HTTPS is a term that is frequently mentioned in connection with internet security. But what does HTTPS actually mean and how does it work?
In this glossary, we will explain some of the most important terms and concepts related to HTTPS, so that you can gain a better understanding of how this encryption technology ensures the security of your online communication.
Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the primary protocol for transferring data between a web browser and a website. HTTPS uses encryption to enhance the security of data transmission.
This is particularly important when users transmit sensitive data, e.g., when registering for a bank account, an email service, or a health insurance company.
Every website, especially those requiring login credentials, should use HTTPS. In modern web browsers like Chrome, websites that don't use HTTPS are marked differently than those that do.
Look for a padlock icon in the URL bar to indicate that the website is secure. Web browsers take HTTPS seriously: Google Chrome and other browsers mark all non-HTTPS-secured websites as insecure.
HTTPS uses an encryption protocol to encrypt communication. This protocol is called Transport Layer Security (TLS), although it was formerly known as Secure Sockets Layer (SSL). This protocol secures communication by using an asymmetric public-key infrastructure.
This type of security system uses two different keys to encrypt communication between two parties:
This key is controlled by the owners of a website and, as readers might assume, remains private. This key is located on a web server and is used to decrypt information encrypted by the public key.
This key is available to anyone who wants to interact with the server securely. Information encrypted with the public key can only be decrypted with the private key.
HTTPS prevents website information from being transmitted in a way that can be easily viewed by anyone snooping on the network. When information is sent via regular HTTP, it is broken down into data packets that can be easily intercepted with free software.
This makes communication over an insecure medium like public Wi-Fi highly vulnerable to eavesdropping. In fact, all communication via HTTP is in plaintext, making it easily accessible to anyone with the right tools and vulnerable to on-path attacks.
With HTTPS, data traffic is encrypted so that even if the packets are intercepted, they appear as meaningless characters.
For websites without HTTPS, it is possible that Internet service providers (ISPs) or other intermediaries may insert content into the websites without the consent of the website owner.
This often happens in the form of advertising, when an internet service provider, wanting to increase its revenue, displays paid advertising on the websites of its customers.
Unsurprisingly, in this case, the profits from advertising and the quality control of that advertising are not shared with the website owner in any way. HTTPS prevents unmoderated third parties from injecting advertisements into web content.
Since October 2017, the Google Chrome web browser has displayed a "not secure" warning when users simply fill out a contact form or enter data into a search field on a non-HTTPS website.
In July 2018, Google Chrome began displaying an "not secure" error message on any website that does not use the HTTPS protocol – regardless of whether users fill out a form.
Conclusion: If you rely on your website to generate leads and sales inquiries, your website must use the HTTPS protocol so that users don't freak out and leave your website due to the "not secure" warning.
In August 2014, Google announced that HTTPS was a ranking factor in its search algorithm. It's still unclear to what extent HTTPS will affect your search results, but research suggests it will become a stronger ranking factor.
Simply perform any Google search, and you'll find that almost all results on page 1 begin with an HTTPS URL. Google has also pointed out that an HTTPS website can serve as a deciding factor between two websites offering similar information.
Perhaps the most important reason to have an HTTPS website is perception. We live in a world where hacking attacks and data breaches are commonplace, and people are concerned about online privacy and security.
Even if your website does not collect sensitive data, the fact that you have an HTTPS website and visitors can see the small padlock in their browser gives them a sense of security.
And that leads to trust in your company. HTTPS is becoming more and more the norm, and even visitors who aren't tech-savvy now feel a little uneasy if they don't see the padlock.
There's good news and bad news. The good news is that switching your website to HTTPS isn't particularly expensive or difficult. The bad news is that it takes more than just flipping a switch.
There are basically 4 steps:
You need to purchase an SSL (Secure Socket Layer) certificate. Don't be tempted to pay too much for an SSL certificate. A "Positive SSL" certificate (also known as a Domain Validation SSL) is a good choice for most websites, and you can get one for less than $10 per year.
UPDATE: Some web hosting companies now offer a free SSL certificate as an incentive to host your website with them.
You will probably want to hire a web developer or pay your hosting company to install the SSL certificate on your web server and configure your website.
Under normal circumstances, this should only cost $200-$300. Even if you have access to your web server, I wouldn't recommend doing this yourself and potentially messing something up. It's not worth your time and hassle. Just hire a professional to do it for you.
After your SSL certificate is installed, you must check every page of your website for "mixed content" errors. A mixed content error occurs when a web page references non-HTTPS elements.
Sometimes they are very easy to fix, sometimes they are a bit more complicated. But if you have hired a professional to switch your website to HTTPS, this should be part of their service.
You need to notify Google that you've switched your website to HTTPS so that Google can re-index it in its search database. Don't just wait for Google to crawl your site. Be proactive and inform Google through Google Search Console. If you use Google Analytics, make sure you update your settings and indicate that your website is now using HTTPS.
NOTE: One thing to be aware of is the volatility in your search results after switching your website to HTTPS. In the short term, some of your rankings may temporarily drop or disappear altogether. This is normal. However, once Google has re-indexed your website, your search results will usually return to their previous level or better.
That's it. Switching your website to HTTPS isn't a big undertaking if you know what to do. And for a relatively small investment, the ROI can be significant.
© 2012-2025, MIK Group GmbH | General Terms and Conditions | Imprint | Privacy policy
