直到 2017 年左右，互联网上的大多数网站都使用严格的超文本传输​​协议 ( HTTP ) 将网站数据传输到访问者的网络浏览器。

在那之前，大多数浏览器完全能够接收安全的HTTP内容，但很少有网站所有者费心使用^(HTTP)HTTPS设置他们的网站。

什么是HTTPS？它代表安全的超文本传输​​协议。而今天，这种安全版本的HTTP是 Internet 上大多数网站将其内容传输到浏览器的方式。

什么是 HTTPS？

当一个网站使用HTTPS时，这意味着在该网站和您的浏览器之间传输的所有数据都是加密的。

在HTTPS之前，黑客可以很容易地截获网络主机和用户浏览器之间的传输，并读取正在传输的内容。这是因为内容是以HTML或纯文本形式传输的。在许多情况下，甚至ID^(IDs)和密码也很容易从这些传输中提取出来。

是什么让HTTPS与众不同？HTTPS使用所谓的传输层安全^{(Transport Layer Security)}性( TLS )，以前称为安全套接字层^{(Socket Layer)}( SSL )。 

TLS 使用两个安全“密钥”来完全加密在网络主机和浏览器之间传输的数据。

• 私钥^{(Private key)}：这是存储在原始 Web 服务器上的密钥。公众无法访问它，因此只有存储在真实 Web 服务器上的这个私钥才能解密传输。
• 公钥^{(Public key)}：任何想要与拥有该网站的 Web 服务器通信的浏览器都使用公钥。

HTTPS 通信的工作原理

通信过程如下工作。

1. 用户打开浏览器并连接到网页。
2. 该网站向用户的浏览器发送包含公钥的SSL证书。^(SSL)浏览器需要此公钥才能打开与站点的初始连接。
3. 这会启动所谓的“ TLS握手”，客户端（浏览器）和服务器（网站）“同意”使用密码，验证网站的SSL数字签名，并为当前会话生成新的会话密钥。

一旦建立了这个“会话”，浏览器和网络服务器之间的任何人都无法轻松识别正在传输的信息或数据。

这是因为所有内容，甚至是传输到浏览器的HTML ，都会被加密（本质上是被打乱成无意义的文本和符号）。^(HTML)只有与网站建立初始连接的浏览器才能解密信息，反之亦然。只有网站才能接收ID^(IDs)和密码之类的信息并对其进行解密以供使用。

因此，只要您看到某个站点是安全的，您就可以放心，您的浏览器和远程站点之间的通信是私密的，并且不会被窥探。

如何知道网站是否使用 HTTPS

从 2017 年开始，谷歌^(Google)向网站所有者施加压力，要求他们将SSL证书整合到他们的网站中。他们通过将一项新功能集成到最新版本的Chrome中来做到这一点，该功能在用户访问不使用HTTPS的网站时向用户显示“不安全^(Secure)”警告。

如果您正在运行最新版本的Chrome浏览器并访问使用HTTPS的安全站点，您会在URL左侧看到一个小锁图标。

不久之后，其他浏览器也开始效仿，包括Firefox、Safari等。它们都会像Chrome一样显示一个锁定图标。

如果您访问一个网站并且该网站没有使用HTTPS进行通信，那么您会在 URL 的左侧看到“不安全”错误。^{(Not secure)}

似乎这还不足以让访问者远离网站，谷歌^(Google)还制定了一项政策，使用SSL证书将帮助网站在搜索结果中排名更高。

这两个原因是大多数网站所有者最终开始将其网站转换为使用SSL证书并通过HTTPS与访问者的浏览器通信的原因。

为什么要关心 HTTPS？

作为互联网用户，您应该非常关心站点是否使用HTTPS。您可能认为没有人关心您访问的网站或您在互联网上所做的事情，但那里有非常大的黑客社区，他们对此非常感兴趣。

通过拦截您与网站的浏览器通信，黑客一直在寻找以下任何信息：

• 您的电子邮件地址，以便他们可以将其出售给电子邮件垃圾邮件发送者。
• 您的电话号码和实际地址，以便他们可以将其出售给营销人员。
• 您用于登录银行帐户的 ID 和密码，以便他们可以访问您的资金。
• 您访问的任何令人尴尬的网站，因此他们可以向您发送电子邮件，威胁如果您不付款，就会与朋友和家人分享该活动^{(threatening to share that activity with friends and family if you don’t pay up)}。
• 您计算机的直接 IP 地址，以便他们可以尝试入侵您的系统^{(try to hack your system)}。

