Hypertext Transfer Protocol Secure (HTTPS)

Identifying a secure connection to web services

Most major web browsers may also inform users that a website is secure with a padlock icon.

At times, web browsers may alert users that some Government of Canada websites are not secure. The government is not responsible for how web browsers measure whether a website is secure or not secure. This may result in some government services being marked as not secure, which may limit access to a specific online services or information.

Each government department and agency continually works to protect user data. It does this by applying specific security standards that have been widely adopted across the web. These ensure safe access to services or information online.

For details about user data the government collects, please read our Privacy statement.

For updates on the security of a government service users can contact individual departments and agencies.

Protecting web services

The Treasury Board of Canada Secretariat is establishing an HTTPS standard for government departments and agencies that offer online services to the public.

An HTTPS connection is an indicator of legitimacy, integrity and data confidentiality.

Departments and agencies must use up-to-date encryption for all external website connections. This includes eliminating old versions of HTTPS with known security issues.

These HTTPS standard efforts are part of the Government of Canada’s Digital Operations Strategic Plan: 2018-2022.

Related links

• Implementing HTTPS for Secure Web Connections: Information Technology Policy Implementation Notice (ITPIN)
• Digital Operations Strategic Plan: 2018-2022
• General and technical enquiries for the Treasury Board of Canada Secretariat
• Contacts by department or agency