HTTP, or hypertext transfer protocol, is the way a Web server communicates with browsers like Internet Explorer and Mozilla Firefox. HTTP lets visitors view a site and send information back to the Web server.
On the other hand, HTTPS, hypertext transfer protocol secure, is HTTP through a secured connection. Communications through an HTTPS server are encrypted by a secure certificate known as an SSL. The encryption prevents third-parties from eavesdropping on communications to and from the server.
Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.
Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that a HTTPS connection is in effect.
How Does HTTPS Work?
HTTPS pages typically use one of two secure protocols to encrypt communications i.e. SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
What is a HTTPS certificate?
When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the ‘SSL handshake’. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
The major benefits of a HTTPS certificate are:
- Customer information, like credit card numbers, is encrypted and cannot be intercepted
- Visitors can verify you are a registered business and that you own the domain
- Customers are more likely to trust and complete purchases from sites that use HTTPS
- Improves Google search engine ranking
What’s the process for switching to HTTPS?
If you are familiar with the backend of a website, then switching to HTTPS is fairly straightforward in practice. The basic steps are as follows.
- Purchase an SSL certificate and a dedicated IP address from your hosting company.
- Install and configure the SSL certificate.
- Perform a full back-up of your site in case you need to revert back.
- Configure any hard internal links within your website, from HTTP to HTTPS.
- Redirect any external links you control to HTTPS, such as directory listings.
- Update htaccess applications, such as Apache Web Server, LiteSpeed, NGinx Config and your internet services manager function (such as Windows Web Server), to redirect HTTP traffic to HTTPS.
- If you are using a content delivery network (CDN), update your CDN’s SSL settings.
- Implement 301 redirects on a page-by-page basis.
- Update any links you use in marketing automation tools, such as email links.
- Update any landing pages and paid search links.
- Set up an HTTPS site in Google Search Console and Google Analytics.
Have a look at the infograph I made: