Adding an s to the http to make it secure is interesting. It’s tempting to see what will happen when you try it. But even when it works, I have some concerns.
Become a Patron of Ask Leo! and go ad-free!
Adding the s
Normally, adding an s to http just won’t work. Http and https are two completely different kinds of connections and require two different sets of support from the web server. Https requires additional things like a secure certificate that actually confirms that you’re connecting to who you think you’re connecting to – and supports the encryption of your data that happens between your computer and that site.
For example, if you add an s to https://askleo.com, it’s not going to work; I didn’t set up https://askleo.com as a secure website.
In situations like yours, where the site just magically works after adding an s, I sometimes get concerned.
Signs of concern
It could be fine. If the site is ultimately going to use https, they may have left the plain http working. It’s a duplication of effort, but I can see it happening.
Still, they could have set their site up so that the switch from http to an https secure site is not only required, but automatic and transparent to you. If https is available, why aren’t they directing users to it? If they’re not doing it when they can, will they do it when they should? And what else might they be missing?
I’m fairly confident that you’re not stumbling into some malicious or fake site, but you might be hitting a site that doesn’t quite have all of its security ducks in a row.
As always, my advice is to be careful.
Most or all browsers have a lock icon or other indication that an https:// page does or does not have all page elements secure. If a lock icon, it would be closed for a secure page load and open for a non-secure page load.
Having both http:// and https:// at the otherwise identical URL may be an oversight. I made the same mistake at a secure form of ours. A few lines in the .htaccess file corrected that. All http:// requests to that page now are redirected to the https:// URL.
A secure connection only makes data transfer secure – to and from the remote server. It doesn’t provide security for how the data is handled once it arrives.
Will