Skip to content
Start free scan
  1. Home
  2. /Knowledge Base
  3. /SSL certificate: why your website needs HTTPS
SSL certificate: why your website needs HTTPS

SSL certificate: why your website needs HTTPS

3 min read below · WebYes knowledge base

An SSL certificate encrypts traffic between visitor and website. Read how HTTPS works, which certificate types exist and how to check your site.

An SSL certificate (technically: TLS certificate) ensures traffic between the browser and your website is encrypted over HTTPS. Without a certificate, third parties can read or manipulate data, browsers show a warning and you lose trust and visibility.

  • How does SSL/TLS work in short?
  • Which types of certificates exist?
  • Enforcing HTTPS with HSTS
  • Common mistakes
  • Related articles
  • FAQ

On this page

  • How does SSL/TLS work in short?
  • Which types of certificates exist?
  • Enforcing HTTPS with HSTS
  • Common mistakes
  • Related articles
  • FAQ

Read more

Free WebYes scan is live: test your site on four pillars

You can now scan any website for free on speed, security, mobile and accessibility. Here is how the scan works and what we do with the results.

Share this article

Share on LinkedInShare on X

How does SSL/TLS work in short?

When a visitor opens your site over HTTPS, the browser and server first negotiate an encrypted connection. The certificate proves the server really belongs to your domain, and the encryption ensures nobody along the way can read or alter passwords, payment details or form input.

The name SSL has stuck, but the underlying protocol has been called TLS (Transport Layer Security) for years. Modern servers use TLS 1.2 or 1.3; older versions are considered insecure and should be disabled.

Which types of certificates exist?

Certificates differ in how strictly the applicant is verified, not in the strength of the encryption. For most websites a free domain-validated certificate is enough.

The three validation levels
TypeWhat is verifiedWho it is for
DV (domain validation)Only that you control the domainAlmost every website; free via e.g. Let's Encrypt
OV (organisation validation)Domain plus the organisation's registrationBusinesses wanting extra recognisability
EV (extended validation)Full legal verification of the organisationBanks, insurers, payment services

Encryption strength is identical across all three; the difference is the identity check.

Enforcing HTTPS with HSTS

Installing a certificate is step one; making sure visitors always arrive over HTTPS is step two. Set up an automatic redirect from HTTP to HTTPS and add the Strict-Transport-Security (HSTS) header. That header instructs browsers to access your site exclusively over HTTPS from then on, even when someone types the address without https.

HSTS is one of the security headers the WebYes scan checks within the security pillar. If the header is missing or the certificate has expired, you see it in the report immediately.

Common mistakes

The most frequent problems we see in scans: a certificate that quietly expired because auto-renewal was never set up, mixed content (an HTTPS page loading images or scripts over HTTP, which still triggers a browser warning), and old TLS versions left enabled on the server.

All of them are easy to prevent: enable auto-renewal, load all assets over HTTPS and have your hosting provider disable TLS 1.0 and 1.1.

Related articles

Security headers: which ones does your website need?

Security headers: which ones does your website need?

Security headers protect visitors against eavesdropping, XSS and clickjacking. Find out which headers you need and how to set them up safely.

Frequently asked questions

Is an SSL certificate mandatory?

No law literally demands a certificate, but in practice you cannot do without one. Browsers mark HTTP sites as 'not secure', unencrypted forms are a privacy risk under the GDPR and Google favours HTTPS pages in its search results.

What does an SSL certificate cost?

A domain-validated certificate is free through certificate authorities such as Let's Encrypt and is included with most hosting plans. Paid OV and EV certificates cost tens to hundreds of euros per year and mainly add identity verification, not stronger encryption.

How do I check whether my certificate is set up correctly?

Click the padlock in the address bar for the expiry date and issuer. For a full check, including TLS versions, redirects and HSTS, use the free WebYes scan: it tests the entire SSL configuration within the security pillar.

The WebYes scan measures this too

Scan your website for free on speed, security, mobile and accessibility and see where you stand.

Start free scan
webyes

Het onafhankelijke keurmerk voor Nederlandse websites. Kalm, transparant, jaarlijks herkeurd.

Start gratis scan

Keurmerk

  • Start gratis scan
  • Hoe het werkt
  • Keurmerkregister
  • Prijzen
  • Veelgestelde vragen

Kennis

  • Kennisbank
  • Blog
  • Jaarrapport

Bedrijf

  • Over ons
  • Contact
  • Mijn account

Juridisch

  • Privacybeleid
  • Algemene voorwaarden
  • Cookies
© 2026 WebYesGebouwd in Nederland.

Jaarrapport in de maak. In de maak: het jaarrapport over de staat van het Nederlandse web. Lees meer →

webyes
WerkwijzePrijzenRegisterKennisbankOver ons
InloggenStart gratis scan