The ACSC acknowledges that some website owners are in the process of transitioning from HTTP to HTTPS. Nevertheless, as a general principle, ACSC recommends that website owners only serve web content via HTTPS, since HTTPS is designed to:
- help prevent malicious third parties from performing a ‘person-in-the-middle attack’ or otherwise modifying or observing web content sent between web browsers and websites
- help ensure that website visitors are communicating with the website they intended to visit, rather than a fake malicious website.
For more information, visit the Google blog.