Google, Firefox, and the IETF are currently engaged in significant initiatives to convert the Web to be secure by default. Page ranking, exciting new browser APIs, and HTTP/2 are all pushing websites to require HTTPS. An HTTPS-only web is imminent. Do you know how to configure HTTPS properly? According to SSL Pulse, 75% of the top 1 million websites that use HTTPS are not actually secure because of misconfiguration. In my talk, I will discuss the key aspects of HTTPS to empower developers to deploy truly secure HTTPS sites.