1993

• Ari Luotonen added Access Authorization to CERN server and libwww.

1994

• Eric Rescorla and Allan Schiffman developed Secure HTTP at EIT.
• CommerceNet demonstrated a secure credit card transaction with a browser.
• Netscape presented SSL 1.0 to the W3C. Phillip Hallam-Baker and Alan Schiffman broke it 10 minutes later..
• Netscape introduced a browser and server with SSL 2.0 and the HTTPS protocol.

1995

• Open Market released Secure WebServer with SSL and S-HTTP protocols.
• The Spyglass browser and server support SHTTP.
• RSA Security spins off VeriSign as the first certificate authority. Thawte was the second.
• Eric A. Young developed SSLeay.
• Community ConneXion released Apache Stronghold..
• Digest Access Authentication for HTTP developed by Phillip Hallam-Baker at CERN.

1996

• Netscape releases SSL 3.0.

1998

• OpenSSL is forked off SSLeay.

1999

• Netscape surrenders control of the SSL protocol to the IETF. It is renamed TLS.

2000

• CAPTCHA first used.

2005

• Brad Fitzpatrick developed OpenID.

2007

• OAuth standard introduced.
• CORS standard introduced.

2010

• JWT introduced.

2011

• Thai Duong and Juliano Rizzo presented their BEAST (Browser Exploit Against SSL/TLS) research paper.

2012

• HTTP Strict Transport Security (HSTS) specification is published.

2013

• Certificate Transparency introduced.

2014

• Google Security Team discovers POODLE vulnerability against SSL 3.0 and Heartbleed vulnerability against OpenSSL.

2015

• Let‘s Encrypt begins issuing certificates.

2016

• W3C published WebAuthn standard.