HTTPS – The Speed Advantage

HTTPS has been around for a while, but is it the right time to make the switch from HTTP? Considering that online presence is a “must” for all serious businesses, the performance of their online assets has also become increasingly important. Having that in mind, one of the main concerns about web performance is how to make a user’s online experience pleasant but safe at the same time. Only being present online is just not enough anymore and a business web presence needs to add value for its customers. Beside quality content and user experience, online security is a key factor along with delivery speed.

A great and safe online experience requires trusted third parties and a good encryption, which is the main reason why HyperText Transfer Protocol Secured (HTTPS) was implemented. For quite some time HTTPS was considered the “slow but safe” way of delivering online services.

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%

How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
A close-up illustration of a web address bar displaying 'https://' with a cursor arrow pointing towards it.
Image Source

Tweet this: HTTPS is no longer the “slow but safe” way for online services

Times have changed, and in order to fully understand the new advantages of HTTPS it’s important to know the differences between HTTP and HTTPS.

HTTP: The Protocol

At the start of the Internet era, network administrators wanted to find a simple way to share information they put online. They agreed on a procedure for exchanging information called HyperText Transfer Protocol (HTTP).

A close-up of a web address bar showing 'http://www' with a cursor icon indicating interaction.
Image Source

Now, HTTP is an “application layer protocol,” which means that it focuses on presenting the information to the user and doesn’t really care how the data gets from sender to receiver. Also, it’s “stateless” which means it doesn’t attempt to remember anything about previous web sessions. The main benefit to being stateless it that there is less data to send, which results in increased speed.

Tweet this: HTTP is stateless – doesn’t remember anything about previous web sessions

HTTP is most commonly used to access HTML pages, but other resources too can be utilized through HTTP access. Usually, websites which don’t handle confidential information would setup their websites like that.

HTTPS: The Safe Protocol

If you visit an online merchant you’ll notice the address bar says HTTPS instead of HTTP. It means the website is using a HyperText Transfer Protocol Secure (HTTPS) instead of a usual HTTP. The “secure http”, was developed to allow authorization and secured transactions. Exchanging confidential information requires safe procedures in order to prevent unauthorized access, and this is where HTTPS jumps in. It works in conjunction with another protocol, the Secure Sockets Layer (SSL), to transport data safely.

By doing so, the computers agree on a “code” between them, and then encrypt the messages using that “code” so nobody between can access them. They use the “code” on a Secure Sockets Layer (SSL), sometimes referred as Transport Layer Security (TLS), to exchange information. This keeps information safe from intruders.

In many ways, HTTPS is identical to HTTP as it follows the same basic protocols. However, if a client (e.g. Web browser) establishes a connection to a server on a standard port, HTTPS offers an extra layer of security because it uses SSL.

To get a bit more detailed, data sent using HTTPS and secured via TLS provides three key layers of protection:

  • Encryption of data to keep it secure
  • Data Integrity as it cannot be modified or corrupted during the transfer without being detected
  • Authentication which makes sure users communicate safely with the intended website

Tweet this: TLS key protection layers: Encryption, Data Integrity and Authentication


Both HTTP and HTTPS don’t really care how the data gets delivered. While, on the other hand, SSL doesn’t care what the data looks like.

That is why HTTPS combines the best of both segments. It gives importance to what the user gets visual access, but also provides an extra layer of security when moving data from sender to receiver.

Is HTTPS Faster Than Ever?

A comparison chart showing HTTP and HTTPS loading times with statistics indicating that HTTPS is 80% faster than HTTP.

A recent tweet and a follow-up blog post, claimed a massive HTTPS speed advantage over classic HTTP. It used the httpvshttps.com site to compare the two protocols which pointed out that HTTPS was actually 80% faster than it’s “non-safe” counterpart (we got 90% when we ran the test on the site).

Tweet this: HTTP/2 and TLS improvements made HTTPS faster than ever

Although the results are staggering, further reading points out how it’s mostly due to HTTP/2, the updated version of HTTP over which the HTTPS operates, that allow such high level performances (the site compared an old HTTP protocol to the new HTTPS operating over HTTP/2). It’s true that HTTPS will only be faster when using HTTP/2, but on the other hand you cannot use HTTP/2 without using HTTPS.

In the past, there might have been some increased latencies due to HTTPS requiring more procedures to be executed. However, with best practices in place like early termination, cache-control and HTTP/2, factors such as the latency of the TLS handshake and additional roundtrips are becoming things of the past. Newer protocols, better hardware, and faster connections are making up for the delays and enabled delivery of high speed website performances over HTTPS thus making the “slow but safe” description completely obsolete.

