How to Disable HTTPS for Your Website

You heard it right. HTTPS, in certain scenarios, may be seen as that overrated security measure that’s costing you time and money.

HTTPS (Hypertext Transfer Protocol Secure) is the secure version of HTTP that encrypts data between the browser and the server, making it harder for attackers to intercept and read the data. And, you must have seen advice all over the internet (including by search engines) advising to move your site to HTTPS. However, there are still some cases where HTTP may be preferable for your website. I am sure you have such a use case now that you are reading this article.

Reasons why HTTP may be preferable

  • Speed:
    HTTPS requires additional processing time to establish a secure connection and hence, can slow down the loading time of a website. This may not be noticeable for small websites or standalone pages as the overload is usually less than 100 milliseconds. However, for larger sites with a lot many resources (e.g. images, videos, scripts, stylesheets) to be loaded, the overhead adds up and the impact on speed can be significant. Just so that you are aware, a study by Akamai found that HTTPS can slow down page load times by up to 50%.
  • Cost:
    HTTPS requires a digital certificate (SSL) to work. SSL certificates and yearly renewals can be expensive, especially for small businesses or personal blogs or websites. HTTPS also involves additional server resources to encrypt and decrypt data – thereby indirectly impacting your hosting costs. However, many web hosting accounts offer FREE SSL at this moment to make it easy to switch to HTTPS
  • External Dependencies:
    One major reason why you would want to continue using HTTP is the dependency on external scripts, APIs, images or other resources which are not available on HTTPS. A lot of popular, free APIs do offer their services on HTTP only, to save resources as well as to respond faster.
    Mixed-content errors on HTTPS website using resources over HTTP

    Still, HTTPS is important!

    HTTPS is still important and should be adopted in most cases. HTTPS provides a higher level of security for your website users – especially when they are submitting some information via forms on your website. Without HTTPS, data transmitted between the browser and the server can, technically, be intercepted and read by man-in-the-middle attackers. This can potentially compromise sensitive information entered on a website, such as passwords, credit card numbers, and information including email addresses and other personal data.

    Most modern web browsers (including Google Chrome, Mozilla Firefox, and Apple Safari) these days display warnings when a user visits a website that does not use HTTPS. This can make users wary and can harm the website’s reputation and, in turn, the traffic.

    You must have heard of search engine “penalties”. While it is true that Google has mentioned HTTPS as a ranking signal and sites on HTTPS may receive a small boost in search rankings, this is no reason to panic. They have also stated that HTTPS is not a major ranking factor and that other factors (such as content relevance and quality) are way more important. The boost in rankings from HTTPS is negligibly small and may not be noticeable for many websites. The ranking boost from speed benefits by NOT using HTTPS can easily balance this out.

    Another nuisance could be situations where the HTTPS version of your website appears in search results and the users land on the web page with broken functionalities. This has a greater potential to break your site’s ranking as the search engines will notice users bouncing off your website and going to competitors.

    After reviewing all the considerations, if you still prefer HTTP, here are steps you can take to handle the situation elegantly.

    Redirect HTTPS traffic to HTTP

    Discourage search engines from crawling and indexing the HTTPS version of your website and index only the HTTP version.
    You can redirect all HTTPS traffic to HTTP by using a 301 redirect. This can be done by adding the following code to your HTTPS server configuration:

    Make these changes in your htaccess file:

    # Automatically redirect HTTPS to HTTP -reference:
    RewriteEngine On
    RewriteCond %{HTTPS} on
    RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    This code will redirect all HTTPS traffic to the equivalent HTTP page.

    Disabling HTTPS access to your website with the above “301 Redirection” will discourage search engines from indexing your HTTPS pages and instead index only the HTTP version. However, as mentioned earlier, this can result in a negative user experience due to browsers nagging about the perceived “problem”. It may be best to get ready for HTTPS by ensuring all resources on your website are loaded via HTTPS, and then switching to HTTPS for a secure and seamless browsing experience for your users.

    One Comment on “How to Disable HTTPS for Your Website”

    Leave a Reply

    Your email address will not be published. Required fields are marked *