What is the Difference Between HTTP and HTTPS?

Before jumping into HTTPS, let’s first discuss what the acronym HTTP stands for. HTTP, HyperText Transfer Protocol, is an application protocol for information to be passed back and forth between web servers and clients.

HTTPS is a communications protocol for secure communication. As you might have guessed, the ‘S’ in this acronym stands for secure.

Going a bit deeper into technical details, it should be mentioned that HTTPS protocol is actually a combination of HTTP and protocols called SSL/TLS (Secure Sockets Layer or its successor, Transport Layer Security). The latter are responsible for adding security capabilities to HTTP.

In order to know whether HTTP or HTTPS protocol are being used on a website you’re visiting, just look at the address bar of your browser.  Usually, it’s not only the last ‘S’ that will tell you that you are protected – there are also some easily recognizable visual effects.

Here is how HTTPS is implemented in Chrome. Note the padlock and green text:

Clicking on the padlock will show additional information about the current connection. You can see that this connection uses TLS 1.0 protocol, which is responsible for security. Also, notice the terms such as “Certificate”, “256-bit encryption” and “CA”. CA in this context stands for Certificate Authority or Certification Authority. Look out for a future blog post that will cover these terms more thoroughly.

In Chrome, from time to time you’ll notice HTTPS  being highlighted in red, instead of green. When appearing in red it might have some other visual effects, including having the text of the HTTPS crossed out by a line. This means that your current connection is not entirely secure. There are various reasons this could be the case – in order to see the particular cause click on the padlock for additional information.

This is also Chrome, but protocol is not secured:

Some websites support both HTTP and HTTPS. If you have the option to choose between the two and have a decent Internet connection and relatively modern hardware – go ahead and use HTTPS. There is no harm in adding extra security.

Not every website needs to have HTTPS protocol. That little extra ‘S’ at the end is really important when you are sending or receiving sensitive information, but if you are not performing either of those actions you might be okay with HTTP.

With the Internet playing a larger role in our lives, one of the most important things you can do is invest some time in learning some of the basics of Internet security. A little investment in some extra knowledge could have the potential to protect you in the future. A little investment from this particular blog post is this – make sure to use HTTPS when dealing with private, sensitive information.

Are there other security terms you’d like a little clarity on? Let us know in the comments below.

Add Comment