A large number of websites of schools and educational institutions still do not use a secure HTTPS connection. A test done by Open State Foundation with the online dashboard Pulse (pulse.openstate.eu) shows that out of 6,431 unique domains of Dutch schools, only one third supports a connection that ensures communications between the website and a user’s browser are encrypted.
Only 32% of the schools surveyed websites support HTTPS. 590 of the websites with an HTTPS connection did not enforce HTTPS, leaving visitors without HTTPS at 77% of the surveyed school sites. Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. It means all communications between your browser and the website are encrypted.
Primary, special and secondary education
Of the researched websites in primary education only 29% support HTTPS. Only one-fifth of these websites enforce HTTPS. Websites in special education do not score much better. Of the 466 unique domains in special education, 71% do not have a secure HTTPS connection. In secondary education, 46% of the websites studied have an HTTPS connection. In schools with secondary vocational education the percentage of websites with an HTTPS connection was lower than in secondary schools with HAVO or VWO level.
Intermediate vocational education
The websites of schools in intermediate vocational education are better protected. 77% of the researched websites in intermediate vocational education have a website with an HTTPS connection and are enforced at 74%.
Websites of schools in higher education score the best. There, most websites are secured with an HTTPS connection. 82% of websites in higher professional education and websites of universities have an HTTPS connection that is enforced at 76% and 82%, respectively.
Unsecured forms and logins
A sample of the researched websites also shows that different schools have online contact forms, login possibilities, subscribe forms and forms to notify ilness on unsecured websites.
In December 2016, Open State Foundation launched the Pulse online dashboard (pulse.openstate.eu) in the Netherlands where users can see whether a government website supports a secure HTTPS connection. Since then, the number of government websites supporting HTTPS has grown from 44% to 70%. In August, Open State Foundation examined with Pulse the websites of healthcare sites that showed that only a third of the 22,393 researched websites of healthcare providers support an HTTPS connection. At the beginning of 2017, the government indicated that it wanted to require HTTPS for all government websites.