Explainers

How Secure Is HTTPS?

September 6th, 2018

We’re generally familiar with HTTP, an abbreviation for Hyper Text Transfer Protocol, which is the typical way data is transferred over the Internet between site owners and site visitors. It describes the (hopefully) quick process of how visitors will see a whole bunch of specific images, text, links and other formatting as one, organized page.

If someone were to figure out a way to intercept this flow of data, they’d get everything, which is why all sites are encouraged to upgrade to something called HTTPS, especially those that focus on ecommerce, request personal information or require any input fields.

The HTTPS designation shows that the site owner has successfully received a security certificate for either certain pages or for their entire site, which makes sure any transmitted data is safe, encrypted and protected.

Getting this is a matter of applying to one of the security certificate providers, paying a small fee and receiving approval if everything checks out. (You can often tell a HTTPS-enabled site by seeing a lock and the word “secure” right before the address. A padlock in the bottom right corner of the page indicates that this page has received SSL security status.)

With HTTPS, a secure session is created between the site owner and the site visitor prior to transferring any HTTP info (the details of a page.) Basically the visitor’s browser will be given a unique numerical key that it can use to open the “locked” page. If someone outside tries to see this encrypted data, it won’t make any sense.   

Entrepreneur columnist Tony Messer said HTTPS isn’t required, but it’s a good idea. He said smaller personal sites that don’t request any information, collect user data or provide ecommerce can probably get away with only HTTP. But if you don’t have it, people will likely wonder why and may not stay long or come back.

Messer said not having the HTTPS designation could lower a site’s SEO ranking as well, making it more difficult to find in searches.

Visiting HTTPS sites doesn’t mean kids or parents will have complete privacy, however. Rather, it is a defense from third parties trying to view or intercept your activity.

Internet search providers currently do have the ability to see HTTPS sites or at least keep track of what domains individual users are visiting, but not individual pages, so not the entire digital footprint. This information can be prized by marketers or others and can help narrow down user preferences for certain sites.  

As a way to make users more aware of security risks, and encourage page owners to switch to HTTPS, Google’s Chrome browser is now marking HTTP-only pages as “unsecure,” as of July 2018.   

. . .