Transmission of data on legislation.gov.uk website

FOI request reference: F0049067
Publication date: June 2017

Request

Currently it would appear that all web pages relating to legislation available via: http://www.legislation.gov.uk are delivered over an insecure connection between the server and the requesting browser client connection. This would seem to allow for the interception and possible alteration of any transmitted data received by the requesting client.

1) Does the National Archive plan to use SSL on the http://www.legislation.gov.uk website.
2) If yes to 1 above. By what date will this be implemented.
3) If no to 1 above. What was the rationale behind not implementing SSL transmission of data from the National Archive to browser client users, which would have ensured received data integrity.

Outcome

Successful

Response

1.The National Archives have no current plans to use SSL on the legislation.gov.uk website.

2. N/A

3. As the website does not currently require a log-in or involve the input or transfer of any personal or sensitive data we have not considered it necessary to use SSL. We do not consider that the benefits of HTTPS on a service such as legislation.gov.uk are sufficient to outweigh the potential drawbacks in terms of negative impact on site performance and search rankings. However, we do take security very seriously, and as the service develops we will continue to revisit this issue.