HTTPS and Why It's So Important
Most of you have probably come across HTTP vs. HTTPS at this point. I’ll try to explain everything as simply as possible, so even if you don’t have any technical knowledge or experience, you’re going to be able to grasp it.
What is HTTPS?
So what is this animal HTTPS that constantly pops up in my browser? HTTPS stands for HyperText Transfer Protocol Secure. HTTP is the protocol through which data is passed between a web browser (Chrome, Firefox, Safari, etc.) and a website.
The “S” stands for Secure. This means that whenever you are browsing an HTTPS website, your connection is secure and less susceptible to malicious intentions.
Its “older brother”, HTTP, is the older and much less secure version of your website’s transfer protocol. Can you still open a website that doesn’t have HTTPS? Absolutely. Is it advisable? Depends.
If you’re opening a website that doesn’t require for you to submit any personal data, it’s okay. For example, if you’re looking at a blog or portfolio website that doesn’t have any sort of contact form.
If, however, you’re providing personal information about yourself (especially bank details and such), I’d advise you to skip on the website.
Usually, when a website doesn’t load with HTTP, a security notice pops up, asking you if you want to proceed anyway. It looks something like this:
If you’re brave enough, you can click on “Advanced” and then “Proceed anyway”.
My best advice here is to always consider another alternative, if a website is not secure.
It also affects GDPR compliance – in order for your website to be GDPR compliant, the website must provide a secure connection to its users. This is in regard to personal data collection, storage and processing. As a website owner, you have to protect the data you collect through the website and not expose it to hackers and other people with malicious intentions.
How do I know if my website is secure?
When you open your website, in the search bar there’s a padlock that indicates whether your connection is secure.
If this padlock is green (for Mozilla Firefox) or gray (for Google Chrome), this means the connection is secure.
If the padlock is red, crossed out or a message appears, this means that the connection is not secure, or at least not entirely secure. Not entirely secure is a website that has an active SSL certificate installed, but it loads some of its resources as HTTP.
How can I get HTTPS for my website?
In order for your website to load with HTTPS, rather than HTTP, you have to have an SSL certificate installed.
SSL stands for Secure Sockets Layer. When you visit an HTTPS website, your browser makes a request for its SSL certificate. The certificate holds a key that unlocks a secure session in your browser.
A lot of hosting providers nowadays include an SSL certificate with their plan, so be sure you check this one if you’re on the look for a hosting.
I’d always advise you to get an SSL certificate from an authorised provider. The best thing to do is ask your hosting provider if they offer this. Sometimes they are not as upfront about it as they should be, make sure you read all the fine print and ask all the questions to ensure that you’re not robbed of this service.
I remember we had a client who had a free SSL certificate that came with the hosting, but nobody told him, he didn’t know where to look, and his website was unsecure for quite a long time.
After you’ve installed the SSL certificate, you have to configure it accordingly. If you don’t have any technical experience, I suggest you contact the provider and work on it together.
Any SSL certificate is valid for 1 website only, so you have to get a new one for each new website.
I’ve installed an SSL certificate and configured it, but my website still doesn’t appear as secure. Why is that?
Sometimes the website is still not secure, despite having an active SSL certificate. The most common reason this happens is because you load some of the website’s resources through HTTP.
There are many online tools to check your HTTP resources and you have to update them to load with HTTP.
If you think you’re doing everything correctly, but still seeing your website as not secure, I suggest you contact your hosting provider to ask for help, or a developer.
Sometimes fixing this content is a matter of changing the links on your website manually, including images, videos and other media.
Superhosting.bg offers an SSL fixer in their Cpanel that gives you a list of insecure content and then fixes it for you with the click of a button. I’m not familiar with any other hosting provider that has this option. Let me know if you do!
If you’re looking to purchase hosting space, you might want to look at Superhosting’s plans. You can use promo code “WEBDESH” to get 10% off of your subscription if you’re a new user.
HTTPS and E-commerce websites
When you visit sites that load with HTTP, your communication with the server is travelling unencrypted. All communication takes place over plain text and it’s very easy for hackers to break through the browser-website connection and read it.
Intruders can exploit any unprotected resources and steal the customers’ data.
I would highly advise you not to visit e-commerce websites that are not protected. It’s the website owner’s main duty and priority to ensure a safe and secure connection to their website.
I especially advise you to never provide any personal information on those websites, including bank details.
On the other hand, if you are the owner of an e-commerce website, make sure you provide a secure connection for your users. It’s really something that can’t be overlooked, because the consequences can be pretty rich.
HTTPS is very important for a website, because it provides a secure browser-website connection for the users. It’s especially important to have an active SSL certificate installed, if you are running an e-commerce website.
I’d advise you to try and visit websites that load with HTTPS.
Every website owner’s main priority should be the user experience – all the way from design, through functionality and last, but definitely not least, security.
We provide a Website Analysis service. In this service we inspect your website for any possible bugs and malfunctions, and we pay special attention to SSL and security, because it’s of utmost importance. If you’d like to know more, check out our Website Analysis page.
For a more tech explanation of HTTPS, you can check web.dev’s “Why HTTPS matters” article.
I hope this article answers some of your questions, regarding HTTPS vs. HTTP. Let me know in the comments below if you would like to know something else. If you have something else to share, please go ahead and do so. After all, our blog’s main purpose is to spread knowledge.
You may also like
More articles in technology
Who wrote this article
Learn more about the author
Website Creator & Head of QA
/ IT, Software Engineering student 💻
/ good music, horror films, detective novels and delectable food 👌
/ youtube videos junkie
/ cats, dogs (animals in general), nature, water lover 🐱
Would you like to share something?