How Does HTTPS Work?
How Does HTTPS Work?
In olden times, thieves would run past you on a crowded street and vanish into a dark alley with your bag of gold coins; today, however, things are much different. Modern thieves are often hackers who operate from behind computer screens and steal your credit card information while you’re shopping online on websites without a secure HTTPS connection or using a device that’s not secured with an encrypted VPN service like one of these.
But wait, let’s back up a little bit…
What is HTTPS, in the first place? How is different from regular HTTP? Is it any different from a VPN?
In today’s post, we’re going to answer all of these questions and more. Below, we’ll start by giving you a simple breakdown of the difference between HTTP and HTTPS. Then, we’ll show you how to tell if the sites you’re visiting are secured by HTTPS (and what to do if they’re not). Lastly, we’ll explain the difference between HTTPS and VPNs and explain why you should really be using both to make sure that you’re fully protected while browsing online.
So, if you’re curious about how websites are secured and you’re ready to start taking your online security seriously, then this post is for you!
What Is HTTPS?
First, let’s start off with the basics…
HTTPS stands for Hypertext Transfer Protocol Secure.
If you’ve taken a few computer science or coding classes, then you may recognize the word “hypertext” as it’s used in HTML (Hypertext Markup Language). In short terms, hypertext is the “code” that internet browsers understand and use to display websites.
In simple terms, HTTP is the protocol (set of programming rules) that websites and browsers use to transfer information between each other. For, example, when you enter your contact information into an online form, your browser uses HTTP to transmit this information to the website so that it can be read and recorded by the webmaster.
HTTPS is a secure way of transmitting this data. When websites and browsers use HTTPS, you can be sure that all of the data you enter into a website is protected by end-to-end encryption, so only you and the website at the other end can read it.
What’s The Difference Between HTTP and HTTPS?
We typically find that examples work best when trying to explain technology to people…
So, let’s just say that you send a letter to somebody the old-fashioned way. At any point during the letter’s journey through the postal system, it can be stolen by a post office worker, an imposter, or maybe even straight out of your mailbox, before it ever gets to its intended destination.
This is how normal HTTP works. HTTP was the first protocol used by the internet. Before cybercrime was ever an issue and the internet was just used for emails and search engines, HTTP worked just fine. Then, people started to use the internet for more things… online shopping, online banking, filing taxes, etc.
Since normal HTTP was unprotected, cybercriminals and hackers could tap into the data line (so to speak) and view every piece of data and information that you submitted to the website. This means that your credit cards, social security numbers, private passwords, and any other personal information could be read by hackers and unwanted snoopers.
In 1995, just six years after the original HTTP was created, HTTPS was created to keep internet users more secure. When a website and browser use HTTPS, all of the data sent between the two parties is encrypted and secure. While a snooper may be able to see what websites you’re visiting, they won’t be able to read the data that’s being sent and received.
Here’s how your data could be read while using unsecured HTTP:
- Bank User ID: Johndoe123
- Bank User Password: Ilovemoney123
Not very secure, right?
Now, here’s how the information would look to anybody trying to snoop on your internet traffic if you were using secure HTTPS:
- Bank User ID: dlakjf&%O#**)(_
- Bank User Password: 84jfjak**&^Jhhfdjk
As you can see, HTTP is a lot more secure than using standard HTTP.
How To Check If A Website Is Using HTTPS
Pretty much all modern internet browsers can check whether or not a website is using HTTPS to keep your information secure. If you look at your browser’s address bar by the URL, you should see a small “lock” sign to the far left. This indicates that the site you’re visiting is secure and is using HTTPS.
However, if it’s not using HTTPS and is just using standard HTTP, then you may see a red flag or a message saying “not secure” by the URL address.
For example, here’s how it looks in Google’s Chrome Browser:
HTTPS Secured:
HTTP Not Secured:
Do All Sites Use HTTPS?
Today, almost all reputable sites use HTTPS. For one thing, more people know the difference between HTTPS and HTTP and won’t trust sites that don’t have a secure lock next to the URL (plus, who wants to see ‘Not Secure!’ when they’re visiting a website?).
Another reason why most sites use HTTPS is that cybercrime is more prevalent than it’s ever been in the past. Every day, hackers steal people’s identities, and the most recent statistic from the Insurance Information Institute claims that 45% of all Americans claimed to have been the victim of identity theft at least once in their lives.
Lastly, search engines have started to down-rank websites that don’t use HTTPS. This means that if you own a website that still uses outdated HTTP, it won’t rank as high in Google search results, which makes your site harder to find.
The few sites that use old-fashioned HTTP are likely old sites that haven’t been updated, informational websites (that don’t require any forms or personal information), or homemade sites that have been made by young web designers who don’t know about HTTPS or how to use it.
What Sites Should Use HTTPS?
In reality, pretty much all websites should use HTTPS. It’s just a lot more secure and gives any visitors and customers more confidence in your site and your brand as a whole. It shows that you run a security-conscious site and are less likely to share their information or allow hackers to access their private data.
That being said, if you own any of the following types of websites, then you should most definitely be using HTTPS:
- E-Commerce Sites
- Social Media Platforms
- Banking/Finance Sites
- Forums/Membership Sites
Today, most website creation platforms (Squarespace, Wix, WordPress, Shopify, etc.) come with built-in HTTPS, so you’ll never have to worry whether or not your site is protected or not.
If you’re creating a website from scratch or hosting it yourself, then you may have to take some additional steps to receive your TSL certificate (which proves that your HTTPS is working up to standards). This will usually involve implementing some backend code to your site and performing some tests.
Are All Browsers Compatible With HTTPS?
Yes, all modern browsers have built-in HTTPS compatibility, since most websites use HTTPS. Unless you’re using an outdated version of a web browser from the early-2000s (which probably won’t even work anymore), then your browser should be able to communicate with websites using HTTPS.
VPN vs. HTTPS: What’s Better?
If you’ve spent any time browsing through our VPN review site, then you’ll know that we spend a lot of time discussing and reviewing various VPN services. When you use a high-quality VPN like NordVPN or ExpressVPN, your internet connection is tunneled through an encrypted remote server.
This effectively masks your IP address, making it impossible for your ISP (internet service provider), hackers, government agencies, and other snoopers to monitor what sites you go to and what information you share on these sites.
So, in a way, a VPN shares some similar features with HTTPS. That being said, a VPN provides additional security that HTTPS doesn’t offer. For example, when you’re just using HTTPS, any snoopers can still see which websites you’re visiting. They may also be able to see any data transmitted through other apps on your device (that don’t use HTTPS).
While HTTPS is great for browsing, it’s not intended to provide complete anonymity and online privacy. This is where a VPN comes in handy.
A VPN service will mask all of your online data and traffic. Even your internet service provider won’t be able to see what websites you’re visiting or any data sent through the internet. You’ll be completely invisible to snoopers while using a VPN.
In Conclusion
HTTPS is free and comes included with pretty much every website and browser. It’s merely a secure way of sending and receiving data between browsers and website servers and is built into most sites. So, the reality is that most people won’t have to “choose” to use HTTPS; it’s already there, working in the background. If sites don’t use HTTPS, then your browser will let you know so that you can exercise caution.
VPNs, on the other hand, are software programs that work on your device to mask all of your internet data. A VPN goes above and beyond HTTPS to provide you with complete anonymity and online security so you won’t become the next victim of identity theft or have your personal data hacked and used for blackmail or extortion.
So, long story short, if you want to remain 100% safe online, use a VPN in addition to an HTTPS-compatible browser!