Protocol HTTPS: what it is and how it works

For websites, it has now become essential: Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of the HTTP protocol, which is used to send data between your browser and the website you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’ and means that all information exchanged between your browser and the website you are browsing is encrypted. HTTPS is often used to protect online transactions and highly confidential data.

Browsers such as Internet Explorer, Firefox, and Chrome also allow you to display a green padlock icon in the address bar to visually indicate that a website is protected by the HTTPS protocol.

NICE! But… how does it work?

HTTPS pages typically use one of two secure protocols to encrypt communications: SSL (Secure Sockets Layer) or TLS (Transport Layer Security). Both TLS and SSL protocols use what is known as an “asymmetric” Public Key Infrastructure (PKI) system. An asymmetric system uses two keys to encrypt communications, a “public” key and a “private” key. In short, communications between the client and server are encrypted both inbound and outbound, making them indecipherable and unmodifiable by third parties. Anything encrypted with the public key can only be decrypted by the private key and vice versa.

What are the advantages?

Certainly, the main advantage lies in security: with this system, data and communications that occur on the site remain safe, avoiding (although not 100%) risks of theft or modification. The second advantage is purely related to the way Google treats non-HTTPS sites: a site that does not use a secure protocol is penalized in search results and, even with the same quality of content and authority, will be displayed lower than a site that uses the HTTPS protocol.