When we think about HTTP vs. HTTPS, we often focus on the risk to sensitive information. HTTP transmits our data in clear-text, while HTTPS encrypts the data to stop people from snooping. But that is not all that HTTPS does.
What about tampering?
One of the other key aspects of HTTPS is to protect our communication with the server from tampering. In this case, we would be concerned with someone being able to manipulate the responses that are sent back to the user’s browser. While no sensitive information may be intercepted, an attacker could modify the page being returned to inject malicious data.
HTTPS also helps you verify that the site you are communicating with is the right one. The certificates used to support HTTPS tie the domain name to the certificate. This helps reduce the chances that someone is in the middle of your connection sniffing your traffic. Most browsers will show an alert when the certificate doesn’t match the domain name. This helps reduce the chances that the user will talk to anyone but who they believe they are talking to.
The browsers have come a long way in helping force HTTPS and reduce any opportunity for any communication over HTTP. If your site isn’t working on HTTPS, this should be fixed right away, even if you don’t think your site is sensitive.