For too long, many bloggers and site owners who weren't handling credit card transactions on their sites resisted adding an SSL certificate to their sites. Among the reasons for this was the common myth that using SSL may slow down your website. Many were hesitant to sacrifice site speed for the added layer of security if they felt like they didn't need it.
So what's the truth? Is SSL slow?
There are a couple of ways to look at this. In a vacuum, an SSL certificate does add some additional latency, as it requires 2 extra round trips to establish a secure connection before sending any data to the browser. However, this is minimal and greatly outweighed by the security benefits. Secondly, SSL/HTTPS unlocks additional web performance benefits that more than make up for the added latency.
Suffice it to say, you need to add SSL to your site if you haven't already.
Why You Should Use HTTPS Instead of HTTP
Hypertext Transfer Protocol (HTTP) is how the browser sends and receives data to load the website you want to access when you enter a URL. When you add SSL certification, it adds a layer of encryption on top, creating Hypertext Transfer Protocol Secure (HTTPS).
This is incredibly important because it protects both you and your visitors. Your visitors deserve to have their privacy and security ensured when visiting your site, even if they're not completing a monetary transaction. When users of the web visit an unsecured site, intruders can identify personal details about them and use that information to trick them into divulging usernames, passwords, or other private data.
HTTPS protects you as well. A secure site keeps intruders from injecting malware or advertisements into your site. These types of intrusions can be very difficult to find and remove once in place.
To be completely honest, you almost have to use it. Google made SSL use a ranking factor way back in 2014, and since Chrome 68, a "Not Secure" warning appears next to the URL of sites that aren't using HTTPS.
Essentially, even if SSL wasn't being used as a ranking factor, not having one will doom you to an incredibly high bounce rate, as visitors flee your unsecured site.
How HTTPS Improves Performance
As we mentioned before, using HTTPS unlocks a few things that can greatly improve performance. Utilizing these will more than offset the small time required to add an encryption layer to the protocol. These are typically implemented automatically by the hosting company servers. You don't need to take any steps to take advantage of these benefits, other than using SSL.
The best part is that the advantages we will cover below are constantly getting more advanced. Just as advancements in the last decade have overcome the additional handshakes associated with HTTPS, the next decade will see incredible innovation in this space. All made possible through the extra layer of security.
HTTP/2
SSL allows browsers to take advantage of the HTTP/2 protocol, a major revision on HTTP that fixes many of the speed issues that plague the original. It allows your site to transfer more data at once, thus making your site faster. Imagine your site previously having 2 pipes to send content through - now it has up to 16 pipes.
HTTP/2 also reduces the header size by a large amount, lowering the total data that needs to be sent. The server can also preemptively send resources, reducing delays. Additional benefits of HTTP/2 include stream dependencies, which allow the client to indicate which resources are the most important.
The best thing about HTTP/2 is that there is nothing you need to do to begin using it, as long as you are using SSL and a compatible host or CDN. If you're unsure of whether or not your host supports HTTP/2, you can use KeyCDN's tool to quickly find out.
Brotli Compression
You may not have heard of Brotli compression, but you may have heard of a similar form of compression, Gzip. If you followed along with our guide to testing your site through Google Lighthouse (Pagespeed Insights), you likely saw that your site either passed their test for Gzip compression.
Brotli is a new standard that provides better compression than Gzip - it's now supported in all 4 major browsers.
Checking the top 1000 URLs on the internet, brotli performance is:
-14% smaller than Gzip for Javascript
-21% smaller than Gzip for HTML
-17% smaller than Gzip for CSS
Mike @ ExpeditedSecurity
Similar to HTTP/2, the server must be compatible and using SSL. KeyCDN offers a tool to check this as well, but if you're able to use HTTP/2, you'll likely be compatible with Brotli compression as well.
Now We Know, SSL Isn't Slow
In all likelihood, your site is already secured (if it's not, go do that!), so you're not able to compare your site speed with and without SSL. If you'd like to see the difference it makes fist hand, check out https://www.httpvshttps.com/. This site is a really cool visualization of the speed advantages that SSL and HTTPS offer.
The bottom line: if you've heard that using an SSL slows your site down, the opposite is actually true. Adding an SSL certificate to your site and using HTTPS is an absolute win-win. You add a much-needed layer of encryption to protect yourself and your site visitors. Even better, you unlock protocols and compression platforms that aren't available to those using HTTP.
SSL doesn't slow your site down, it actually makes it faster.