What does that padlock icon in my browser mean?

At the moment, Google is promoting "secure" websites. If you look in the address bar of your browser you might see a small padlock icon. If you don't, Google is going to start flagging these sites as "insecure" - meaning your browser might show a badge warning you about this, and the site itself is going to fall down the search rankings.

But what does that padlock mean?

Websites and browsers communicate using the HyperText Transfer Protocol (HTTP) for short. The browser and website send each other messages describing what the browser wants to see and what the website has to display. These messages are in plain text - if you intercept the message then you could read those contents. Including your username and password, if you need to log in.

To combat this, there's an extension to HTTP called HTTPS - the S stands for Secure. The website has an encryption certificate (called an SSL Certificate) installed - this is half of a mathematical key that it shares with the browser. This key is then used to encrypt those messages - so if you were to intercept them, you wouldn't be able to read the contents - unless you had the other half of that mathematical key. And, of course, the other half is locked away, safely, on the web-server.

So that's why the padlock is important. It prevents important information being read whilst in transit, keeping your and your customer's data safe. And, now that Google is going to be downgrading sites that don't have a certificate, it's vitally important that you ensure your site has one.

Rahoul Baruah

Rahoul Baruah

Rubyist since 1.8.6. I like hair, dogs and Kim/Charli/Poppy. Also CTO at Collabor8Online.
Leeds, England