The reason that URLs have HTTPS in them is slightly confusing, but it's a good bit of information to know.
When you open up the Internet on your phone or computer, you probably don’t think too much about what the URL is of the site that you’re visiting. Typically, people type the name of the store they want to shop at or a question into Google and click on one of the first few options that show up. But if you’ve ever been given a specific link that you need to manually type in with all of the letters, period, and dashes, you might be left wondering why there need to be so many letters before every URL. While you’re learning about the web, here’s what URL actually stands for.
Why do URLs start with HTTPS?
HTTP stands for Hyper Text Transfer Protocol and it’s basically a set of rules that transfer any web page between a web server and your browser. “When you go to a specific URL in your browser, your browser starts a conversation with the website’s server to download everything it needs to visually render that web page on your computer. HTTP is basically the language of transferring information between a server and your browser,” says Sarah Petrova, a software engineer at Intel and co-founder of Techtestreport.
The S in HTTPS stands for secure. So, if the URL you’re visiting starts with HTTPS that means that your browser and the web server are having the exact same conversation, but all of the information is encrypted, or more secure. “Only your browser and the web server possess the key to decrypt it. This prevents any outsiders from understanding what is being said and helps to make your browsing activity more private,” says Petrova. To be even more secure, follow these secrets of people that never get hacked.
Why is it necessary in a URL?
This can be slightly confusing—especially for people that don’t speak technology—so Petrova broke it down into a digestible answer. “By having HTTPS in the URL your web server basically says, ‘Hey, I transmit data with the HTTPS protocol,” she says. And your browser—by hitting the web server up with HTTPS in the URL—is saying, “Hey, I want to get the website transmitted via HTTPS”. If your browser and the web server would speak different languages they could not communicate with each other. That’s why it has to be specified in the URL.
Why do some websites have WWW at the beginning of the URL?
WWW stands for World Wide Web. It’s actually not necessary to have WWW in a URL and in most cases it doesn’t serve a technical purpose, says Petrova. Domains can be created without the prefix and the page will still work. “WWW exists for one purpose only and that is to identify the address as a website,” says Petrova. “There are other URL signifiers, such as a File Transfer Protocol (FTP), server (ftp), or news server (news). That’s why you can classify WWW as a subdomain of a larger website.”
If you’re still following along and want to sound like a tech genius in front of your friends you can impress them with your HTTPS knowledge as well as these other cyber-savvy tech words.
If you see https, the session between the web server and the browser on the mobile device you are using is encrypted. You can easily identify web servers that have https configured by looking at the Uniform Resource Locator (URL) in the web address bar of your browser. Hypertext Transfer Protocol Secure (https) is a combination of the Hypertext
Transfer Protocol (HTTP) with the Secure Socket Layer (SSL)/Transport Layer Security (TLS) protocol. TLS is an authentication and security protocol widely implemented in browsers and Web servers. SSL works by using a public key to encrypt data transferred over the SSL connection. Most Web browsers support SSL. It allows you to communicate securely with the web server.
Before you share any information online, it’s important to make sure your communication with the website is secure. Fortunately, there are two quick checks to help you be certain: Remember to look for “https” and the lock icon. If you don’t see those two indicators, your communication to the website is not secure. For more security tips, visit the UW–Madison Office of Cybersecurity website.
While making sure the sites you visit are secure is important, you should also always be sure that a site is legitimate before entering a username, password or any other personal information. Paying close attention to the site’s URL in your browser’s location field, for example, can help you be certain that you’re on a legitimate site rather than a look-alike impostor.Is it secure and legit?