Before I started using a VPN regularly a few years ago, I was in a bit of a pickle. I knew that HTTPS encrypted the sites and the VPN encrypted my connection… but what happens when I combine the two? Can a VPN actually spy on me? And if I’m using a secure site, like my bank or e-commerce site, what else does the VPN actually see?
All of this made me want to go a little deeper. And here’s the result – a detailed analysis that explains what a VPN can (and can’t) see about you, how HTTPS works, and why combining the two technologies is crucial for online privacy.
Can the VPN see what I’m doing on HTTPS sites?
Short answer? It can’t. The long answer is much more interesting.
When I visit a site that uses HTTPS (and most sites do these days – you can tell by the padlock next to the address), my communication with that site is encrypted. That means that even if someone gets to the data flowing between me and the site, all they’ll see is a jumble of nonsense – no passwords, no card numbers, no messages.
A VPN adds another layer of protection – a tunnel through which all my data flows. And that’s encrypted, too. So I have a cipher inside another cipher. And that’s great news.
Thus, the VPN does not see the specific content of the HTTPS traffic. It doesn’t see what you type into forms, what articles you read, or what you buy. But…
What does the VPN actually see?
It’s a little more complicated here. Even if the VPN can’t see the specific content of your activity on the encrypted site, it can still access some metadata:
- Your real IP address
- IP address of the website you are visiting
- The time you started and ended the connection
- Volume of data transferred
- Device type, system or browser
For example, if you’re reading this article through a VPN, the provider knows you’ve visited BestSafeVPN.com (or any other site), but it can’t see that you’ve clicked on this article.
Here’s an important note: not every VPN plays fair. While reputable services (like NordVPN or ExpressVPN) have strict no-logging policies, free VPN apps often collect, store, and sell whatever they can.
That’s why I always say: with a VPN, you either pay with money or with your data. And I personally choose the former.
How does HTTPS work and what exactly does it encrypt?
HTTPS – Hypertext Transfer Protocol Secure – is an enhanced version of the classic HTTP. It’s like sending your letters not in an ordinary envelope, but in a safe with a biometric lock.
What does https encrypt?
- What you do on the site – clicks, forms filled out, messages sent
- Transferred data – images, texts, scripts
- Your communication with the web – that is, what goes between your browser and the server
What does https not hide?
- The IP address of the site you are connecting to
- Your own IP address (if you don’t use a VPN)
- Domain name (via SNI – Server Name Indication)
So even if HTTPS does a great job of protecting the content of your visit, your ISP or a poorly configured Wi-Fi network can still track what domains you go to. This is where a VPN comes in as the perfect complement.
Why does the combination of VPN and HTTPS make sense?
When I started combining VPN and HTTPS, I thought, “Isn’t this a bit overkill?” But the more I found out about it, the more it started to make sense to me.
Each of these tools solves a slightly different problem:
- HTTPS protects the content of communications between you and the site.
- A VPN encrypts all your internet traffic while hiding your IP address.
It’s like talking to a friend on the phone in a secret language (HTTPS), but also renting a secure phone line that can’t be tapped (VPN). Double security.
And this combination is the key to true online privacy. A VPN hides where you’re connecting, and HTTPS ensures that even if someone were to look into your traffic, they wouldn’t see what you’re reading or writing.
How do you know if a VPN is really secure?
I’ll admit it here – a few years back I fell into the trap too. I downloaded a “top rated free VPN” from the App Store, turned it on, and felt like I was safe. But whoops – a month later, weird ads started coming in and my email was flooded with spam.
Only in retrospect did I find out that the VPN was beautifully “tunneling” not only my traffic, but also my data to somewhere in China.
Since then, I’ve stuck to a few basic rules:
🔒 Strong encryption
Without that, we’re not talking anymore. The ideal is AES-256, which is the standard used by the military. If the VPN uses something weaker, get away from it.
📜 No-logs policy
Every reputable VPN provider has a clear statement on their website: we don’t collect any information about your activity. Better yet, have it independently audited. NordVPN, ExpressVPN, Surfshark and others do this to a tee.
🧪 Independent audit
I only trust VPNs that have had their systems crawled by a third party. If everything’s clean, they have nothing to hide.
🌍 Safe Seat
When a VPN is headquartered in a country where the government requires data transfer, it’s a problem. On the other hand, services based in countries like Switzerland or Panama have much better legal privacy protection.
🧠 Extra features
For example, a kill switch (disconnects you from the internet when the VPN goes down), split tunneling (you choose what goes through the VPN and what doesn’t), DNS leak protection, or multi-factor authentication. These are the details that make an average VPN top-notch.
Personal recommendation: these ones passed me
Based on my own experience and long-term testing, I could recommend three proven services:
- ExpressVPN – Top speed, extremely easy to use and one of the cleanest track records when it comes to security. Works great for streaming too and has servers all over the world.
- NordVPN – Offers features like Double VPN, which is an extra layer of encryption. A great option if you want maximum security, yet very reasonably priced.
- CyberGhost – Best value for money. Easy to use, strong security and a great app even for beginners. Plus extra features like automatic blocking of malicious sites.
VPN that I personally recommend
Frequent questions I get
Can the VPN see my passwords or card number?
No. If you’re on an HTTPS-protected site, all data between you and that site is encrypted. The VPN can’t see through them – at most, it can see that you’ve gone to a specific domain.
Is the VPN slowing down your internet?
Yes… but. It depends on the quality of service. Cheap or free VPNs can really drag down speeds. But quality services like ExpressVPN or NordVPN have such fast servers that you’ll hardly notice the difference. I myself watch 4K videos through a VPN without a hitch.
Is it legal to use a VPN?
In most countries, yes. But I always recommend checking with the specific legislation. In China or Iran, for example, you may run into problems.
👉 In conclusion, there’s only one thing I can say: a VPN isn’t a magic wand, but if you combine it with HTTPS, you get almost bulletproof online privacy. And when you choose a proven VPN, you can really rest easy – no snooping, no leaks, just safe and private surfing.
If you want specific tips, drop me a line – I have other experiences with other VPNs in my backup. But the main message is clear: HTTPS + VPN = secure internet.
