The web has evolved from hypertext to a powerful application platform. Powerful features like Geolocation, Push Notifications and Service Workers raise the stakes for application security. Only HTTPS can guarantee integrity, confidentiality and authenticity of those web applications. We will cover deployment best practices that to strike a practical balance between security and compatibility. This includes a small digression into the inner guts of TLS to discuss cipher suites as well as certificate switching. This talk also covers major deficiencies of the certificate ecosystems and demonstrates how to thwart the risks of misbehaving or even compromised Certificate Authorities with techniques like HTTPS Public Key Pinning or Certificate Transparancy