How to use it on your website. Until 2017, the vast majority of websites used hypertext transfer protocol (HTTP). This protocol was used to transmit data from a website to a visitor’s browser.
Although most browsers could receive secure HTTP content up to that point, few website owners set up HTTPS.
What is HTTPS? HTTPS stands for hypertext transmission protocol secure. This secure version of HTTP is the way that most websites transmit their content to browsers today.
What is HTTPS?
HTTPS is a protocol that encrypts all data sent between a website and your browser.
Before HTTPS, hackers could easily intercept and read the contents being transmitted between the web host’s browser and the user’s browser. Because the content was sent in HTML or plain text, this is possible. These transmissions made it easy to find passwords and IDs in many cases.
What makes HTTPS different? HTTPS uses Transport Layer Security (TLS), previously known as Secure Socket Layers (SSL).
TLS uses two security keys to fully encrypt data between your browser and the web host.
- Private key : This key is stored on the origin web server. It’s not accessible to the public so only the private key on the actual web server can decrypt transmissions.
- Public Key: Any browser can use the public key to communicate with the website server.
How HTTPS Communication Works
This is how the communication process works.
- A browser is opened by a user and he connects to a website.
- The site sends the browser an SSL certificate containing the public key. This public key is required by the browser to establish the first connection with the site.
- This creates what’s known as a “TLS Handshake”, where the client (browser), and the server (website), “agree” on which cipher to use, verify site’s SSL digital signature and generate new session keys.
Once the “session” has been established, neither the browser nor the web server can easily identify the data or information being transferred.
It happens because all HTML is encrypted, meaning that it can be interpreted as nonsense text or symbols. Only the browser that created the initial connection to the website can decipher this information. Only the website can access passwords and IDs, and can decipher them for you.
If a site appears secure, you can be sure that all communications between your browser, the remote site, and you are safe and private.
How to tell if a site uses HTTPS
Google began to pressure website owners to include SSL certificates in their websites starting in 2017. Google implemented a new feature in Chrome to warn users when they visit a website that doesn’t use HTTPS.
When you use the latest Chrome browser and visit a secure website that uses HTTPS (or any other version), you will see a small lock icon left of the URL.
Soon, Firefox, Safari, and other browsers followed suit. All browsers will display the same lock icon as Chrome.
If you visit a site that doesn’t use HTTPS for communication, you will see an Unsecure error at the URL.
Google has also established a policy that SSL certificates will help websites rank higher on search results pages, even though it isn’t enough to discourage visitors from visiting a site.
These are the two main reasons why website owners have finally begun to transition their websites to SSL certificates and communicate with users via HTTPS.
Why should you care about HTTPS?
You should be concerned about HTTPS as a web user. Although you may not believe anyone is interested in what sites you visit, or what you do online, there are many hackers who care.
Hackers can intercept your communications with websites by intercepting them.
- They can use your email address to send spam emails.
- They will need your phone number and address to sell it to marketers.
- You will need your ID and password to log in to your bank accounts.
- They can send you emails threatening to share your embarrassing activities with friends and relatives if you don’t pay.
- They can hack your system by obtaining your computer’s IP address.
For many reasons, it is important to only visit HTTPS-enabled sites.
You should install SSL certificates on your website and enable HTTPS.
- Google will bring you more traffic.
- Your website will be more popular with visitors who feel secure.
- Your customers will feel more confident buying your products.
- Hackers are less likely to get passwords or IDs that make it easier to hack your website.
There is no reason to use HTTPS for any web transaction.
How to use HTTPS on your site
It’s easy to install SSL certificates on a website if you want to get rid of the “Not Secure” message that people see when they visit it.
We’ve even published a complete guide on how to obtain your SSL certificate for your website and how to install it.
These are the steps:
- Find the IP address that your web host assigned to your site.
- You can either use the SSL certificate provided by your website or purchase one from an SSL certificate service.
- You can force all browsers to use SSL to visit your site by editing the file. htaccess with the “rewrite” command. This changes all connections to HTTPS.
- Your SSL certificate must be provided to the CDN services that you have installed on your website.
It is now even easier to get SSL certificates installed on your website with many web hosting companies.