HTTPS Does Not Mean That a Website is Safe

HTTPS Does Not Mean That a Website is Safe

On the Internet, there are many spam emails and personal data disclosures. If you ignore your safety and privacy online, you may be the victim of the next data breach or fraud. Thus, you want to know if the website you are visiting is safe or not. This is a good idea, especially before you share sensitive information such as credit card information on a website. Qwer432

There are also many useful ways to check if a website is secure. The vast majority of users check for HTTPS to judge if browsing a site is safe. First, let’s known more about HTTPS and HTTP.


HTTPS must be used, regardless of what kind of site it is. HTTPS protects you from man-in-the-middle attacks such as phishing and spoofing by encrypting your data transmission.

When you visit a site that uses HTTPS, the browser displays a green padlock in the address bar. Some websites even display the company name next to the URL. These sites are safer than sites with green padlocks because they adopt Extended Validation SSL encryption. This new type of SSL encryption protects communication between the website and the Internet user requesting it.

Not all websites use HTTPS. Some websites use the basic protocol – HTTP. What is the difference between HTTPS and HTTP?

HTTP (Hypertext Transfer Protocol) is one of the protocols used for data transfer while surfing the Internet. This is how the client requests and the server responds. When you visit a website through a browser, an HTTP request is sent to the appropriate port on the server. Then, the server answers your request.

HTTPS adds an SSL layer compared to HTTP. SSL is a secure protocol that provides security and ensures data integrity for network communication. It protects data from being intercepted during transmission by encrypting the Internet connection. The server using HTTPS must request a certificate from the certification authority that confirms the purpose of the server. The client trusts the host only if the certificate is used on the appropriate server.

That is, there is no encryption for transmission on a website using HTTP. All data is transmitted in cleartext. While websites that use HTTPS encrypt the transmission. HTTPS sites are therefore safer than HTTP sites. In addition, the HTTPS protocol must apply for a CA certificate, which in most cases is not free. Users can make a simple assessment of the security of the site by checking that the HTTPS protocol is being used.

But you should know that some pages on the same website may not be encrypted by HTTPS. You should look for HTTPS each time you open a new page, especially before you enter sensitive information. Always check if there is an “S” after HTTP will reduce the risk of becoming a victim of data breaches.

Does HTTPS mean that a website is safe?

When browsing a web site, most users only check the URL and the green padlock quickly to see if it’s a phishing site. However, a website with a green padlock can also be a phishing website that will use your data for malicious purposes. HTTPS only prevents third parties from intercepting, stealing or altering information loaded on the website or sent to the server. f

Xudong Zheng, a researcher, pointed out that it is difficult to spot phishing websites by checking the URL. The URL might look like your familiar website, but it’s a different site.

For this reason, we recommend that you enter the URL manually if you want to visit some important websites. DO NOT click directly on the hyperlink, otherwise, you will end up with a fake website that looks exactly like the one you know. Before you click on the hyperlink, you can also hover over it with your mouse to display the URL in the lower-left corner of the browser (Google and Firefox).

The most important thing is that surfing on an HTTPS website is not always safe !!!

Why does the fake website look just like the right one? Xudong Zheng said that some countries or regions used “national languages” in their domain names, including Russia and Bulgaria. Many browsers use Punycode to translate these “local languages” into characters that are readable to the DNS servers. Although you can not see the difference in their URLs, the computer thinks they are different.


We conclude that HTTPS does not guarantee the security of a website. In addition to the usual ways to verify website security, Google Safe Browsing is also useful. This service is provided by Google to alert users against malicious websites. You can turn it on to avoid visiting malicious sites that have been listed by Google.

Above all, you need a VPN to secure your internet connection so that nobody else can track you.

VPN download         

About the Author
freemexy jack

You must logged in for view and post comments.