What Is HTTPS and Why You Should Care? Until about 2017. The vast majority of websites on the Internet used strictly the Hypertext Transfer Protocol (HTTP) to transfer website data to a visitor’s web browser.
What Is HTTPS and Why You Should Care
Until then, most browsers were fully capable of receiving secure HTTP content. But few site owners took the trouble to set up their sites using HTTPS.
What is HTTPS? This stands for Secure Hypertext Transfer Protocol. And today, using this secure version of HTTP, most of the websites on the Internet pass their content to browsers.
What is HTTPS?
When a website uses HTTPS. It means that all data transmitted between this website and your browser is encrypted.
Before HTTPS, a hacker could easily intercept the transmission between the web host and the user’s browser and read the transmitted content. This is because the content was sent in HTML or plain text. In many cases, even IDs and passwords could be easily extracted from these messages.
How is HTTPS different? HTTPS uses what is known as Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL).
TLS uses two “keys” of security to fully encrypt data transmitted between the web host and your browser.
- Private Key: This is the key stored on the originating web server. It is not publicly available, so only this private key, stored on the real web server, can decrypt the transmissions.
- Public Key: The public key is used by any browser that wants to communicate with the webserver. which contains the website.
How does HTTPS connection work
The communication process works as follows.
- The user opens a browser and connects to a web page.
- The website sends the user’s browser an SSL certificate containing the public key. The browser needs this public key to open an initial connection to the site.
- This initiates a so-called “TLS handshake” where the client (browser) and server (website) “agree” to use the cipher, verify the SSL digital signature of the site, and generate new session keys for the current session.
Once this “session” is established, no one between the browser and the web server can easily identify the information or data being transmitted.
This is due to the fact that everything, even the HTML code transmitted to the browser, is encrypted (in fact, it turns into meaningless text and symbols). Only the browser that established the initial connection to the website can decrypt the information and vice versa. Only a website can receive things like IDs and passwords and decrypt them for use.
Therefore, when you see that the site is secure, you can be sure that the communication between your browser and the remote site is confidential and protected from prying eyes.
How to know if a site is using HTTPS
Since 2017, Google has been putting pressure on website owners to use SSL certificates on their websites. They did this by integrating a new feature into the latest version of Chrome that would display an “Insecure” warning to users whenever they visited a site that was not using HTTPS.
If you are using the latest version of the Chrome browser and visiting a secure site that uses HTTPS, you will see a small padlock icon to the left of the URL.
Other browsers soon followed suit, including Firefox, Safari, and others. They will all display a lock icon like Chrome.
If you visit a website and that website is not using HTTPS to communicate, you will see an “Insecure” error message to the left of the URL.
As if that weren’t enough to keep visitors away from the website, Google has also introduced a policy that the use of SSL certificates helps websites rank higher in search results.
For these two reasons, most website owners have finally started to migrate their sites to use SSL certificates and communicate with visitors’ browsers over HTTPS.
Why should you care about HTTPS?
As an Internet user, you should be very concerned about whether the site is using HTTPS. You might think that nobody cares what websites you visit or what you do on the Internet, But there are very large communities of hackers who are very interested in this.
By intercepting your browser’s connection to websites, hackers are constantly looking for any of the following information:
- your email address in order to sell it to spammers.
- Your phone number and physical address so they can sell it to marketers.
- The ID and passwords you use to log into your bank accounts so that they can access your funds.
- Any inconvenient sites you visit so they can send you emails threatening to share this activity with your friends and family if you don’t pay.
- The direct IP address of your computer so they can try to hack into your system.
In fact, visiting only sites that use HTTPS is a powerful way to protect your privacy and online safety for many reasons.
If you have a website, there are even more reasons why you should take care of installing SSL certificates and enabling HTTPS.
- You will get more Google search traffic.
- Visitors will feel safe visiting your website more often.
- Customers will feel more secure when buying products from you.
- Hackers are less likely to obtain IDs or passwords that make it easier for them to hack your site.
These days, there is no longer a compelling reason for those who use the Internet not to use only HTTPS for all web transactions.
How to use HTTPS on your site
If you have a website and want to get rid of that dreaded “Not Safe” message when people visit your site, setting up SSL certificates for it is easy.
In fact, we’ve posted a complete guide on how to get your own SSL certificate for your website and how to install it.
Here are the simple steps:
- Determine the dedicated IP address that your web host has provided to your site.
- Install the SSL certificate provided by your site, or once you purchased an SSL certificate.
- Force all browsers to use SSL when visiting your site by editing the .htaccess file with the “rewrite” command, which changes all connections to use HTTPS.
- Make sure to provide your private SSL certificate to all CDN services installed on your site.
This process has become even easier lately as many web hosting services provide website owners with one-click solutions to install SSL certificates for their websites.