To break it down, in the past HTTPS’ security component was a traffic “bottleneck” which caused delays. Today the TLS segment is able to follow through all the speed requirements and enables the HTTPS protocol to deliver high-end performance.

It’s safe to claim that HTTPS got faster than ever but it’s mainly because of the underlying HTTP/2 and notable TLS performance improvements over the years.

Improving HTTPS Performance

There are a few things to do in order to cancel out delays and improve HTTPS performance. Mainly it’s about implementing early termination, caching and utilizing HTTP/2. Here’s a list of possible HTTPS improvements:

  1. HTTP Strict Transport Security
  2. Cache-Control
  3. Early Termination
  4. OCSP Stapling
  5. HTTP/2
  6. HPACK Compression
  7. Brotli
A business professional pointing at an upward-trending line graph with multiple data points.
Image Source

Also, this article by KeyCDN can give you deeper insights into HTTPS performance improvements.

The earlier mentioned blog post described a way to reach HTTP/2 speed even if the origin website works with an older protocol (e.g. HTTP/1.1) by “wrapping” the site with a content delivery network. Then, if requests are directed to a domain which can’t talk HTTP/2, the protocol can be returned as “h2” (which is the identifier for HTTPS over HTTP/2), because all requests get routed through a CDN  which can talk “h2”. Of course if the CDN needs to pull content from an origin that doesn’t talk “h2” then there might still be a minor bottleneck in the connection, but many requests won’t come from the origin anyway as most traffic gets served directly from cache. The ability of a CDN to deliver over “h2” makes a significant impact to speeds even when the origin is deployed with older protocols.

Conclusion

HTTPS is here, and it’s here to stay. The SSL performance impact is not as important as it used to be. The web is definitely moving in a new direction and TLS handshakes and certificates are no longer slowing down web performance. The are lots of methods to even further improve your HTTPS performance and reduce overhead.
Also, since recently price was a big factor when it came to considering migration to HTTPS. But today the costs associated with purchasing SSL certificates have significantly dropped. For instance, KeyCDN’s recent integration with Let’s Encrypt allows customers to deploy HTTPS with a custom zonealias for free (as they pointed out in a recent blog post about HTTPS performance). It’s safe to say that this trend is taking the price factor out of the equation for most customers.

Transition to HTTPS is also recommended as SEO practice and in order to keep up with Google as it gives a slight boost to your site.

To sum up, if you wanna go fast, serve content over HTTPS using HTTP/2. Of course we always recommend adequate testing considering your needs as different setups and environments can vary. For any further questions on the topic, feel free to contact our experts at GlobalDots as they can help you boost your web assets performances.

Latest Articles

Complying with AWS’s RI/SP Policy Update: Save More, Stress Less

Shared Reserved Instances (RIs) and Savings Plans (SPs) have been a common workaround for reducing EC2 costs, but their value has always been limited. On average, these shared pools deliver only 25% savings on On-Demand costs—far below the 60% savings achievable with automated reservation tools. For IT and DevOps teams, the trade-offs include added complexity, […]

Itay Tal Head of Cloud Services
5th December, 2024
The Future of Cybersecurity: Shlomo Kramer’s Bold Predictions for the SASE Era

What does the next decade of cybersecurity hold? Few can answer that better than Shlomo Kramer—co-founder of Check Point and Imperva, and founder & CEO of Cato Networks. In a candid conversation on the CloudNext podcast, Shlomo shared bold predictions and actionable strategies for navigating the challenges and opportunities ahead. From the rise of SASE […]

Ganesh The Awesome Senior Pre & Post-Sales Engineer at GlobalDots
4th December, 2024
Three Ways CISOs Can Combat Emerging Threats in 2025

73% of CISOs fear a material cyberattack in the next 12 months, with over three-quarters convinced AI is advancing too quickly for existing methods to combat it. But what can CISOs do to prepare for the coming wave – and access the resources they need to deal with this evolving threat landscape? To find out, […]

11th November, 2024
How Optimizing Kafka Can Save Costs of the Whole System

Kafka is no longer exclusively the domain of high-velocity Big Data use cases. Today, it is utilized on by workloads and companies of all sizes, supporting asynchronous communication between even small groups of microservices.  But this expanded usage has led to problems with cost creep that threaten many companies’ bottom lines. And due to the […]

Itay Tal Head of Cloud Services
29th September, 2024

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services