Search

What is HTTPs - Is it more SECURE? HTTPs vs HTTP- HowToKR



Until around 2017, the vast majority of websites on the Internet used the exclusively hypertext transfer protocol ( HTTP) to relay the data of a website to a visitor's web browser.

Until then, most browsers have been entirely capable of receiving protected HTTP content, but few site owners have taken the time to set up their websites using HTTPS.


What's the HTTPS? It stands for the hypertext transfer protocol secure. And now, this stable variant of HTTP is how most websites on the Internet distribute their content to browsers.

What Is HTTPS?

When a website uses HTTPS, this ensures that all data exchanged between that website and your browser is encrypted.


Before HTTPS, the intruder could quickly interrupt the transmission between the web host and the user's browser and read the information that is being transmitted. This is because the material has been distributed in HTML or plain text. In certain instances, IDs and passwords were easy to obtain from these transmissions.


What makes HTTPS different, huh? HTTPS uses what is known as Transport Layer Encryption (TLS), formerly known as Secure Socket Layer ( SSL).



TLS uses two encryption "keys" to completely encrypt the data between your web server and your browser.

  • Private key: This is a key that is saved on the web server. It is not open to the public, because only this private key saved on a real web server will decrypt transmissions.

  • Public key: The public key is used by any browser who needs to connect with the web server who maintains the site.


How HTTPS Communication Works

The communication process works as follows.

  1. The user opens a tab and logs in to a web page.

  2. The website sends an SSL certificate containing the public key to the user's browser. This public key is used by the browser to open the initial link to the site.

  3. This initiates what is called a "TLS handshake" where the client (browser) and the server (website) agree to use the cypher, validate the SSL digital signature of the database, and create new session keys for the current session.

After this "session" has been created, no one in the browser and the web server will be able to quickly distinguish the information or data being transmitted.


This is because everything, including the HTML sent to the browser, is encrypted (essentially corrupted into nonsensical text and symbols). Only a browser that has developed an initial link to the website will decode the content, and vice versa. Only the website can receive and decrypt IDs and passwords for usage. So, once you see that the site is secure, you can be confident that conversations between your browser and the remote site are private and protected from prying eyes.



How to know if the site is using HTTPS

Starting in 2017, Google has placed pressure on website owners to integrate SSL certificates into their websites. They achieved this by incorporating a new feature into the current update of Chrome that showed a "Not Safe" message to users if they visited a site that achieved not use HTTPS.


If you're running the new update of the Chrome browser and you're browsing a secure site that uses HTTPS, you'll see a little lock icon on the left side of the URL.


Not long after that, other browsers began following suit, including Firefox , Safari, and more. They're all going to display a lock icon like Chrome does.

If you visit a website and the site does not use HTTPS to connect, you can see a non-secure error on the left side of the URL. As if this is not enough to drive users away from the website , Google has now adopted a strategy where using SSL certificates will make websites rank better in search results.

Ses two explanations are why most website owners have eventually begun to turn to using SSL certificates and to connect with visitors' browsers through HTTPS.


Why Should You Care About HTTPS?

As a user of the Internet, you should be really concerned with whether or not the website uses HTTPS. You do not think anyone cares about what websites you're visiting or what you're doing on the Internet, but there are very large hacker groups out there who are very involved.


By intercepting your browser interactions with websites, hackers are constantly searching for some of the following information:

  • Your email address so that it can be sold to email spammers.

  • Your contact number and physical address so that they can advertise it to advertisers.

  • IDs and passwords that you use to log in to your bank accounts so that they can access your assets.

  • Any humiliating places you access so that they can give you emails threatening to share that interaction with friends and family if you don't pay.

  • The exact IP address of your machine to attempt to hack your device.

In fact , making sure you only visit sites that use HTTPS is a powerful way to protect your privacy and security online for a variety of reasons. If you own a website, there are still more reasons why you should be involved in downloading SSL certificates and allowing HTTPS.

  • You're going to have more Google Search traffic.

  • Visitors would feel safe to visit the website more often than not.

  • Customers would be more positive in purchasing goods from you.

  • Hackers will be less able to receive IDs or passwords that will make it possible for them to access the website.

  • There are no longer any legitimate excuses for someone using the Internet to not just use HTTPS for all online transfers these days.



How to use the HTTPS on your website

If you own a website and you're interested in getting rid of a mysterious "Not Safe" warning when people visit your site, it's not hard to add SSL certificates to your site.

In fact, we have published a full guide on how to get your own SSL certificate for your website and how to instal it.


The basic steps here are as follows:

  • Determine the IP address that your web server has registered on your website.

  • Download an SSL certificate, either issued by your website, or bought from an SSL certificate service.

  • Require all browsers to use SSL when accessing your site by modifying a.htaccess file with a "rewrite" command that updates all HTTPS connexions.

  • Make sure you have your private SSL certificate to any CDN services that you have built on your web.

This method has become much easier nowadays, as many web hosting providers offer one-click solutions for website owners to instal SSL certificates for their website.

  • Facebook
  • Twitter
  • Instagram
  • YouTube
  • Pinterest

©2020 by HowToKR