs on the world of tech. Each issue includes news bits, an article, an exclusive rant as well as a download of the week. This newsletter is subscribed to by over 28,000 readers (many who also subscribe to the other option) - come join the community!

To subscribe to this weekly newsletter simply add your email address to the following field and then follow the confirmation prompts. You will be able to unsubscribe at any time.

Enter your email address for
Free Weekly Newsletter: