I've been seeing an increase in requests for recommendations on adding the protection of HTTPS to client sites. Questions of cost and overall need are the most common.
Do you need HTTPS?
The standard response to this for years has been yes, if your users are sending sensitive data to your website. Data like credit card numbers, personally identifiable information such as Social Security, or confidential content like financial statements or payroll all qualify as sensitive.
But, I would argue that...