Implementing HTTPS

Understand when and how to use HTTPS.

When to use HTTPS?

The traditional view recommends using HTTPS anywhere credentials or sensitive data is passed to the server. For many years, only login pages and shopping carts were encrypted. While these should be encrypted, it leaves the rest of the user’s session open to man-in-the-middle attacks. There is a recent push to use HTTPS everywhere. Then, every page of your site would be encrypted on HTTPS. While a good rule, consider the limitations of HTTPS. Don’t blindly implement HTTPS everywhere without evaluating the trade-offs. If the enhanced security offsets the limitations discussed in the previous lesson in a specific application, then using HTTPS on each page is strongly recommended.

Get hands-on with 1400+ tech skills courses.