As technical as HTTPS sounds, it’s something that everyone who uses the web should be aware of; website owners and users alike. In this article, we’ll be exploring what HTTPS means, why it’s important, and how to make sure that your site operates securely.
What is HTTPS?
HTTPS stands for Hypertext Transfer Protocol Secure, and it’s a protocol (or set of rules) used to transfer data between web browsers and the servers that host websites. The ‘secure’ element differentiates it from HTTP, and indicates that the data is encrypted as it’s passed to and from the server - this means, essentially, that it’s scrambled to make it unreadable, protecting it from being looked at by hackers.
You’ll see HTTPS appear before the URL on the website you’re looking at, and only those website’s using this protocol should be trusted. This is because the kind of personal data we enter into websites, such as when we purchase something online, needs to be protected securely as it’s transferred to the server.
How does HTTPS work?
HTTPS works by the browser requesting information from the server, and the server responding, using both a secure sockets layer (SSL) and transport layer security (TLS) certificate to establish a secure connection between the two.
The HTTPS steps include:
The browser contacting the website
This is where the browser that the user is attempting to access a website on requests a connection to that website.
The SSL certificate is sent by the server
In response to the request, the website server sends over to the browser its SSL/TLS certificate, which contains the encryption key needed to establish a secure connection.
The certificate is validated
The certificate should be valid and issued by a trusted certificate authority, so to confirm the website’s authenticity, the browser will check the certificate.
Encryption keys are exchanged
Once the certificate has been verified, the server and the browser exchange encryption keys, with the browser using the server’s key (known as a public key) to encrypt the information, while the server using a ‘decryption key’ (better known as the private key) to decrypt that information.
The encrypted data is transferred
The data is then transferred from browser to server via a secure connection, with the encryption ensuring that it can’t be read by anyone who intercepts it.
Data is decrypted
The server decrypts and processes the data, and sends back the information that was originally requested - this is also encrypted. The incoming data is then decrypted by the browser, and displayed to the user. All of this should happen quickly!
HTTP v HTTPS
So how does HTTPs differ from HTTP? Well, it’s different in a number of ways:
Encryptions
HTTPS transfers encrypted data, whereas HTTP transfers data as plain text; this means anyone intercepting data from HTTP can read exactly what it says.
Ports
Data travels through ‘ports’ to get to its destination, and while both HTTP and HTTPS both use numbered ports to send and receive data between a server and a browser, they use very different ones. HTTP uses port 80 as a default, which is an old port that was set up in the early days of the internet. HTTPS, on the other hand, uses port 443, through which only encrypted data can travel.
URL format
The most obvious difference is that HTTPS appears at the start of a URL like this: “https://.”, indicating a secure site. HTTP will display as “http://.”, identifying it as a site that isn’t secure.
SSL certificate
An HTTP website won’t hold an SSL certificate, whereas a HTTPS website will.
What’s the difference between SSL and TLS?
SSL stands for Secure Sockets Layer, and is essentially a set of rules that establishes a secure connection. TLS stands for Transport Layer Security, and is generally thought of as an upgraded version of SSL, thought to be more secure in the face of some of SSL’s vulnerabilities. TLS is now the industry standard, but you may find that they’re still referred to as SSL certificates, though this is incorrect.
What are the advantages of HTTPS?
Enhanced data privacy
This is, of course, the main concern when handling personal data such as credit and debit card details and login information. With hackers able to intercept data transfers, the encryption that HTTPS is able to provide protects it against it being successfully read, even if they get their hands on it.
Enhanced UX
Let’s face it, we’re all more relaxed online when we know that the details we’re entering are protected securely, so the knowledge that HTTPS is encrypting your data during transfer can make for a far more pleasant online experience.
Better SEO rankings
In terms of your website’s own performance, HTTPS could get you appearing higher in Google search results. Google wants to display results to its users that they can trust, which is why HTTPs is a ranking factor that they use to decide what relevant results to show up in searches.
It’s compatible with all browsers
Whether you’re using Chrome, Safari, Edge or Firefox, HTTPS supports them all.
Is HTTPS better than HTTP?
Unless you’re a hacker then yes, absolutely! HTTPS keeps data encrypted as it flows between the server and the browser, so it’s safe and secure for your users to trust. Data transferred by HTTP is written in plain text, and therefore easily read if intercepted - not good news for your users!
How do you know if a website uses HTTPS?
You’ll be able to tell from the URL of a site; HTTPS will appear at the front. This should also be accompanied by the symbol of a padlock, indicating that the site is secure. You may find that if you attempt to access an HTTP site, your browser will warn you that it’s not secure before proceeding.
How can you make your website HTTPS?
In order to add HTTPS to your site, you’ll need to obtain an SSL/TLS certificate. In many instances, your web hosting service may already provide this, but you are able to purchase it separately if not from a certificate authority - you’ll need to do the install yourself.
There are a few certificates available, which include:
Domain validated certificate
This validates that you or your organisation has control of the domain before the certificate is issued.
Organisation validated certificate
This certificate validates that you are indeed the site owner.
Extended validated certificate
This validates the organisation’s owner or owners, as well as their location and their legal existence.
Single name certificate
This certificate protects one single subdomain or hostname.
Wildcard certificate
The number of subdomains on a single domain protected by the wildcard certificate are unlimited.
Multi domain certificates
Up to 100 domains, subdomains, and public IP addresses can be protected by the multi domain certificate.
Need help with your website?
When it comes to the dos and don’ts of your website, we certainly know a thing or two about them here at 427 Marketing - and that includes your website’s data security. We specialise in SEO, so we know how HTTPS can affect your performance in the SERPs as well as your user’s experience of your site, so we can advise on keeping it up to date as part of our SEO services. To chat to us about how else we keep in Google’s good books, get in touch with us today.