I have a question about who uses https:// instead of http:// ?

What is the point of encrypting the information if that is the point?

Who normally uses it?

Ecommerce? Bank? Who else? If am I right?

I don't know the answer, but this is what I read in django's documentation

It is always better for security to deploy your site behind HTTPS. Without this, it is possible for malicious network users to sniff authentication credentials or any other information transferred between client and server, and in some cases – active network attackers – to alter data that is sent in either direction.

It means that anybody can use https. From my experience, online payment systems always use https.

Everyone should use HTTPS is the answer.

Seriously, go read the wikipedia entry for HTTPS as a good enough basic overview of why.

Google even penalises those sites not using HTTPS in terms of ranking these days...

Try to read it:

I am pro ssl and tls in any case , but because I use them (in every case) I understand that there are still many many reasons not to if you are just creating an elementary site. Recently I realized that some versions of android don't recognize the certificate if the connection is in other ports (?????). Round trips are more than de facto if your site is plain and doesn't have an app structure with WS (Web Sockets) but again you will hit the ports issue. More over we are paying for a certificate that doesn't say much, there are free out there but most browsers don't recognize those. So we must pay for OUR SERVER to provide security. This is out of Internet order in any means.

Having said those , I stick to https and ssl / tls. Recently I realized that the https is one of the many factors that Google makes its decision (1/10000 maybe factor but is one of those). From a user acknowledge perspective it is always nice to see a green mark above the site you are visiting. It doesn't make you feel more secure but at least there is one.

All should change http to https. Because according to the new Google survey, If your site is not https version, the user may not enter into website as they may feel that your site is not secured, which will make big traffic loss. Therefore please try to change http to https but please learn more about what you should take care if you would like to make this change