HTTPS is basically normal HTTP with the connection encrypted by a technology called Transport Layer Security. The ‘S’ on the end of the acronym stands for ‘Secure’ or ‘over TLS’.
In an ordinary HTTP connection, the data you send and receive from a server passes through several computers on its way to a destination. Intercepting the data is a fairly trivial task. The data is sent between client and server in plain text form, making it easily readable by whoever intercepts it. This becomes a problem when you use HTTP to transmit sensitive data such as credit card numbers and login credentials. Hence the development of HTTPS. Data intercepted from an HTTPS connection is encrypted gibberish which cannot be interpreted.
If you’re visiting a website and you want to know whether the connection is encrypted or plain text, you can see the protocol in use in your web browser’s address bar. If it says HTTP
then the connection is plain text. If it says HTTPS
then your data stream is encrypted.
HTTPS can be used to encrypt any web page, but is most important on eCommerce stores, government websites and other sites where the website requests sensitive information. However, more and more websites are utilising HTTPS as time goes by. One reason for this is that Google will give your website a slightly higher page rank if it is encrypted with HTTPS.
To use HTTPS on your website you’ll need to obtain a TLS certificate and install it on your server. TLS certificates are usually bought and last a year before a new certificate is required.
Read more at the