Factsheet HTTPS could be a lot more secure

HTTPS is a frequently used protocol for protecting web traffic against parties setting out to eavesdrop on or manipulate the traffic. Configuring HTTPS requires precision: there are many options, and by no means all of them are secure.

This factsheet explains three HTTPS options that can contribute to securing web traffic. These options are additions to existing recommendations on the safe configuration of HTTPS. The NCSC recommends using these options in all of your HTTPS configurations.

The NCSC recommends protecting all websites that process sensitive data with HTTPS. If you want to protect your website with HTTPS you will find configuration advice in the IT security guidelines for Transport Layer Security and the IT security guidelines for web applications of the NCSC. The guidelines for Transport Layer Security and the guidelines for web applications are available on our website. Both are currently only available in Dutch.

This publication is no longer actively maintained by the NCSC. The information in this publication may therefore be out of date.