Safer Internet: Browsing: Use HTTPS

Why?

  • computer off+ Encrypts content between your device and destination server
  • + More and more sites support HTTPS:, esp. due to availability of free certificates
  • - Some sites (ironically, this one) do not yet support HTTPS: due to other cost or configuration issues
  • - IP addresses (yours, site's) not encrypted
  • - Content could be exposed if security vulnerabilities have not been patched on both ends.

Basic

  • how https worksUse https: (HyperText Transport Protocol Secure) instead of regular http: whenever a site supports it.
  • Some sites default/redirect to HTTPS:, e.g.
  • automatically from http: paypal.com
  • via browser extension, e.g., HTTPS Everywhere for Chrome, Firefox; not avail for IE, Safari
  • via preference, e.g., linkedin.com: Account > Security
  • Check browser Address Bar: lock icon and/or URL beginning with "https://"
  • Be especially aware on login pages and shopping and finance sites.
  • Some browsers, e.g., Chrome, will flag 'insecure' sites: any http: page in "incognito" (private browsing) mode, or any http: page with an input field, e.g., on my site: Search and Contact
  • Client-server connection with HTTPS: {Figure 6. TCYOP-3: 55; TCYOP-2: 47; TCYOP-1: 47}.
  • Check that your system, browser and application software have latest security updates.
  • Change passwords on any sites with unpatched security vulnerabilities, e.g., Heartbleed; use a password manager to monitor, e.g., 1Password: Watchtower
  • bleed[Refs]: "Yes, Switching To HTTPS Is Important, And No It's Not A Bad Thing"
  • [Refs]: "HTTPS Everywhere Keeps Your Personal Information Safe on Over 1,400 Sites, Available for Firefox and Chrome"
  • [Refs:OpenSSL]: "Heartbleed a Year Later: How the Security Conversation Changed"
  • [Refs:OpenSSL]: "Hundreds of Android and iOS apps are still vulnerable to FREAK attacks"
  • [Refs:OpenSSL]: "Windows, Blackberry also susceptible to HTTPS-breaking FREAK attack"
  • [Refs]: Google, Mozilla, Microsoft to Sever RC4 Support in Early 2016"

Intermediate

Advanced

  • Test Your Browser's TLS(SSL): How's My SSL?
  • Safari(macOS,iOS) still includes some fallback older 'insecure cipher suites' I'm checking if this is serious and/or being fixed; Firefox, Chrome better?
  • File transfer: use sftp: instead of ftp:
  • Web site admin: free certificate: letsencrypt.org, configuration issues

References

Apple

Certificates

Google

Microsoft

OpenSSL, Freak, Heartbleed