Safer Internet: Browsing: Use HTTPS

Summary | Update | https: | Vulnerable Sites | Insecure Connection | TLS |
References: General | Apple | Certificates | Firefox |
Google/Chrome | OpenSSL, Freak, Heartbleed


Summary

[1] Update System/Browser Software

  • Check that your system, browser and application software have latest security updates -- see section: Software Updates
  • Otherwise, content could be exposed if security vulnerabilities have not been patched on both ends.

[1] Use https: (HyperText Transport Protocol Secure) instead of regular http:

  • More and more sites default/redirect to HTTPS:, e.g.
  • wider availability of free certificates for sites, e.g., Let's Encrypt
  • automatically from http: paypal.com
  • via browser extension, e.g., HTTPS Everywhere for Chrome, Firefox; not avail for IE, Safari -- maybe not needed
  • via preference, e.g., linkedin.com: Account > Security
  • Some password managers, e.g., 1Password, can check for non-https and vulnerable sites
  • Check browser Address Bar: lock icon and/or URL beginning with "https://"
  • Be especially aware on login pages and shopping and finance sites.
  • Some browsers, e.g., Chrome, will flag 'insecure' sites: any http: page in "incognito" (private browsing) mode, or any http: page with an input field
  • Client-server connection with HTTPS: {Figure 6. TCYOP-4: 67; TCYOP-3: 55}.

[2] Check for Vulnerable sites

  • Although you can't update the security software on sites, you can minimize your exposure
  • Change passwords on any sites with unpatched security vulnerabilities, e.g., Heartbleed; use a password manager to monitor, e.g., 1Password: Watchtower; also PM can flag any non-https: logins
  • Otherwise, content could be exposed if security vulnerabilities have not been patched on both ends.

[2] Use VPN and 2FA to Compensate for an Insecure http: Connection

[3] Test Your Browser's TLS; Use sftp:; Install a Certificate

  • Test Your Browser's TLS(SSL): How's My SSL?
  • Safari(macOS,iOS) may include some fallback older 'insecure cipher suites' I'm checking if this is serious and/or being fixed; Firefox, Chrome better?
  • File transfer: use sftp: instead of ftp:
  • Web site admin: free certificate: letsencrypt.org; possible installation cost, configuration issues depending on web host

References

Apple

Certificates

Firefox

Google / Chrome

Microsoft

OpenSSL, Freak, Heartbleed