The connection between your website and the browser of whoever visits your website is encrypted thanks to the HTTPS protocol.
Http and https
HTTP stands for hypertext transfer protocol: the 'protocol' used for data transfer between your website and the device of your website visitor. HTTPS (Hypertext Transfer Protocol Secure) technically means that a TLS connection transmits HTTP traffic in an encrypted form.
The TLS protocol uses SSL certificates to authenticate the data exchanged and ensure privacy.
The handshake
A web browser has a list of 'loaded' certificates. When someone visits your website, their browser will verify the certification path in that list. This ensures your visitor that the server found - on which your website is located - is actually who he says he is (authentication).
Incidentally, there are a lot of such certificates to choose from. For more information on how choose the certificate that seems most suitable to you, go to https://www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates.
The 'handshake' is then started, i.e. a procedure in which the visitor's browser and the server hosting your website agree on the type of encryption they will use. From then on, communication between the two parties is encrypted (encryption).
HTTPS on your website
You will thus need an SSL certificate in order to offer HTTPS on your website.
You can apply for this in various ways:
- For free via e.g. Let's Encrypt Certificate
- Paying via Certificate authority.
Once the certificate has been approved and granted, you can install it on your server.
Why is HTTPS important?
An HTTPS connection for your website has important advantages:
- HTTPS increases trust in your website in terms of security (online payments, secure login) and privacy protection. It is a kind of quality guarantee.
- HTTPS makes your website easier to find (SEO or Search Engine Optimisation): Google is going to 'rank' websites with HTTPS higher in its search results, even 'ordinary' websites, where no purchases or financial transactions take place.
- HTTPS prevents aborted transactions. A lot of web browsers warn a user when surfing to a website without a TLS connection. In many cases, this gets the surfer thinking and he or she will often abort interaction with that website. Needless to say, you do not want that to happen to your website.
Don't forget to add a CAA record to the DNS configuration of your domain name, as it indicates which certificate authority is allowed to issue certificates for that domain name. Ask your provider or hosting company to guide you through this procedure.
More ways to protect your website:
-
Website hacking
Hacking is the unauthorised intrusion into a computer system. And that system could be your website, for example. -
Protect your website against DNS hijacking
DNS hijacking allows hackers to intercept traffic to your site and redirect it to other websites. How do you protect against it?