How HTTPS protects people on your website

HTTPS means the same thing as SSL. The full tech terms are quite a mouthful: Hypertext Transfer Protocol Secure, and Secure Socket Layer. But what it all adds up to is encryption protection. All encrypted websites have the ‘https://’ and padlock icon in most browsers. If you only see ‘http://’, it means the connection between your browser and the website you’re accessing is not secured. Encryption security is what protects the information people type in on websites, from their email address to their credit card details when shopping. That’s why Google flags sites that don’t have an SSL Certificate as ‘Not Secure’.

The Way Encryption Works

When someone types in their personal details on your website, the data travels from the client (browser) to your web server (website). Encryption scrambles this data as it moves between the two points. At the two end destinations the data is unlocked. This ensures no-one else can break into the connection to snoop in. Only the website user and the website Admin get to see the unlocked information. All SSL Certificates from reputable Certificate Authorities have the same industry standard encryption strength. Data protection is the main job of SSLs, and they do it reliably well. Another thing to know about HTTPS is that apart from Multi-Domain SSL Certificates, it secures both the www. and non-www versions of your website. So whether a user types in ‘’ or just ‘’, the SSL encryption kicks in just the same. No need to buy two certificates for each version.

What Wildcards Do

Most SSL Certificates protect one or more website domains e.g., But with a single Wildcard SSL, you can protect up to a hundred sub-domains too e.g.,, In other words, you can grow your business and SEO almost without limit. All for the cost of one SSL Certificate which keeps your website customers secured.

Credit Card Protection

Most people these days have at least one credit card so they can spread out their online shopping costs. The Payment Card Industry Data Security Standard (PCI DSS) ensures people are protected by only allowing websites to take credit card payments from major brands if they’re PCI compliant. HTTPS or SSL Certificates are one of the compliance regulations.

Website Validation Explained

Another way that HTTPS or SSL Certificates let people know they’re protected on your website is identity authentication, known as validation. There are three main types of SSL Certificate, depending on the validation checks that the Certificate Authority (CA) carries out to verify the identity of a website.
  • With Domain Validation (DV), the CA checks who owns the website domain. This protects people by ensuring that the website is properly registered and not some kind of scam. It only takes a few minutes for this check, so when SSL providers boast about super fast issuance, they’re talking about this one. It’s the most basic.
  • Organization Validation (OV) lets people know both the website and the company are legit. The CA checks to make sure that the company who owns the site is officially registered (like Inc. in America or LLC. in the UK). It can take up to three days.
  • With Extended Validation (EV), the CA checks the site domain, the official registration of the company, and the company listing in a public resource to show they’re strongly established. This takes around 7 to 10 days.
When issuing an SSL, the Certificate Authority will provide a site seal to confirm your website has been validated. People can also check the validation level of your site in their browsers. These days, each browser has its own way of doing things, but the unchanging starting point people can use to find this info is by clicking on the padlock icon next to the HTTPS. Validation is almost as big a deal as encryption, because it gives website visitors the peace of mind in knowing they’re dealing with a legitimate business. A survey by GlobalSign a couple of years back found that 85% of web users said they wouldn’t buy through a website where they weren’t certain their data was being transferred securely. By 2019, people are even more aware of the importance of online security.

Take Away

HTTPS or SSL encryption makes sure that the information given by your website visitors is kept safely private from criminal hackers and other shady characters. When people see the HTTPS and padlock icon in their browsers, they know their data is protected, their credit card details are safe on a PCI compliant site, and they’re dealing with an authenticated business. If you have a Wildcard SSL, under one umbrella you can also keep your customers safe no matter what subdomain of yours they’re on.
Share on Twitter, Facebook, Google+