Computer and Information Security

Just because it is secure we should always use https, actually right now as developers we have many options to use this protocol for free (GCP, Let's Encrypt). But, what it is http? Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The 'S' at the end of HTTPS stands for 'Secure'. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms. Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect. Benefits Customer information, like credit card numbers, is encrypted and cannot be intercepted Visitors can verify you are a registered business and that you own the domain Customers are more

I found this  doc ument from Google that explains the best practices to this cases. GCP load balancing solution has DDoS mitigations built-in lowering the attack surface: configure ingress firewall rules (like iptables) network load balancing has port filtering. Any port that is not loadbalanced is dropped by GCP highly scaling frontend infrastructure HTTP/HTTPS loadbalancing can absorb and protect from IP spoofing and large SYN flood attacks. it has also fair-share allocation built-in  And Google Cloud Platform provides a number of features to defend against DDoS attacks. You can use these in conjunction with the above mentioned best practices and other measures tailored to your requirements to make your GCP deployment resilient to DDoS attacks.