HTTPS Configuration
Introduction
HTTPS (Hypertext Transfer Protocol Secure) encrypts the communication between your user's browser and your website. It is the modern standard for all web traffic.
Why it matters
Browsers aggressively warn users if a site is not secure (HTTP instead of HTTPS). It severely impacts trust, and search engines like Google use HTTPS as a ranking signal. Many modern web APIs (like Geolocation or Service Workers) are also disabled on non-HTTPS sites.
Where it appears
- Address Bar (Padlock icon)
- Search Engine Rankings
- Browser Warnings
Requirements
- An SSL/TLS certificate installed on your server.
- All internal links and resources (images, scripts) loaded over HTTPS.
Best Practices
- Enforce HTTP to HTTPS redirects (HSTS).
- Ensure your certificate is valid and renews automatically (e.g., using Let's Encrypt).
- Do not mix HTTP and HTTPS content on the same page.
Common Mistakes
- Mixed content (loading HTTP images on an HTTPS page), which breaks the secure padlock.
- Expired SSL certificates.
- Failing to redirect HTTP traffic to HTTPS.
Implementation
Most modern hosting platforms (Vercel, Netlify, Cloudflare) provide HTTPS by default. If configuring manually on Nginx:
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}