HostGator, one of the world’s biggest web hosts, is operating counter to the views of internet platforms like Google and discouraging its customers from encrypting their visitors’ communications unless it’s “necessary”.
HostGator is owned by Endurance International Group (EIG), the same organization that owns other large web hosting brands including Bluehost, Just Host, iPage and FatCow.
The discouragement is published in HostGator’s acceptable use policy however it doesn’t appear to extend to any of EIG’s other brands.
HostGator currently has 400,000 customers worldwide and hosts over 5 million websites.
Moreover, HostGator, Bluehost, Just Host and iPage all implement HTTPs across most of their respective websites; however, FatCow doesn’t.
Meanwhile Google, which is one of the biggest contributors of traffic to websites globally, is actively encouraging users to implement SSL encryption irrespective whether they’re handling sensitive data.
On its developer pages, it states:
“All websites should be protected with HTTPS, even ones that don’t handle sensitive data. HTTPS prevents intruders from tampering with or passively listening in on the communications between your site and your users”.
Emily Schechter, Google Chrome’s security product manager, also recently told Wired, “Encryption is something that web users should expect by default”.
Following through on this philosophy, the latest update to Google Chrome, Google’s flagship browser, pushes notifications into the address bar warning users that websites without HTTPs are “not secure”.
The update is likely to have consequences for website owners if users begin interpreting the notification as a deterrent, particularly considering Google Chrome enjoys a global browser marketshare of nearly 60 percent, according to the latest data from StatCounter.
The search giant also recently engaged in a very public spat with Symantec, which was formerly one of the world’s foremost PKI providers, over the “trustworthiness” of its infrastructure.
The spat eventually led Symantec to sell its PKI business to DigiCert for just over $1 billion.
SSL is also a de facto requirement of the new HTTP/2 specification, which was the first update to the HTTP protocol in nearly 20 years.
The new specification speeds up the transmission of data between server and client (e.g. a browser) by facilitating asynchronous data transfer i.e. multiple requests can be served asynchronously over a single connection.
However, despite Google’s assertions, as well as some of the potential benefits, HostGator is concerned SSL encryption has a disproportionate affect on precious server resources.
In full, its acceptable use policy states:
“[customers may not] use https protocol unless it is necessary; encrypting and decrypting communications is noticeably more CPU-intensive than unencrypted communications”.
A report in 2017 from Key CDN, a content delivery network, cites tests that suggest the difference in speed between an encrypted and unencrypted connection is about 5 milliseconds. It also claims implementing HTTPs leads to a 2 percent increase in CPU usage.
HostGator specializes in the provision of shared hosting packages, which entails hosting upwards of hundreds of websites from a single server.
Unlike several other shared web hosts, it doesn’t integrate with free SSL providers like Let’s Encrypt; however, its hosting packages perform well, relative to other web hosts, when subject to third-party performance testing.