There are two popular protocol which works with sites: http – very simple, and https – the same as http, but with encryption.
If you are using https site gets two benefits:
- Traffic between the user and the site cannot be read to a third party
- Traffic between the user and the site cannot be changed
Impossible to read
It is clear benefit to use https on site if it using any kind of private user information.
I have, for example, the site on which users can chat with each other. If the site works on http, the user, sitting in a cafe with free WiFi, is subject to the threat: people at the next table can already downloaded all of his correspondence. The user will not be pleased by this fact; he will come to me with the question “why you did not ensure the protection of my data?” and will be right.
And if using https, all will be wonderful – between the user and my site open a secure channel in which no one can climb.
Impossible to change
But if I have a site where is no confidential user information. For example, I have a small news site. All articles are available all over the internet, why should I put the website on https?
Https protocol used in this case not for scrambles the data transferred from the website to the user, but for ensure that the user gets exactly what the site sends him.
But what may change in the code? Well, you can get viruses in the site code, and user gets this virus with the html page. Many advertisers embed ads on other people’s websites and receive money. If the site has worked on the https, then the problem would not be – you cannot just insert advertising into the site, which uses the https.