事实上，出于多种原因，确保您只访问使用HTTPS的网站是保护您的在线隐私和安全的有效方式。

如果您拥有一个网站，那么您应该关心安装SSL证书和启用HTTPS的更多原因。

• 您将获得更多Google搜索流量。
• 访问者更频繁地访问您的网站会感到安全。
• 客户从您那里购买产品会感到更安全。
• 黑客不太可能获得ID^(IDs)或密码，使他们更容易入侵您的网站。

如今，任何使用互联网的人都没有任何充分的理由不只对所有网络交易使用HTTPS。

如何在您的网站上使用 HTTPS

如果您拥有一个网站，并且有兴趣在人们访问您的网站时摆脱那种可怕的“不安全”消息，那么为您的网站安装SSL证书并不难。

事实上，我们已经发布了关于如何为您的网站获取自己的 SSL 证书以及如何安装它^{(how to get your own SSL certificate for your website, and how to install it)}的完整指南。

简单的步骤如下：

1. 确定您的网络主机提供给您的网站的专用 IP 地址。
2. 安装您的网站提供的SSL证书，或者您从SSL证书服务购买的证书。
3. ^(Force)通过使用“重写”命令将所有连接更改为使用HTTPS来编辑 .htaccess 文件，^(HTTPS)强制所有浏览器在访问您的站点时使用SSL。
4. 确保^(Make)向您在站点上安装的任何CDN服务提供您的私有SSL证书。

这个过程最近变得更加简单，因为许多网络托管服务正在为网站所有者提供一键式解决方案来为其网站安装SSL证书。^(SSL)

What Is HTTPS and Why You Should Care

Up untіl around 2017, a large majority of websites on the internet used strictly hypertext transfer protocol (HTTP) for the transmission of a website’s datа to a visitor’s web browser.

Until then, most browsers were fully capable of receiving secure HTTP content, but few site owners bothered to set up their websites using HTTPS.

What is HTTPS? It stands for hypertext transfer protocol secure. And today, this secure version of HTTP is how the majority of websites on the internet transmit their content to browsers.

What Is HTTPS?

When a website uses HTTPS, it means that all of the data being transmitted between that website and your browser is encrypted.

Before HTTPS, a hacker could easily intercept the transmission between the web host and the user’s browser, and read the content being transmitted. This is because the content was transmitted in HTML or plain text. In many cases even IDs and passwords were easy to extract from these transmissions.

What makes HTTPS different? HTTPS uses what’s called Transport Layer Security (TLS), formerly known as Secure Socket Layer (SSL). 

TLS uses two security “keys” to fully encrypt the data going between the web host and your browser.

• Private key: This is a key stored on the originating web server. It isn’t accessible to the public, so only this private key stored on the real web server can decrypt transmissions.
• Public key: The public key is used by any browser that wants to communicate with the web server that holds the website.

How HTTPS Communication Works

The communication process works as follows.

1. A user opens a browser and connects to a web page.
2. The website sends the user’s browser an SSL certificate that contains the public key. The browser needs this public key in order to open the initial connection with the site.
3. This initiates what’s called a “TLS handshake” where the client (browser) and the server (website) “agree” on the cipher to use, verify the site’s SSL digital signature, and generate new session keys for the current session.

Once this “session” is established, no one between the browser and the web server will be able to easily identify the information or data being transferred.

This is because everything, even the HTML transmitted to the browser, gets encrypted (essentially scrambled into nonsense text and symbols). Only the browser that established the initial connection with the website can decipher the information, and vice versa. Only the website can receive things like IDs and passwords and decipher them for use.

