IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

Do I need SSL, and what is it?

Straight answer

SSL is what puts the padlock in the address bar and encrypts traffic between your site and its visitors. Yes, you need it: browsers now flag sites without it as "not secure", and no one will enter details on a page like that. The good news is most hosts add it automatically and free.

Information current as at 5 July 2026

SSL is one of those things that used to be a paid extra and is now simply expected. If your site does not have it, visitors see a warning that quietly kills trust before they read a word. The reassuring part is that it is usually handled for you.

Plain English
SSL
The technology that encrypts data between a visitor and your site, showing as a padlock.
HTTPS
A web address starting https, meaning the connection is encrypted with SSL.
Certificate
The digital proof of identity that lets a site use HTTPS.
Mixed content
When a secure page loads some insecure parts, breaking the padlock.

What SSL actually does

When someone visits a plain, unencrypted site, everything they type, passwords, card numbers, messages, travels across the internet in the open, where it can be read or tampered with along the way. SSL scrambles that traffic so only the visitor and your site can read it, and it shows as a padlock and an address starting with https. It also quietly proves your site is who it says it is, which makes impersonation harder. In short, SSL is the difference between a private conversation and one shouted across a crowded room.

Why you cannot skip it now

Even if your site only shows information and takes no payments, you still need SSL, for two reasons. First, browsers now label any site without it as "not secure", right in the address bar, and that warning frightens people off before they engage. Second, search engines prefer secure sites, so skipping SSL quietly costs you visibility. There is genuinely no modern case for running without it. What was once an optional upgrade is now the baseline that a site is judged against, and falling below it reads as either careless or fake.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

The good news: it is usually automatic and free

You almost never have to buy or install SSL by hand any more. The popular hosts, Vercel, Netlify, Cloudflare and the rest, issue and renew a free certificate for your custom domain automatically, usually within minutes of the domain connecting. You do not manage it, you do not renew it, it simply appears. If you built on a platform and attached a domain, the padlock most likely came along for the ride. The era of paying for and manually installing certificates is over for the vast majority of sites.

When the padlock does not show up

Occasionally the padlock is missing or a browser complains, and there are a few usual causes. The certificate may still be issuing, which can take a little while after the domain connects, so waiting often fixes it. Or the page is loading some element, an image or a script, over an insecure link, which browsers call mixed content and which breaks the padlock until every part loads securely. Or the domain is not fully connected yet. If waiting and checking your links does not resolve it, it is worth a proper look, because a broken padlock is worse than none.

Common questions

Questions, answered

Do I need SSL if my site does not take payments?
Yes. Browsers now mark every site without it as "not secure", which scares off visitors and hurts your search ranking, whether or not you collect anything. SSL is the baseline for any credible site today, not just shops.
Do I have to pay for SSL?
Almost never. The popular hosts issue and renew a free certificate for your domain automatically. Unless you have an unusual setup, the padlock should appear on its own once your domain is connected, with nothing to buy or install.
Why does my site say "not secure" even though I have SSL?
Usually mixed content: the page is secure but it loads an image, font or script over an insecure link, which breaks the padlock. Find and fix any element loading over http rather than https. Sometimes the certificate is simply still issuing and waiting resolves it.
Is SSL enough to call my site secure?
No, and this is important. SSL encrypts traffic in transit, but it does nothing about exposed keys, weak logins, or a badly configured database, which are the holes AI-built apps more often have. SSL is necessary but not sufficient; real security is a broader checklist.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.