In this article I would like to report about the current status of "HTTP & HTTPS". We have already shown in a previous article: "HTTPS-Scanning - Why it should be enabled on Sophos " that HTTPS is being used more and more frequently in web pages. If you used to need an expensive certificate in the past, you can now get it for free thanks to "Let's Encrypt" and a few latecomers.
HTTP is becoming a thing of the past
As described in our former blog post, HTTPS has spread very quickly over the past few years. Google and Let's Encrypt are highlighted in the article, but now Apple forces iOS developers to submit server requests via HTTPS connections. In this way, connections that we as the user usually do not see are mostly encrypted.
The actual motivation to refresh this topic came from a recent blog post from the Google Security Blog. In this article, Google writes that in February 2018, 81 of the top 100 pages on the web, by default, use HTTPS.
Google helps to eliminate HTTP
As early as the beginning of 2017, Google announced that it would mark HTTP pages as unsafe. With Chrome version 68, which is due to be released in July 2018, Google is now following up its words with deeds. Every user who then uses the latest version of Chrome on the Internet will be warned about insecure HTTP pages in the future. It will look like this:
Image source: security.googleblog.com
It goes without saying that no website operator should allow his website to be classified as "unsafe" by the world's most widely used browser (desktop and mobile). With this small adjustment, Google has probably further accelerated the decline of insecure HTTP connections.
Enable HTTPS scanning
Of course, such a change also affects the security of your network. The entire web traffic on our firewall, but also on those of our customers, is already over 50% encrypted. So it is becoming more and more important to scan HTTPS, because otherwise the traffic will get into the network unchecked.
If you have a valid license for Web Protection, we strongly recommend that you enable HTTPS scanning. If you need any help, please contact us.