HTTPs by Default (Always SSL) Overview

Why Always SSL? 

SSL refers to the security certificate used by a web page for encryption and validation of web content that renders a URL as HTTPS. This protocol ensures web communication to and from the end user is kept private and is not tampered with in transport.

As part of the Google Chrome Version 68 update, Google began visibly marking HTTP sites as Not Secure, by placing a "Not Secure" warning in the address bar. This update is part of Google's HTTPS by Default campaign to help web site users understand that HTTP is not secure. CivicPlus began preparing for these updates with our customers in late 2017 to ensure that sites have a valid SSL certificate.


There are many benefits, such as:

  • Validation of web content and user input. Without HTTPS, information passed over the web can be intercepted and maliciously altered, so users may receive a different page in their viewport than the page they requested while web servers can receive different information than that submitted by the end user, i.e. information the user submitted into a form.
  • Privacy of web content and user input. Without HTTPS, all information passed to and from an end user can be intercepted and read in plaintext.
  • Many industries have moved to an HTTPS By Default approach since 2018. CivicPlus believes it is important for our local government clients to also adopt this best practice.
  • Improved SEO. For example, websites under the HTTPS protocol have higher places in Google rankings.
  • Many new browser features require HTTPS to render content.
  • Users are more likely to browse longer and more frequently on your website because it utilizes a security certificate. This builds a relationship of trust between the user and your website.

For these reasons, CivicPlus strongly urges you to secure all web content with HTTPS by enabling Always SSL.


I'd Like to Request an Enhancement

0 out of 0 found this helpful


Article Feedback