You may have heard about the need for ‘secure browsing or HTTPS‘ on websites, or at least you may have heard of the companies being named and shamed for not yet having them. But at the same time, not really knowing what it is.. So we at Outside the Line are here to help ease your confusion over the subject.
Understanding the Basics No matter what side you are on—being the user of a website or developing your own site—a good online experience tends to involve a trusted third party and good encryption. In order to understand how to achieve this and better understand why Google favors these website elements (and why you should too), it’s important to first learn the difference between HTTP and HTTPS.
Below we’ve explained the basics of the two options;
Hypertext Transfer Protocol (http) is a system for transmitting and receiving information across the Internet. HTTP is an “application layer protocol,” which ultimately means that its focus is on how information is presented to the user, however, this option doesn’t really care how data gets from Point A to Point B.
It is said to be “stateless,” which means it doesn’t attempt to remember anything about the previous web session. The benefit to being stateless it that there is less data to send, and that means increased speed.
So when is HTTP beneficial? Http is most commonly used to access html pages, and it is important to consider that other resources can be utilised through accessing http. This was the way that most websites who did not house confidential information (such as credit card information) would setup their websites.
For a long time, this has been more than a suitable use for any website and it still is. However we the constant fear of websites being hacked, Google recently rolled out an update which now shows any website using HTTP as ‘Not secure’. You can just ignore the warning, but sometimes you may have the web page hidden with a scary looking warning about the page not being secure and to avoid using it. In most cases these websites are actually fine to visit but are using services which handle data on a ‘unsecured’ connection. Users can install additional security on their website, but it still wont stop Chrome browser warning you and this may set off alarm bells for customers. So the way we fix this? HTTPS.
HTTPS, or ‘secure http’, was developed to allow authorisation and secured transactions. Exchanging confidential information needs to be secured in order to prevent unauthorised access, and https makes this happen.
In many ways, https is identical to http because it follows the same basic protocols. The http or https client, such as a Web browser (Chrome etc), establishes a connection to a server on a standard port. However, https offers an extra layer of security because it uses SSL to move data.
For all intents and purposes, HTTPS is HTTP, it’s just the secure version.
To get technical on you, the main difference is that it uses TCP Port 443 by default, so HTTP and HTTPS are two separate communications. HTTPS works in conjunction with another protocol, Secure Sockets Layer (SSL), to transport data safely (which is really the key difference that Google cares about). Remember, HTTP and HTTPS don’t care how the data gets to its destination. In contrast, SSL doesn’t care what the data looks like (like HTTP does).
That is why HTTPS really offers the best of both worlds:
Caring about what the user sees visually, but also having an extra layer of security when moving data from point A to point B.
Check out some of our recent websites we have created, all using HTTPS connections.
Need free SSL with your web hosting? We suggest you check out https://eupport.com who not only offer free SSL, but are super speedy too 😉 We’re also their recommended web and branding designers. 😉