Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Will adding an “s” to http make my connection secure?

//
I’m using a website to confirm a rental and they require some personal information. I’m pretty confident in the company. I noticed the page for this added info was only an http site – no “s.” To see what would happen, I typed an “s” after the http, pressed Enter, and the page flickered like it was reloading, but there it was – same page but now with an https. Did this work? Could it really be that easy to get a secure page? Or did my browser just fool me? I tried an F5 refresh and the https remained. What do you think? Am I safe and secure now?

Adding an s to the http to make it secure is interesting. It’s tempting to see what will happen when you try it. But even when it works, I have some concerns.

Become a Patron of Ask Leo! and go ad-free!

Adding the s

Normally, adding an s to http just won’t work. Http and https are two completely different kinds of connections and require two different sets of support from the web server. Https requires additional things like a secure certificate that actually confirms that you’re connecting to who you think you’re connecting to – and supports the encryption of your data that happens between your computer and that site.

For example, if you add an s to http://askleo.com, it’s not going to work; I didn’t set up https://askleo.com as a secure website.

In situations like yours, where the site just magically works after adding an s, I sometimes get concerned.

HTTPSSigns of concern

It could be fine. If the site is ultimately going to use https, they may have left the plain http working. It’s a duplication of effort, but I can see it happening.

Still, they could have set their site up so that the switch from http to an https secure site is not only required, but automatic and transparent to you. If https is available, why aren’t they directing users to it? If they’re not doing it when they can, will they do it when they should? And what else might they be missing?

I’m fairly confident that you’re not stumbling into some malicious or fake site, but you might be hitting a site that doesn’t quite have all of its security ducks in a row.

As always, my advice is to be careful.

2 comments on “Will adding an “s” to http make my connection secure?”

  1. Most or all browsers have a lock icon or other indication that an https:// page does or does not have all page elements secure. If a lock icon, it would be closed for a secure page load and open for a non-secure page load.

    Having both http:// and https:// at the otherwise identical URL may be an oversight. I made the same mistake at a secure form of ours. A few lines in the .htaccess file corrected that. All http:// requests to that page now are redirected to the https:// URL.

    A secure connection only makes data transfer secure – to and from the remote server. It doesn’t provide security for how the data is handled once it arrives.

    Will

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.