HTTPS

HTTPS gives your users a safe and secure connection to your website. It is recognisable by the padlock in your web browser. This is a fundamental security standard which ensures that your user’s connection cannot be tapped or manipulated.

Why?

• Does my site need HTTPS?
• "Why HTTPS for Everything?" by CIO.gov
• "Still think you don't need HTTPS?"by Scott Helme

Adoption statistics

• "Percentage of Web Pages Loaded by Firefox Using HTTPS"
• "HTTPS Usage" by Google

Further information

• Factsheet "HTTPS could be a lot more secure" from NCSC-NL
• "ICT securitity guidelines for TLS v2.0" from NCSC-NL
• Mozilla SSL Configuration Generator
• Bettercrypto.org
• How HTTPS works

Specifications

• RFC 2818: HTTP Over TLS
• RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3
• RFC 5246: The Transport Layer Security (TLS) Protocol, Version 1.2
• RFC 6797: HTTP Strict Transport Security (HSTS)
• RFC 6698: The DNS-Based Authentication of Named Entities (DANE) Transport Layer Security (TLS) Protocol: TLSA"