We all ignore the use of http:// or https:// when we type in our address bar the website link. What’s the difference between the two anyway?
HTTP stands for Hyper Text Transfer Protocol which is a protocol over which data is sent between your browser and the website that you are at. The ‘S’ at the end of HTTPS stands for ‘Secure’. This means that all communications/connections between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms; however, has slowly become the new standard to all websites, highly confidential or not.
Google Chrome Labels HTTP as insecure!
With the increasing use of the internet, google, in an attempt to make surfing the web safer, has now labelled any and all websites that do not redirect or automatically load in https as insecure in their web browser. Most websites do not care if they have an insecure connection if they do not require personal information.
Google has also been lowering the rank of websites without https on their search engine, thus, forcing website owners to place an https certificate on websites in order to keep high google ranking results and secure connections with clients. But the real question is, will google chrome browser effect other browsers, such as firefox, edge, etc. to preform the same changes in the near future?
Developers have been transitioning their sites to HTTPS and making the web safer for everyone due to the implications that google has put into place. Progress last year was incredible, and it’s continued since then:
- Over 68% of Chrome traffic on both Android and Windows is now protected
- Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
- 81 of the top 100 sites on the web use HTTPS by default
“HTTPS pages typically use one of two secure protocols to encrypt communications – SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both the TLS and SSL protocols use what is known as an ‘asymmetric’ Public Key Infrastructure (PKI) system. An asymmetric system uses two ‘keys’ to encrypt communications, a ‘public’ key and a ‘private’ key. Anything encrypted with the public key can only be decrypted by the private key and vice-versa.
As the names suggest, the ‘private’ key should be kept strictly protected and should only be accessible the owner of the private key. In the case of a website, the private key remains securely ensconced on the web server. Conversely, the public key is intended to be distributed to anybody and everybody that needs to be able to decrypt information that was encrypted with the private key.”
When you request a HTTPS connection to a webpage, the website will initially send its SSL certificate to your browser. This certificate contains the public key needed to begin the secure session. Based on this initial exchange, your browser and the website then initiate the ‘SSL handshake’. The SSL handshake involves the generation of shared secrets to establish a uniquely secure connection between yourself and the website.
When a trusted SSL Digital Certificate is used during a HTTPS connection, users will see a padlock icon in the browser address bar. When an Extended Validation Certificate is installed on a web site, the address bar will turn green.
The major benefits of a HTTPS certificate are:
- Customer information, like credit card numbers, is encrypted and cannot be intercepted
- Visitors can verify you are a registered business and that you own the domain
- Customers are more likely to trust and complete purchases from sites that use HTTPS