HTTP vs HTTPS URLs

When using URLs on webpages, documents, or other files, it is important to pay attention to the first part of the URL—HTTP or HTTPS. This could apply to hyperlinks, iFrame code, embedded images and videos, etc.

The “s” in HTTPS means that the connection is secure. URLs that use HTTP are not secure and malicious parties could steal the data being sent. They may intercept usernames, passwords, or other information filled out in a form; credit card information; or other personal data. For details on how HTTP and HTTPS work, there’s an easy-to-understand article that explains it using a carrier pigeon example.

Depending on how a web server is set up, the URL may work using either HTTP or HTTPS, it may redirect you to HTTPS even if you specify HTTP, or it may only work with HTTP. When you are using a URL on a webpage it is important to always use the HTTPS URL, if it works, to provide the most secure experience for users and prevent any security risks on your site.

Most modern web browsers will show a padlock icon in the address bar when a site is viewed over HTTPS. While people may misunderstand the padlock icon to mean an “authentic” website or brand as opposed to security, sending them to these HTTP sites could affect their opinion of your site later on, especially if the link is another Michigan Tech-affiliated site or subdomain as users will see them all as the Michigan Tech entity.

Another reason to make sure your sites outside of UMC’s CMS use HTTPS and link to the HTTPS version of a URL is search engine ranking. While it doesn’t lead to a large jump in ranking in itself, HTTP vs HTTPS can play a tiebreaker role between two sites with otherwise equal ranking. Using HTTPS also adds to a good user experience, which Google values as well.

Some browsers have started to block “mixed content.” This is when a webpage references both HTTP and HTTPS URLs. Currently, JavaScript, CSS, fonts, and iFrame embeds must all be one or the other. If there are some of each, the embeds are at risk of being blocked. In the future, it is possible that browsers could expand these restrictions to include more things, such as links to external websites, images, or videos, as security researchers discover new methods being used to steal information. By making it a habit to always use the HTTPS version of a URL when possible, our websites should adapt automatically based on the latest standards.

Every time you put a URL somewhere on your webpage, pay attention to the HTTP or HTTPS portion. Test the URL in a browser using HTTPS and if it works, use that. If it doesn’t work, and it is a Michigan Tech site, consider working with the site owner to make it secure. These steps will help provide the best experience for all of our users.