Today I changed my website's protocol from HTTP to HTTPS - it was quick and easy. After finishing, I wasn't sure what I had really accomplished, so I did some research into what it really meant to create a secure connection between you and a website.

Here is a quick summary.

When you submit a body of text to a website (e.g. log-in info, chat message, search query), the information is sent to a server that may return information back to you. This exchange of information happens using the HyperText Transfer Protocol. The issue is the vulnerability of this information; any person intercepting this network can see your message, this is not good for your data.

Image: this is a sample package sent from my computer to my site before changing the protocol. Caught using Wireshark.

This vulnerability is the reason why HTTPS (HTTP + Secure) is strongly encouraged.

This protocol encrypts your message and sends a public key to the recipient through SSL certificates. This public key is used for end-to-end encryption, or to verify certificate signatures (thanks to Vin in the comments for clarification).

What if I don't send/receive sensitive data from my website?

HTTPS has more benefits other than just securing the exchange of information:

• Ward off intruders from identifying your users by analyzing your information exchange.
• Reduce the risk of anyone exploiting the resources of your website to their benefit.
• As Progressive Web Apps grow in popularity, Service Workers (used for push notifications) require the use of HTTPS.
• Other benefits of Service Workers include offline behavior and caching.

Changing your website to use HTTPS

There is a 5 minute video made by httpsiseasy explaining how to do this. Here is their step by step tutorial I followed using Cloudflare.

• Go to Cloudflare
• Sign up
• Enter your website's domain. Enter, free, continue, enter
• The service will give you two DNS nameservers along with instructions to add it to your website.
• Hit Crypto on the toolbar, change "Always Use HTTPS" to On

Do this and you're donzo, the change may take from several minutes up to 48 hours, but nothing else is needed from you.

After doing this, I was chatting with my brother (@sammyisra) and told him I used Cloudfare to do this, he told me he had used Netlify. I'm curious what most people have used, please leave a comment below sharing what service you used and why.

Thank you!

Other useful resources:

• Google - Why HTTPS Matters
• Instant SSL - What is HTTPS