HTTPS

HTTPS (HyperText Transfer Protocol Secure) is the encrypted version of HTTP, the foundational protocol used to transfer data between a web browser and a server. HTTPS wraps the standard HTTP communication inside a TLS (Transport Layer Security) layer, which encrypts every byte of data exchanged between the two endpoints. This means that login credentials, form submissions, payment details, and any other information sent through the connection cannot be read or modified by anyone intercepting the traffic — whether that is someone on the same Wi-Fi network, an internet service provider, or a malicious actor. You can identify HTTPS connections by the padlock icon in your browser's address bar and the "https://" prefix in the URL.

Browsers now flag non-HTTPS sites with a visible "Not Secure" warning, which erodes reader trust immediately. Beyond trust, HTTPS is a confirmed Google ranking factor, giving secure sites a measurable advantage in search results. For any publication that collects lead data through forms or processes payments, HTTPS is not optional — it is a baseline requirement for privacy regulations like GDPR and PCI DSS. Even for content that does not collect data, the absence of HTTPS signals to visitors that the publisher has not invested in basic security, which reflects on overall brand credibility.

Every flipbook and document published through FlipLink is served over HTTPS by default, with no additional configuration needed. FlipLink's viewer at go.fliplink.me uses TLS encryption for all traffic, protecting reader interactions including [lead capture](/features/lead-capture) form submissions and payment transactions. When you set up a [custom domain](/features/custom-domains) for your publications, FlipLink automatically provisions and manages an SSL certificate for that domain through Let's Encrypt, so your branded links remain fully secure without manual certificate management. Certificate renewals happen automatically — you never need to worry about expiration. All [embedded](/glossary/embed-code) flipbooks also inherit HTTPS when the host page uses it, maintaining a secure chain throughout.

- **Mixed content warnings.** If you embed an HTTPS flipbook on a page that loads other resources (images, scripts) over plain HTTP, browsers may block those resources or show warnings. Make sure your entire page uses HTTPS, not just the flipbook embed. - **Certificate expiration.** SSL certificates have an expiration date. FlipLink handles automatic renewal for both go.fliplink.me and custom domains, but if you manage your own domain's DNS, make sure the CNAME records remain pointed correctly so renewal validation succeeds. - **Data in transit vs. data at rest.** HTTPS protects data while it travels between the browser and the server. It does not encrypt data stored on the server. For sensitive publications, pair HTTPS with FlipLink's [password protection](/features/password-protection) to add an access control layer on top of transport encryption. - **[GDPR](/glossary/gdpr) compliance.** European privacy regulations require "appropriate technical measures" to protect personal data. HTTPS is considered the minimum standard for any service that collects or transmits personal information.

**"HTTPS makes my site completely secure."** HTTPS encrypts the connection, but it does not protect against application-level vulnerabilities like weak passwords, phishing, or malware on the user's device. It is one essential layer of security, not the entire solution. **"HTTPS slows down my site."** This was partially true years ago, but modern TLS implementations add negligible overhead. HTTP/2, which requires HTTPS, actually makes pages load faster through multiplexing and header compression. An HTTPS flipbook loads at effectively the same speed as an HTTP one. **"Only sites that collect payments need HTTPS."** Every site benefits from HTTPS — even static content pages. Google ranks HTTPS sites higher, browsers warn visitors about HTTP sites, and any form submission (including newsletter signups and contact forms) transmits data that should be encrypted. **"A padlock means the site is trustworthy."** The padlock confirms the connection is encrypted, not that the website owner is legitimate. Phishing sites can and do use HTTPS. The padlock protects the pipe; it says nothing about what flows through it.

HTTPS relies on a TLS handshake that occurs before any data is exchanged. During this handshake, the server presents its SSL certificate, the client verifies it against trusted certificate authorities, and both sides negotiate an encryption cipher and generate session keys. All subsequent data is encrypted with these keys. Modern TLS 1.3 reduces the handshake to a single round trip (1-RTT), and returning visitors can use 0-RTT resumption for even faster connections. FlipLink's infrastructure supports TLS 1.3 and HTTP/2 across all endpoints, including custom domains. For publishers embedding flipbooks on their own sites, the embed URL always uses `https://`, ensuring compatibility with any host page that enforces HTTPS through HSTS (HTTP Strict Transport Security) headers.