Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Will adding an “s” to http make my connection secure?

//
I’m using a website to confirm a rental and they require some personal information. I’m pretty confident in the company. I noticed the page for this added info was only an http site – no “s.” To see what would happen, I typed an “s” after the http, pressed Enter, and the page flickered like it was reloading, but there it was – same page but now with an https. Did this work? Could it really be that easy to get a secure page? Or did my browser just fool me? I tried an F5 refresh and the https remained. What do you think? Am I safe and secure now?

Adding an s to the http to make it secure is interesting. It’s tempting to see what will happen when you try it. But even when it works, I have some concerns.

Become a Patron of Ask Leo! and go ad-free!

Adding the s

Normally, adding an s to http just won’t work. Http and https are two completely different kinds of connections and require two different sets of support from the web server. Https requires additional things like a secure certificate that actually confirms that you’re connecting to who you think you’re connecting to – and supports the encryption of your data that happens between your computer and that site.

For example, if you add an s to http://askleo.com, it’s not going to work; I didn’t set up https://askleo.com as a secure website.

In situations like yours, where the site just magically works after adding an s, I sometimes get concerned.

HTTPSSigns of concern

It could be fine. If the site is ultimately going to use https, they may have left the plain http working. It’s a duplication of effort, but I can see it happening.

Still, they could have set their site up so that the switch from http to an https secure site is not only required, but automatic and transparent to you. If https is available, why aren’t they directing users to it? If they’re not doing it when they can, will they do it when they should? And what else might they be missing?

I’m fairly confident that you’re not stumbling into some malicious or fake site, but you might be hitting a site that doesn’t quite have all of its security ducks in a row.

As always, my advice is to be careful.

2 comments on “Will adding an “s” to http make my connection secure?”

  1. Most or all browsers have a lock icon or other indication that an https:// page does or does not have all page elements secure. If a lock icon, it would be closed for a secure page load and open for a non-secure page load.

    Having both http:// and https:// at the otherwise identical URL may be an oversight. I made the same mistake at a secure form of ours. A few lines in the .htaccess file corrected that. All http:// requests to that page now are redirected to the https:// URL.

    A secure connection only makes data transfer secure – to and from the remote server. It doesn’t provide security for how the data is handled once it arrives.

    Will

Leave a reply:

Before commenting please:

  • Read the article. Comments indicating you've not read the article will be removed.
  • Comment on the article. New question? Start with search, at the top of the page. Off-topic comments will be removed.
  • No personal information. Email addresses, phone numbers and such will be removed.
  • Add to the discussion. Comments that do not — typically off-topic or content-free comments — will be removed.

All comments containing links will be moderated before publication. Anything that looks the least bit like spam will be removed.

I want comments to be valuable for everyone, including those who come later and take the time to read.