HTTP vs HTTPS: What's that all about?

A shield and lock obscured by a stream of random text. Representing security by encryption.

Introduction

Have you ever wondered why some websites start with http:// and some have https:// before their name? This article explains what they are and why websites should support HTTPS.

What is HTTP?

A Uniform Resource Locator (URL) identifies a website and points where to find it, e.g. https://OurWebMastery.com. The prefixes http:// or https:// specify how to talk with that website. The Hypertext Transfer Protocol (HTTP) is the foundation of communication for the World Wide Web, where anyone from anywhere can easily access information. Development of the HTTP protocol started in 1989 and was first published in 1991.

Hypertext is a document displayed on an electronic device that includes information and references (hyperlinks) to other documents, images and videos. Webpages are often written in the Hypertext Markup Language (HTML).

What is HTTPS?

Hypertext Transfer Protocol Secure (HTTPS) extends the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a network. HTTPS was created in 1994 and formally specified in 2000. The goal of the extension was to authenticate a website and protect the privacy and integrity of the information exchange as it travels between computers. It uses block cyphers to encrypt the communication between a browser and a website to protect against eavesdropping and tampering.

What are the differences between HTTP and HTTPS?

HTTP creates a communication channel between a web browser and a website that is NOT secure, and so has the potential to be overheard.

HTTPS creates a secure communication channel between a web browser and a website.

  • Firstly, by checking the website server computer’s certificate, the protocol authenticates that a website is who it says it is.
  • Secondly, the protocol encrypts the information exchanged over the channel.

What are certificates, and how do they work?

The server computer that hosts a particular website sends out a unique certificate. The certificate must be signed by a trusted Certificate Authority to prove it is valid. The certificate means that a web browser can confirm that the server computer hosting a website is the rightful host of that website. The certificate stops a rogue website from impersonating that website.

Secure the Internet. Don’t use websites with HTTP.

All websites should support HTTPS. There is no good reason not to. Many web browsers enforce this, and good web hosting companies (like OurWebMastery.com) always redirect http requests to https to enforce this.

HTTPS is essential when connected to an unsecured network, such as public Wi-Fi at cafes, sports venues, hotels, and airports. Public networks are shared networks that allow anyone to see the information being exchanged. HTTPS encrypts your information to protect it while connected to public networks.

Conclusion

The World Wide Web is made from documents, images, and videos described and referenced in Hypertext and identified/located using URLs, all delivered using HTTP.

HTTPS extends HTTP and creates a secure communication channel between web browsers and websites.

Most websites support HTTPS, and all should. 

Help secure the Internet. Don’t use websites with HTTP.

References

https://en.wikipedia.org/wiki/HTTP

https://en.wikipedia.org/wiki/HTTPS

Further Reading

See our article “Malware – Good practices for WordPress site owners” for more details on reducing the risk of attacks on your website.

See our article “Passwords – Good practices for WordPress site owners” for more details on securing your website.

Get started today

With OurWebMastery you get the features and tools you need to build your website.