HTTP vs HTTPS: What’s the Difference?

ecommerce security

When browsing the web, you may start to notice little differences between web addresses for different sites. Some websites have addresses that start with HTTP, while others have web addresses that start with HTTPS. What’s the real difference between these two prefixes? Does it matter what you use for your Volusion store?

What is HTTP?

Hypertext Transfer Protocol, or HTTP, was created as a way to share information across the internet. It’s basically the Ford Model T of data communication on the web. When you access a website from your computer or mobile device, your web browser uses HTTP to communicate with the site’s web server. Seems easy enough, right?

The problem is that it might be too easy to send data this way. Once you know how HTTP works, it’s easy to find and intercept data as it travels across the internet – leaving HTTP websites vulnerable to hackers. That’s where HTTPS comes into play!

So What’s the Extra “S” for?

HTTPS, or Hypertext Transfer Protocol Secure, uses a Secure Sockets Layer (SSL) to encrypt data transmitted via internet. Whenever information gets sent from a browser or device, the SSL provides a form of coded encryption that scrambles the information into a random series of characters. Once the information arrives at its destination (another computer or server), it gets unscrambled back to its original format. This prevents prying eyes – whether individuals or malware – from stealing sensitive information.

This encryption is especially crucial for ecommerce websites, where personal information and payment details are transmitted frequently. These details include credit card information, usernames and passwords. Both you and your customers want that information to be safe!

An SSL certificate is a key component of encrypting and securing information sent through your site. Before installing an SSL on your site, every SSL provider is required to validate your domain. We use a simple process to verify that you own the domain name tied to the site, then we install it for you. Once an SSL has been installed on your site, it will protect your site’s data for the duration of time you selected when purchasing the SSL (usually either one or two years).

How do you know it’s working?

There are two signs that the site you are currently visiting is encrypted with an SSL:

  • The web address bar contains the “HTTPS” prefix, similar to https://www.currentsite.com.
  • The web address bar displays a green padlock icon on the far left.

You may come across a website where the business name is also listed in green next to the padlock; depending on the web browser, the entire web address bar may be green. These sites are typically using “Extended Validation” SSL certificates that encrypt data and prove and verify ownership of the site. While it may sound like an obvious choice to buy an Extended Validation SSL, note that these SSLs do not provide any higher level of encryption than a standard SSL. They’re most commonly used by larger, well-known companies like national banking chains or Amazon. Additionally, EV SSLs require additional vetting and are typically more expensive than standard SSLs.

What makes HTTPS so important?

There are multiple benefits to using HTTPS for your site.

  • Safety – Using HTTPS for your ecommerce store means that your customers are protected. You can be confident that when customers check out on your site, their credit card information is safe. Even if you do not accept payments on your store (perhaps you use PayPal, for example), an SSL can still be beneficial. If you have a sign in/log in page without an SSL, any sensitive password information will be sent in plain text without encryption.
  • Confidence – Along with safety comes a feeling of trust. When customers see a green padlock in the URL bar for your website, they are confident that their information is secure while on your site. Many shoppers may not understand the technical function of an SSL, but they know to look for secure site indicators that show they’re protected.
  • SEO and Page Placement – Although it is not the only factor when it comes to SEO placement, having an HTTPS website can help improve search rankings. Google will continue to place more emphasis on HTTPS for ranking as time goes on.
  • Integration – Outside of Google, other third-party integrations – such as Facebook – require encryption. These companies want to protect themselves from liability, meaning anyone who wants to work with them or connect to their server is required to have protection as well.

What does all this mean for your Volusion store?

You purchased your SSL, and it’s installed on your Volusion store. Now what?

At this point, your login and checkout pages will encrypt information as it’s sent across the internet. In order to secure the rest of the site, though, you’ll need to adjust config variables in your store that allow the full site to show as HTTPS instead of HTTP. From your Dashboard, go to Settings > Config Variables. Click Search, then search for the word “secure” in the Name field. From the search results that appear, check the boxes next to Force Secure Logins and Force Secure Registration.

There’s one more set of config variables to adjust. Go back to Settings > Config Variables and perform a search for the word “URL”. You’ll want to adjust both Full Secure Store URL and Full Store URL so that each URL contains an “s”, turning them into HTTPS addresses.

Note that when you first visit your website’s homepage, the URL will initially come up as http://www.yourstore.com, even after you’ve adjusted the necessary config variables. Not to worry – once you click on any link or navigate to a new page, the URL will show HTTPS in the address bar. Your site is secure at this point!

If you’re taking the important step of establishing an online business, one of your top priorities should include security for you and your customers. As the internet moves to an age where safety is key, using HTTPS to operate your website is one of the best decisions you can make!

2 Responses to “HTTP vs HTTPS: What’s the Difference?”

  1. James

    Hi Volusion,

    What a great article, this really needs to be made clear to all Volusion merchants that Volusion does fully support HTTPS! Hurray! Just a couple of notes though if any Volusion merchant is changing from http to https:

    1 – Google Webmaster Tools treats this as a site move, and so you will need to submit and verify the new https ‘property’ version of your site for crawling and indexing. Bear in mind you may experience some loss of traffic whilst the change happens, so it is advised to do this at a quieter traffic time. I’ve chosen to delete our http property at this point, but not sure yet what effect this will have. Bing seems to treat it differently and simply updates the url to https on your existing site property.
    2 – BEFORE submitting your new https sitemap to google and bing, remember to update the sitemap in your Volusion sitemap section to correct the url’s to https, otherwise it will simply recrawl at http! If not done, I suppose this may generate some confusion for the bots!

    So happy this is available, spread the word everyone! 🙂

    Reply
    • Andrea Kinnison

      Hi James,

      Thanks for the feedback! We would like to chat with you more about our HTTP vs HTTPS functionality to make sure there is no confusion on the matter. We will be reaching out to you privately. Thank you!

      Reply

Leave a Reply