Website encryption (HTTPS/TLS)

from the category "IT Security"
Levels of difficulty: A little more than beginner

Website encryption

Internet Security and therewith the security of websites gains more and more importance in times of phishing and hacking. It is possible to encrypt the connection between browser and website. But what does that mean, and how does this affect me as a website owner?

What do the terms usually mentioned related to website encryption mean?

HTTPS:

HTTPS (HyperText Transfer Protocol Secure) is a transport protocol where the data is transferred encrypted via SSL/TSL.

TLS/SSL:

Both SSL (Secure Socket Layer) and TLS (Transport Layer Security) are protocols that make sure data transfer on the internet is encrypted. It should be mentioned, that SSL is the precursor of TLS, and is technically not up to date any more. Both protocols are end-to-end-encrypted. That means the information is encrypted before it is sent, and and will only be decrypted by the recipient.

In most browsers (Google Chrome, Firefox, Opera and Edge) you can tell a connection to be encrypted from a lock icon in or near the address-bar, often displayed in green.

safe https connection

An unencrypted or insecure connection will be indicated in the browser address bar with this icon: Info Icon

What are the advantages of website encryption?

  • encrypted connection and encrypted transfer of form data, so confidential data remains private
  • website appearance is more reputable
  • better rating in most search engines (e.g. Google)

Is there anything I have to consider as a website owner, and do I have to adjust my website?

Unfortunately and ironically, it can happen, that your page is considered as insecure by browsers, after switching to https. This is mostly due to mixed content – meaning your page is encrypted and visited via HTTPS, but it contains elements that still are implemented via HTTP.

This is most often the case with manually added elements, like widgets, iframes or images from external sources. It would look something like this in your browser:

mixed website content

What to do, when my homepage contains mixed content?

The login area of own-free-website.com will feature an alert-box, indicating mixed content on your website.

mixed website content error message

In most cases, it will be sufficient to simply replace http with https. Unfortunately in some cases, especially with older sources, https may not be available. In such a case you can try contacting the provider of the application.

http to https

What does not have to be changed?

Images or files, which were uploaded to own-free-website, or internal links are not affected. These have already been changed by us.

Are there any problems with website encryption?

Some older browsers could have problems properly displaying encrypted pages. Below you’ll find a list of affected browsers. For security reason, we would advise you to keep your browser up-to-date

Incompatible browsers:

  • Google Chrome before version 6.
  • Internet Explorer before version 7.
  • Firefox before version 2.0
  • Safari before version 2.1
  • All versions of Internet Explorer on Windows XP

Back to the overview