Understanding HTTPS and SSL

Last updated

When customers buy something from your store, they share their private data — name, email, credit card details — with you. As a merchant, you want to keep this vulnerable data secure from hackers, scammers, and data thieves. It is crucial for building trust with your audience.

You can and should protect your customer data and increase the trust in your business with HTTPS protocol and an SSL certificate. An SSL (Secure Sockets Layer) certificate is issued by a trusted authority for a specific domain or subdomain. It verifies that a secure page is properly encrypted, ensuring that all information passed between a user and the site is private.

Having an encrypted store helps increase your store's trustworthiness, helps you rank better in search engines and boost your conversions.

Secure web pages usually display a padlock symbol in the address bar of the browser, and URLs served securely will have a protocol of HTTPS instead of HTTP:


If you sell online, you’ll be pleased to know that your customer data is already is secured by SSL and sent via HTTPS. Check out our article about how Online store protects this data.

By default, only pages that collect sensitive information (like the sign-up, cart, and checkout pages) are served securely. However, if you added Online store  to your own website, consider securing your entire site. Using an SSL certificate for the whole site can have a few additional benefits.

Why you should use SSL

Even though your customer data is already protected, there are several reasons why you should use SSL for your whole site.

Browsers show protected sites as secure
The Chrome browser now marks all HTTP websites as not secure. It means that if a customer opens your website which uses HTTP connection, they will see a clear warning about it. Right now, you may already notice a grey note in the Chrome address bar when you open an HTTP website.

Bad: site that runs via HTTP:


Good: site that runs via HTTPS:


Since Chrome is one of the most popular browsers, you risk losing potential customers if they see the “not secure” badge. Users are not likely to place orders in a store on a website that is not secure.

In Online store, all the customer data is processed via HTTPS, but if you’ve installed store on your website that runs on HTTP, the "not secure" badge will still appear. This happens because the browser sees your site as an HTTP non-secure site. In this case, we recommend installing an SSL certificate for your whole website.

Using SSL improves rankings on Google

Back in 2014, Google announced that it would consider using SSL as a ranking signal. This means that sites using SSL are ranked higher in search engine traffic.

Payment services require HTTPS

Many payment services require that your site runs on HTTPS in order to work with them. For example, Apple Pay works only with HTTPS.

Customers trust sites on HTTPS

Security concerns are one of the top 10 reasons for shopping cart abandonment. When you add an SSL certificate to your store, you show users that their payment data is safe.

If you want to show your customers that your store is secure, you can add McAfee SECURE Trustmark to your store.