https versus http: what’s the difference?

23.11.2017

You have undoubtedly noticed that the address of some websites begins with https:// and not with http://. What is the difference? And why are webmasters doing their utmost to turn all their websites into https://?

The transfer of data between your browser and the website you visit runs through the http-protocol (hypertext transfer protocol). An extra security layer is added at https (http secure): SSL or TLS.

Https is based on an SSL certificate encrypting all the data. When you visit a website, your browser will check whether such a certificate is present on the website’s server. If that is the case, the https session is started. If not, the unsecured http is used.

What are the advantages of https for the user?

Confidentiality and integrity: the connection between your browser and the server on which the website is located, is encrypted, so the data exchanged cannot be intercepted or changed. This is very important in particular for internet banking or online purchase transactions and payments. If you surf on an open WiFi connection in a café, for instance, third parties cannot put false links or malware in the content.
Authenticity: you can check through the certificate whether the website you visit is authentic, so you can protect yourself in particular against phishing attacks where you are lured to an imposter website of your bank.

How can you recognize https?

Your browser indicates the presence of https with a symbol. This varies, depending on the browser and whether you are surfing in mobile mode. Look at the symbols for Firefox, Chrome, Safari, Edge.

Furthermore, most browsers now warn you when https is absent on pages where it should be present. If you visit an http website where you have to enter data via a web form, such as a log-in page, the Chrome or Firefox browser will warn you of the risks by means of a clear pop-up.

How you apply https for your website?

As a webmaster, you must apply for an SSL certificate. You can opt for a free Let's Encrypt Certificate or acquire a certificate for pay from a Certificate Authority.
Once you have applied for and obtained the SSL certificate, you install it on your server. Don’t forget to add the CAA record to the DNS configuration of your domain name: it specifies which certificate authorities (CAs) are allowed to issue certificates for a domain.
Ask your provider or hosting company to guide you through this procedure.

What are the advantages of https for your website?

You reinforce trust and confidence in your website. In a world where people are increasingly sensitive to their privacy, https is an important factor for reassuring users that they can visit your website safely.
You improve the Search Engine Optimization (SEO): Google promotes the use of https, including for ‘ordinary’ websites, where no purchases or financial transactions take place. Websites with https therefore get a better ranking in Google search results.
You avoid broken transactions: the warning given by Firefox and Chrome when the user enters data in a web form on a non-https page, will certainly deter him. There is a big chance that he will cancel the transaction and you will lose a sale!

phishing

Tricksters lure you to a fake website that is a copy of a real one. They then get you to log in with your user name, password and credit card number. Once you’ve done that, the fraudster has your details.

server

A computer program or hardware device that provides services to other computer programs or users.

malware

Collective name for harmful or damaging software. Root kits and backdoors come under the heading of malware, as do viruses, Trojan horses, worms and spyware.

Browser

program that makes it possible to access and read web pages. Internet Explorer, Google Chrome, Mozilla Firefox and Safari are some well-known browsers.

Hosting

rent of a physical space to store a web server which is permanently connected to the internet. This service will typically be offered by your Internet Service Provider.

DNS

Domain Name System or Domain Name Server. The global DNS is the system and protocol used on the internet to translate domain names into IP addresses and vice versa. 
Internet business
Security