HTTPS Explained: How Secure Websites Work

When visiting a website, students are often told to “look for the padlock.” In IB Computer Science, that padlock represents HTTPS, the protocol that allows websites to communicate securely. Students are expected to understand what HTTPS is, why it is used, and how it protects data during transmission.

IB examiners focus on conceptual understanding, not low-level protocol details.

What Is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is a secure version of HTTP.

HTTPS:

• Encrypts data sent between a browser and a web server
• Protects data from interception
• Verifies website identity

In IB terms, HTTPS provides:

• Confidentiality
• Integrity
• Authentication

Why HTTP Alone Is Not Secure

Standard HTTP:

• Sends data in plaintext
• Can be intercepted by attackers
• Does not verify website identity

This means:

• Passwords can be stolen
• Data can be modified
• Users can be redirected to fake websites

HTTPS exists to solve these problems.

How HTTPS Works (Conceptually)

HTTPS combines:

• Encryption
• Digital certificates
• Public Key Infrastructure (PKI)

The process works conceptually as follows:

1. The browser connects to a website
2. The website presents a digital certificate
3. The browser verifies the certificate
4. A secure encryption method is agreed
5. Encrypted communication begins

IB students should describe the sequence, not protocol names.

The Role of Digital Certificates

Digital certificates are essential to HTTPS.

They:

• Confirm the identity of the website
• Prevent impersonation
• Allow secure key exchange

Certificates are issued by:

• Trusted Certificate Authorities (CAs)

If a certificate cannot be verified:

• Browsers display warnings

This protects users from fake or malicious sites.

Encryption in HTTPS

HTTPS uses encryption to protect data.

Conceptually:

• Asymmetric encryption establishes trust
• Symmetric encryption is used for data transfer

This approach:

• Keeps data confidential
• Is efficient for large data transfers

IB students should understand that encryption ensures privacy, not anonymity.

Data Integrity and HTTPS

HTTPS also ensures data integrity.

This means:

• Data cannot be modified in transit
• Changes would be detected

Integrity protection prevents:

• Injection attacks
• Data tampering

IB examiners often expect students to mention integrity alongside confidentiality.

Authentication and Trust

HTTPS authenticates websites by:

• Verifying certificates
• Linking domains to public keys

This ensures:

• Users are communicating with the intended site
• Not an impostor

Authentication builds trust in online systems.

Why HTTPS Is Important in Real Systems

HTTPS is essential for:

• Online banking
• Login systems
• E-commerce
• Secure communication

Modern browsers increasingly block or warn against HTTP-only sites.

Common Student Mistakes

Students often:

• Say HTTPS only encrypts passwords
• Ignore authentication
• Confuse HTTPS with VPNs
• Describe HTTPS too vaguely

Clear explanations of why HTTPS exists score higher.

How This Appears in IB Exams

IB questions may ask students to:

• Explain what HTTPS does
• Describe how secure websites work
• Identify benefits of HTTPS
• Apply HTTPS to a scenario

Explanation and justification matter more than technical detail.

Final Thoughts

HTTPS secures web communication by combining encryption, digital certificates, and trusted verification. It protects data from interception, ensures website authenticity, and maintains data integrity.

Understanding how HTTPS works allows IB Computer Science students to explain secure online communication clearly and confidently — exactly what examiners expect.