How to check if website is secure using PHP


I'm quite new in security (certificates) and not understand how it works.   I have IIS server and certificate is installed. I can open my website in two different ways:  http://website and  'https://website'.  When I open it as http then in address bar I can see that says website is not secure if i open it as https then padlock appears.  But I'm not understand where is security in this case. How to control it with php?  I can check if site has $_SERVER['HTTPS'] != 'on' and then let user to access but if i remove certificate from the server i still can access as 'https' but browser says that is not secure site but $_SERVER['HTTPS'] still showing as on  How can i control security?


If you access a web page via https the browser encodes you request with SSL.  If you access a web page via your reauest is not encoded.  The certificate is just the proof for the user that the encoding is safe. The variable $_SERVER['HTTPS'] just says whether the user accessed the page via https or http.