What is HTTPS and why is such a secure connection important?

The by now familiar lock of an HTTPS connection in your address bar is a sign of security and trust. If your website is not yet protected, it's about time. In fact, there is no excuse any longer not to secure your website via HTTPS. Learn more about how and why HTTPS provides a website that is completely locked down.

What is HTTPS and what do you need to know about HTTPS?

Together we dive into the world of HTTPS. Namely, what does HTTPS mean and what does the s in HTTPS actually stand for? 😮 Here we go: HyperText Transfer Protocol Secure. Quite a mouthful! So fortunately, there is that shortened acronym to use.

HTTPS is the security protocol by which you establish an encrypted connection between a web server and a browser. HTTPS-security protocol allows your computer to connect to a website via a secure connection. Through encryption, the actual encryption of the data, cyber criminals can't get their hands on the information.

Therefore, your website or application better have an SSL certificate (HTTPS certificate). You pretty much owe it to yourself to handle your customers' data securely.

If you do not use HTTPS security, then your website does not have an encrypted connection. Thus, you make it much easier for criminals or hackers to retrieve and steal certain personal or payment information. So that's why HTTPS is oh so important. Safety first, guys!

Anyone who visits a website using HyperText Transfer Protocol Secure (HTTPS) is assured that their personal data is safe.

What's the difference between HTTP and HTTPS?

How a simple "s" defines the cybersecurity of your website. Because that one letter is indeed the biggest difference between HTTP and HTTPS. The 's' in HTTPS stands for Secure. So a website with only HTTP (stands for Hyper Text Transfer Protocol) is much less secure. Whereas it's logical that you want to protect data traffic to and from your site as much as possible.

However, you can't do that with a standard connection via HTTP. Because with such a connection, malicious parties can read intercepted messages without having to decrypt them. Whereas an HTTPS site securely puts all data under lock and key by encrypting it.

Beware: always think twice before entering data on a website. Even though the site is using HTTPS and you see the trustable lock icon. Scammers dare to create fake websites through website spoofing. If you enter your data there, you might as well be in trouble.

This is how HTTPS security works

HTTPS connection works with an SSL certificate. With this, as mentioned above, you encrypt the data transfer between your site and your internet visitor (also called web client). Any data you leave on an HTTPS site is processed securely. In addition to HTTPS security, a gray (or green) lock will appear next to your domain name in browsers. That way, your visitors know right away: it's safe here!

Without an SSL, the information exchanged between server and browser is sent as readable text (HTTP). Such information is relatively easy to intercept. So what does an SSL certificate do? It establishes a secure connection through which you exchange encrypted information.

Encryption through SSL

SSL encryption works through a public key and a private key. Together, they provide an encrypted SSL connection.

  • With the public key you guarantee the online identity of the server owner. This key is always verified by a certificate authority.
  • A connection via SSL gives the server running your website a private key to decrypt the encrypted message. Because no one else besides the webserver holds the key, all data is encrypted.

SSL encryption is established thanks to an "SSL Handshake". That handshake between browser and server includes three steps: checking the SSL certificate data, setting up the SSL encryption (with the public and private keys) and creating a temporary "session key".

A website in first place in the Google search engine thanks to an SSL certificate (from Let's Encrypt)
Having HTTPS gives you a higher ranking in Google's search results, among other things.

These are the benefits of an HTTPS website

The security benefits of HTTPS alone should be enough to persuade you to adopt HTTPS security. No matter how simple your website may be, no matter how little customer data you ask for, your website needs the most secure option. After all, your visitors are entitled to that. Switching to HTTPS has several other benefits, by the way. Here are the most important ones:

Getting better rankings in Google

Our favorite search engine Google sees HTTPS as an important Google ranking factor, Search Engine Journal writes. Https sites get a boost in ranking against poorly secured counterparts. Google even goes a step further: your default http site will be penalized with a lower ranking in search results.

All web browsers attach great importance to HTTPS. Both Safari and Google Chrome (left) and Firefox and Opera (right).
Secure your website with HTTPS and don't get a warning message in Google Chrome, for example.

Web browsers like Google Chrome and Mozilla Firefox give visitors a very clear message if your website is still running on the insecure HTTP. This way, your visitors are immediately thrown in the face that your website cannot be trusted. Ouch!

Getting more traffic on your website? HTTPS helps

If website visitors notice that you have an SSL certificate thanks to the HTTPS connection and the security lock, they are more likely to take action. Meaning: visitors learn that your website is secure and will order more, request offers, fill out forms ...

