What Is HTTPS And How Does It Work?

Drag to rearrange sections
Rich Text Content

Depending on how often you use the Internet, you may or may not have noticed that some website URLs begin with an “http://” while others start with “https://.” Intuitively, it might seem like the difference between the two is insignificant, or even that there is no real difference at all. However, when it comes to your safety online, knowing how these two URL openers, called “protocols,” differ from each other and what they mean is paramount.

Before one can understand what HTTPS (HyperText Transfer Protocol Secure) is and how it functions, it is best to know what its forefather, HTTP does. To keep things simple, when a person opens up their browser they are already engaging in an exchange of information. This exchange catalyzes when said person types in and then enters a web address like www.101domain.com in their browser. What exactly happens here though? 

In technical parlance, the HTTP Client (meaning your browser) is sending a request message using a protocol suite of some kind (for example, IP) to efficiently communicate information to a web server where that data is stored. When the server receives the request from the browser, it will then reply using the same HTTP address to deliver that information to your browser. Makes sense, right? Think of HTTP as a nice, well-traveled road, albeit lacking any reliable security to ensure your safety.

Using 101domain as an example of HTTPS, their web address not only has a world wide web address (that’s the www) but has the increasingly important addition of the letter “s” to http. This “s” is a trust indicator that shows 101domain is securing their site with a TLS certificate (sometimes referred to by the name of its predecessor, SSL). This certification marks the addition of a cryptographic protocol that helps hide the data sent over a website. It encrypts the “data flow sent by both parties of an information exchange. This small addition of “s” to HTTP is also a significant boost to a website’s SEO value, or their Search Engine Optimization. With almost half of page one search results on Google having the HTTPS distinction, this clearly has an immediate benefit for any website that is seeking the valued “page one real estate.” 

Access to coveted page one real estate is a major boon for increased website traffic, browsing visibility, and brand awareness. If SEO is the goal, then it naturally follows that TLS matters. SSL/TLS security is absolutely necessary for websites that use and store credit card information or other sensitive customer data. As one might guess, this kind of information is a hot commodity for data thieves, hackers, and the like. Without TLS or SSL, clients will be placed in a more exposed position than necessary. Their vulnerability to data breaches is far more likely with HTTP vs HTTPS. The general security of client data should be of utmost interest not only for website owners, but also for those who visit said websites. Any theft or breach of cardholder data can disrupt the entire payment card ecosystem, and cause decreased trust between client and merchant/financial institution. If nothing else, there is a strong financial incentive to value SSL security

Returning to Google and other search engines, it’s not just important to have a readable URL, but also the kind of certification that marks a website for Google to entrust internet traffic towards. Google is as concerned, if not more so, about internet security as online businesses are. Considering their almost sovereign role on the internet, they have a vested interest in providing their users with secure websites first, before other options. This is not only a financial consideration, but a privacy and liability consideration as well. The more trusted your website, the higher rates of traffic it will receive. For your average client, a quick survey on a search page will show a marked distinction between secure and unsecure websites. Google has made clear that it privileges secured websites (HTTPS) over those that lack the same guarantees and certification (HTTP). Click-through-rate can be said to correlate with a site’s trustworthiness, which is itself dependent upon a client’s perception of said site’s ability to protect confidential information or general browsing privacy.

As a technical matter, HTTPS hinges upon TLS, or, “Transport Layer Security protocol.” If HTTPS is the updated version of HTTP, then the relationship between TLS and SSL is a similar one. TLS is the updated version of SSL. Data is sent and received through TLS for HTTPS secured sites. The three primary benefits of HTTPS/TLS are summarized by Google as “encryption, data integrity, and authentication.” Ultimately, this means that when you access an HTTPS site, you have a certain guarantee that your information is safe from unwanted eyes, what you send via the website cannot be altered (data corruption), and that when you are communicating with a website you are not being redirected to a hostile third-party site or observer who impersonates the party you are attempting to communicate with (man-in-the-middle attack). 

When thinking about HTTPS, using the imagery of “keys” is helpful. What are keys used for? Locking and unlocking a building, or an item of some value. In this case, one can think of a website as a private home. The owner of the home has a “private key” that can unlock and lock all parts of the house and property at-will, allowing for access or denying access. A “public key” can be used to enter the courtyard of the house to deposit mail in the house’s private dropbox. Only the “private key” and the original party that deposited said mail will know the information that was deposited. Other parties may use a public key to deposit mail, but without an owner’s “private key” they will not be able to access the content of what others have deposited before, or after them.

If an organization hopes for a trusted website that has both new and return traffic, and customer confidence, HTTPS is a must. It has become the industry standard, with the increasing threat of data theft, alteration, or the aforementioned man-in-the-middle attacks. Security is the future, and has benefits for providers, clients, and all who utilize the internet.

rich_text    
Drag to rearrange sections
Rich Text Content
rich_text    

Page Comments