What is HTTPS, and why does it matter?

What is HTTPS? Only the most secure form of web content distribution, and one which every website should adhere to nowadays

Thursday, 20 July, 2023

The internet can be a confusing place, filled with jargon and acronyms that occasionally make it harder to navigate than it should be.

One of the more baffling examples of internet abbreviations concerns the first part of any website address – also known as a URL.

We’re all used to seeing the letters HTTPS at the start of a web address, yet this is a relatively recent standard that some older websites still don’t adhere to – even though they should…

What is HTTPS short for?

The internet is built on hypertext – a software system which uses hyperlinks to navigate between content pages. There’s a hyperlink in the next sentence to another page on our website, for instance.

Most webpages are coded in HyperText Markup Language – an internationally developed computing standard known as HTML, and currently in its fifth iteration.

This HTML text is displayed on websites which themselves rely on a hypertext transfer protocol to distribute their content. The latter is abbreviated to HTTP.

In the World Wide Web’s formative years, HTTP was sufficient for distributing the basic content then in existence.

It soon transpired that this insecure method of content delivery left individual users at risk of being spied on, or having their data tampered with.

As tiny binary data packets whizzed around the internet, they could be intercepted and read, modified or deleted altogether.

That became highly problematic as the internet evolved to offer services like ecommerce and online banking.

By 1994, the founders of the Netscape web browser were already investigating ways of maximising HTTP safety.

Their solution was a secure variant known as HTTPS, which has subsequently become the gold standard for webpage content worldwide.

What is HTTPS used for?

Because internet data follows randomised journeys between host server and end user, it could be spied on or interfered with at any stage if it’s not secure.

An HTTPS connection creates a secure channel between your local device (smartphone, tablet, PC) and the host server storing the online content you wish to view.

The original Secure Sockets Layer protocol has since been replaced by Transport Layer Security, but both require host servers to confirm their identity and authenticate themselves.

Once authentication is complete, sent and received data is encrypted in such a way that it can’t be spied on or modified. Only the host and recipient devices can decode it.

While HTTPS was once recommended for sensitive activities like checking financial data, it’s rapidly become essential in a world of malware, hacking and cybercrime. h
You can identify its presence in several ways – a HTTPS URL prefix, the word “secure”, a green browser address bar and/or the presence of a small padlock icon in the address bar.

Is all this compulsory?

It’s not a legal obligation to ensure your website is HTTPS compliant, but HTTP-only sites have been marked down by search engines since 2014.

In late 2017, Google’s Chrome browser went further by displaying “not secure” warning messages to end users whenever they attempted to load a HTTP only site.

Other browsers followed suit, and today you’ll struggle to find a Google or Bing results page containing an insecure hyperlink to an external website.

HTTPS has become an expected minimum in terms of protecting user data and maintaining privacy.

However, it’s still okay to visit websites which aren’t compliant, providing they host content or functionality not available anywhere else online.

Just avoid submitting any confidential data, in case it ends up being spied on…

Neil Cumins author picture


Neil is our resident tech expert. He's written guides on loads of broadband head-scratchers and is determined to solve all your technology problems!