According to Sectigo, the certificate authority with which Combell collaborates, customers are up to 50% more willing to make financial transactions on an HTTPS site with SSL encryption. This is not surprising, since your potential customers know that their data are in safe hands.

HTTPS reduces chances of phishing

Plagued by phishing? Then an SSL certificate with Extended Validation is a must. Because it also allows visitors to validate the identity of the company behind the website with HTTPS security. Many phishing websites today use SSL certificates with Domain Validation. Because with a more comprehensive certificate, they would be caught right away.

Therefore, choose Extended Validation instead so that through the little lock visitors immediately identify the company behind the HTTPS website. This significantly reduces the chances of phishing.

Improved data analytics

You probably didn't know this about HTTPS: it helps you get more and better insights into your data traffic. Unlike HTTP, HTTPS allows you to use Google Analytics to track which sources are referral (how an individual lands on your website through another site) and direct (directly from the address bar).

HTTPS is faster

Still not convinced? Let this argument be the deciding factor: HTTPS sites are not only more secure, they also load faster. And fast websites, they are highly demanded!

On this website, you can see for yourself that the unsecured HTTP version of the page loads 334% slower than the HTTPS version.

Say goodbye to HTTP: how do you implement HTTPS on your website?

We'll give you an overview of the steps to implement HTTPS on your website here. However, the exact procedure can differ from one server or IT environment to another. Therefore, Combell's support team is available 24 hours a day.

  • After all, the first step is to apply for an SSL certificate (HTTPS certificate) to get an HTTPS-protected website. That certificate is an electronic ID proof of your website and is used to encrypt between website and user. You can also choose to use the free version of Let's Encrypt. But full-fledged SSL certificates have their specific advantages that are a significant added value.
  • Next, you need to install the SSL certificate on your web server. If Combell is already the hoster of your website, Combell will install SSL for you. This way, your website switches from HTTP to the secured HTTPS. Of course, it is perfectly possible to install your externally purchased SSL certificates on our Combell hosting.
  • Finally, you need to configure your website to use HTTPS instead of HTTP. That means changing your website's URLs from "http://" to "https://" and changing any internal references to HTTP URLs to HTTPS URLs. Don't forget: after implementing HTTPS, you need to make sure that all elements on your secure website (images, JavaScript ... ) load over HTTPS, otherwise security issues may arise.

"Why don't I see HTTPS anymore?"

You've gone through all the steps, yet your website still doesn't have an HTTPS connection? There could be various reasons for this. For instance, there might be issues with your network settings or perhaps partially insecure content is being served on your site.

On our support pages, we explain how this can happen and what you need to do to quickly resolve this issue!"

Request a HTTPS certificate from Combell

At Combell, we can help you get an SSL certificate (HTTPS certificate). This way, your site gets a secure HTTPS version and the corresponding security lock at the top of your web address.

Of course, you want to choose the right SSL certificate. With Combell's steps, you can make the right choice from among the different types of SSL certificates.

Step 1: Determine for whom the SSL certificate is intended

For private individuals and associations?

Then, an SSL certificate with Domain Validation must do the trick. With domain validated certificates, your visitors enjoy a secure HTTPS connection, your website is marked as secure and ranks better in Google. However, visitors are not 100% sure which organization is behind the website.

For companies and webshops?

Then Domain Validation is not good enough. For a commercial website, it is important that visitors can find out the company behind the HTTPS website.

Therefore, choose an SSL certificate with Organization Validation or Extended Validation. With organization validated certificates, a certificate authority (CA) performs an (extensive) check of your company and includes this information in your SSL certificate. Sectigo performs this check for Combell.

Step 2: Determine how many domain names you want to secure

Make your choice from these three options:

  1. Standard SSL: secures a single domain name (with and without a www in front of it)
  2. Multi-domain SSL: secures multiple domain names from the same owner. Ideal if you use multiple domain names for your online business. By default, there are three domains and / or subdomains included, but you can expand
  3. Wildcard SSL: secures your domain name and all subdomains. This is the perfect option if you use many subdomains for different parts of your website or application. The number of subdomains is unlimited

Do you want to assure your customers of the best online security and protection? 😉

Then do not hesitate and secure your website with HTTPS security. This way you will be armed against cyber attacks. Thanks to encrypted communication, confidential information such as passwords, bank details and other personal information will be protected from theft and misuse.

Moreover, HTTPS also gives confidence to users and improves your website's search engine optimization (SEO). No fussy details when you know that privacy and security of personal information are becoming increasingly important.