29th October 2015:
I recently did something I’ve been meaning to do for a while: I set up my website to use HTTPS. Whilst previously HTTPS was often considered a “nice to have” by web developers working outside of sectors such as banking and retail, we’ve now reached a point where it’s essential for all types of website to use it.
HTTPS is the secure version of the HTTP protocol, used by web browsers and devices to communicate with the servers on which websites are hosted. If you visit a website with an address starting with “http://”, that website is using the standard version of the HTTP protocol. Any interactions you have with that website will be transmitted across the internet as plain text, readable by anyone who might be monitoring the connection.
If you visit a website which has an address beginning with “https://” (or, you can see a padlock symbol in your browser’s address bar) then that site is using HTTPS, the secure version of HTTP. This means that all data sent between the web browser and the server is encrypted. Anyone monitoring your connection would see a random stream of letters and numbers, practically impossible to decode.
But what are the implications of this, and why is it so important that your website uses HTTPS today?