I've just read the article linked in the footer posted by Jane Cross, and it's a really clear description about the features of SSL, it does a great job of cutting through all the tech and clearly explaining they whys and wherefores of HTTP & HTTPS. What you need to decide though is, do I really need a HTTPS connection?

There is a cost associated with an SSL certificate. It's an ongoing one, just like hosting and domain renewals. There's different types increasing in cost dependent on whether you just want to cover your main domain or subdomains as well, and also just how much 'insurance' you want against losses incurred as a result of using your website.

If you're running an ecommerce site, you might think an SSL is a no brainer, but are you collecting sensitive data or is all of the payment information being handled by the gateway such as Sage Pay or Worldpay? Jane has a included a great stat on cart abandonment rates when there's no secure connection, but personally I only actually check if the page where I'm putting my card details in is secure. As far as I'm concerned, my delivery and billing address details are public knowledge so I'm happy to pass those through a non secure connection.

So is there any other justification for the cost of an SSL on a site, especially one that isn't ecommerce?

There was a big noise a while back when Google confirmed it would rank secure connection pages above none secure connection pages, but that's only on a page by page basis. It means it's more likely to return the secure version of your page above the none secure version in the search results = (if you do implement an SSL, make sure only the secure version is available, having the same page available at 2 different urls, even if it's just the protocol, is a bad idea). What it doesn't mean is you'll suddenly leapfrog your non secure competitors.

I know that you're thinking, this whole SSL thing sounds like a waste of money to me right?

Jane's post does a great job of talking about the history of HTTP protocols, but what it doesn't touch on is HTTP/2.

HTTP/2 is the next generation of connection and is setup to be much faster than 1.1. I won't bore you with the details of how it does that, head to Wikipedia if you want to know more, but essentially it means your pages and the content on those pages will load a whole heap faster, and that's good for your users especially on mobile devices, and it's good for Google. Look at the AMP project they backed, stripping back form and functionality to deliver content in a lite fashion, speed is everything in the eyes of Google.

So where does SSL come into this? Well whilst all the major browsers have integrated support for connections over HTTP/2, they'll only support it over a secure connection, so you need to have an SSL up and running to use it on your site.

If you've struggled before to justify the time and cost of implementing SSL on your site, now there is no excuse.