Terms and Definition: Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, it uses the the Secure Sockets Layer (SSL) protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. An “SSL certificate” is necessary to create an SSL connection.
Website forms and other places you enter information into, should always use these security measures. If you ever see a scary message like, “There’s a problem with the websites security certificate” or “This connection is untrusted” do not enter secure information!
Browsers have moved toward practically requiring web sites to always use the secure protocol and will show the scary messages to website visitors, even if there is no information exchange through a form. For this reason, most websites now always use the secure protocol.
What you should know:
- If the page is using the secure protocol all content included or embedded on the page, like images or iFrames, must also be secure.
- For internal content, such as images and links to documents, use a relative link.
- For embedded content, like iFrames, use https. Previous recommendations to use a “protocol relative” path (i.e. remove the http or https from the source code path, ex. src=”//www.youtube.com”) will still work, but is not current best practice.
- If you are logged in and copy a URL to share, make sure to test it in a browser where you are not logged in to makes sure your audience will see the content as expected. If not, you may need to add or remove the “s” from the path before you share it.
- Never enter secure information into a website that is not using the secure protocol or loads a scary message.