So, whenever you see that a site is secure, you can rest assured that the communications between your browser and the remote site are private and safe from prying eyes.

How to Know if a Site Uses HTTPS

Starting in 2017, Google put the pressure on website owners to incorporate SSL certificates into their websites. They did this by integrating a new feature into the latest version of Chrome that displayed a “Not Secure” warning to users whenever they visited a site that didn’t use HTTPS.

If you’re running the latest version of the Chrome browser and you visit a secure site that uses HTTPS, you’ll see a small lock icon to the left of the URL.

Not long after, other browsers started following suit, including Firefox, Safari, and more. They will all display a lock icon like Chrome does.

If you visit a website and the site isn’t using HTTPS to communicate, then you’ll see a Not secure error to the left of the URL.

As though this isn’t off-putting enough to keep visitors away from a website, Google also instituted a policy where use of SSL certificates would help websites rank higher in search results.

These two reasons are why most website owners finally started transitioning their sites to use SSL certificates and communicate with visitors’ browsers via HTTPS.

Why Should You Care About HTTPS?

As a user of the internet, you should care a great deal about whether or not a site uses HTTPS. You may not think anyone cares about what websites you visit or what you’re doing on the internet, but there are very large communities of hackers out there who are very interested.

By intercepting your browser communications with websites, hackers are constantly on the lookout for any of the following information:

• Your email address, so they can sell it to email spammers.
• Your phone number and physical address so they can sell it to marketers.
• ID and passwords you use to log into your bank accounts so they can access your funds.
• Any embarrassing sites you visit so they can send you emails threatening to share that activity with friends and family if you don’t pay up.
• Your computer’s direct IP address so they can try to hack your system.

In fact, making sure you only visit sites that use HTTPS is a powerful way to protect your privacy and security online, for many reasons.

If you own a website, there are even more reasons you should care about installing SSL certificates and enabling HTTPS.

• You’ll get more Google search traffic.
• Visitors will feel safe to visit your website more frequently.
• Customers will feel more secure buying products from you.
• Hackers will be less likely to obtain IDs or passwords that make it easier for them to hack your website.

There are no longer any good reasons for anyone using the internet these days not to be using only HTTPS for all web transactions.

How to Use HTTPS on Your Site

If you own a website and you’re interested in getting rid of that scary “Not Secure” message when people visit your site, it’s not difficult to install SSL certificates for your website.

In fact, we’ve published a full guide on how to get your own SSL certificate for your website, and how to install it.

The simple steps are as follows:

1. Determine the dedicated IP address your web host has provided to your website.
2. Install the SSL certificate either provided by your website, or one you’ve purchased from an SSL certificate service.
3. Force all browsers to use SSL when visiting your site by editing the .htaccess file with a “rewrite” command that changes all connections to use HTTPS.
4. Make sure to provide your private SSL certificate to any CDN services you’ve installed on your site.

This process is getting even simpler lately, since many web hosting services are providing website owners with one-click solutions to install SSL certificates for their website.

Related posts

• 在Chromebook上拍摄Photo or Video的3种方法

• 如何Detect Computer & Email Monitoring或Spying Software

• 平Panel Display Technology Demystified：TN，IPS，VA，OLED等等

• 如何在Chromebook上打开或关闭Caps Lock

• 4 Ways在您所在地区找到最佳网络Options（ISPs）

• 如何Fix Disney Plus Error Code 83

• 如何搜索并找到某人的删除推文

• 如何Post Linkedin（和Best Times至Post）的文章

• 如何在Chromebook上拆分Screen

• 8 Ways以获得更多信用

• 如何在Discord上Mute Someone

• 在Advance中无法Schedule Uber？这是该做什么

• 如何在GIMP中创建Transparent Background

• 如何在Google纸上使用VLOOKUP

• 什么Do BCC and CC Mean？了解Basic Email Lingo

• 你能改变你的Twitch Name吗？是的，但Be Careful

• 如何修复Steam“待处理事务”错误

• 如何使用No Extension打开File

• 如何发送Anonymous Text Message，不能给您Be Traced Back

• 如何Search Facebook Friends Location，Job，或School