There are two website prefixes: One shows the site you are on is secure (HTTPS), and the other does not (HTTP).
If you’ve never paid attention to the browser URL while surfing the Internet, today is the day to start. At the prefix of each website URL, you’ll usually see either HTTP or HTTPS. One shows the site you are on is secure (HTTPS), and the other does not (HTTP).
Hypertext Transfer Protocol (HTTP) is the way servers and browsers talk to each other. It’s a great language for computers, but it’s not encrypted. Think of it this way. If everyone in the world spoke English, everyone would understand each other. Every browser and server in the world speaks HTTP, so if an attacker managed to hack in, he could read everything going on in the browser, including that Facebook username and password you just typed in.
Hypertext Transfer Protocol Secure (HTTPS) is another language, except this one is encrypted using Secure Sockets Layer (SSL). Imagine if everyone in the world spoke English except two people who spoke Russian. If you happened to overhear them speaking in Russian, you wouldn’t understand them. It’s the same with HTTPS. If browsers use HTTPS to pass information, even if attackers manage to capture the data, they can’t read the information.
The answer is, it depends. If you are just browsing the web, looking at cat memes and dreaming about that $200 cable knit sweater, HTTP is fine. However, if you’re logging into your bank or entering credit card information in a payment page, it’s imperative that URL is HTTPS. Otherwise, your sensitive data is at risk.
So it doesn’t really matter if the homepage of your favorite sweater website says HTTPS if their payment page doesn’t.
See also: The Ultimate Cheat Sheet on Making Online PCI Compliance Work for You
HTTPS isn’t entirely 100% foolproof, as the Heartbleed vulnerability proved a few years ago. The Heartbleed vulnerability wasn’t necessarily a weakness in SSL, it was a weakness in the software library that provides cryptographic services (like SSL) to applications. Still, it is estimated that half a million secure web servers were affected. Luckily, most websites have since corrected that bug.
.svg)
