HTTP, SSL, HTTPS, let’s talk acronyms and why you need one.
If you have a website or online software system you’ve probably heard your developer mention these acronyms, HTTP, SSL and HTTPS.
Let’s start off with the basics… When you visit a website you may have noticed that the web browser prepends http:// to the web address, for example, https://www.cbssolutions.co.uk. HTTP stands for Hypertext Transfer Protocol, this is the standard protocol for websites. With this standard protocol, when you visit a website or are using an online software system, the communication between your computer and the server on which the website or system is hosted is not encrypted. As the information traverses the internet it can be intercepted by hackers, and as it’s not encrypted it is easily read.
When surfing the web you may not be too worried about who can see where you’re going on holiday next year or what car you’re thinking about buying and that’s understandable, however if the information is of a more sensitive nature then the fact that it can be intercepted and read is not ideal and this is where SSL comes in.
SSL stands for Secure Socket Layer and having an SSL on a website or online software system means that all communication between your computer and the server is encrypted, whilst it can still be intercepted by malicious individuals it’s virtually impossible to decrypt and read. When you have an SSL in place the http:// is replaced with https:// and you will see a little padlock icon in your web browser.
There has been a push recently, primarily by Google, for the use of SSL on all websites, and as such having the little padlock may well help your website’s search engine position. When you do a search in Google, any websites with an SSL are highlighted by Google with the inclusion of https:// at the start of the green website link, if a website does not have an SSL then http:// is omitted from the link.
As a software developer it is our responsibility to make our clients aware of the ever growing need for an SSL, while most online software systems have a secure log in process, without an SSL the traffic can still be intercepted and read. This has become more prevalent with the introduction of the GDPR which came in to effect on 25th May 2018. If your online software system includes personal information about your customers or individuals then you should be doing everything you can to protect that information and an SSL is a step in the right direction.