HTTP vs HTTPS
Introduction
Have you ever noticed the URL box of the website you visit? You must have seen that every website URL start with either a symbol of a 'lock' icon or a 'not secure' message written before the www. Today in this blog, we are going to look at what those symbols mean and their importance. So, let's dive in.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. It is a set of rules through which two devices communicate with each other. When we type the URL of any website in our web browsers, it generates HTTP request to the web server which hosts the website. The web(host) server then responds with HTTP, which includes the requested web page and other information such as the status of the request, any error messages, or information related to the content of the website. Due to this nature, it is also called as request-response protocol. It is the part of application layer protocol in the OSI model.
It is a connection-less protocol because after the connection is closed, the server does not remember anything about the client and the client does not remember anything about the server.
It is also a stateless protocol as both the client and server know each other only during the current request. Due to the nature of the protocol, both the client and server do not retain the information between various requests of the web pages.
What is HTTPS?
In HTTP, while sharing the information between the client and server over the internet, it goes as it is(without encrypted), due to this there is a risk of having user confidential information such as passwords, and credit details being compromised or hacked. To avoid this from happening, the extension of HTTP as HTTPS is being introduced which is more reliable and trusted as it comes with security that helps to keep data encrypted. 'S' in HTTPS stands for 'secure' making it difficult for hackers to steal or penetrate confidential data. Almost all banks and E-commerce sites have HTTPS.
SSL/TLS Encryption
HTTPS uses an encryption protocol to encrypt communications. The protocol is called as Transport Layer Security (TLS), formerly known as Secure Sockets Layer (SSL).
It uses asymmetric public key infrastructure to encrypt the communication between two parties.
The two keys used by this are Private and Public. Private Key available on the web server, managed by the owner of the website. It helps in decrypting the information encrypted by public key. Public Key is available to everyone and it helps in converting data to the encrypted form.
With encryption, whenever the data is transmitted between the client and server, it transmits in the form of non-sensible or randomly generated characters which make it difficult for others to understand.
Difference
| HTTP | HTTPS |
| Less Secure. Data can be Hacked. | Comes with SSL Certification, more Secure. |
| Good choice for websites that contain information such as blogs. | Good choice for websites asking for private information such as credit card details. |
| Page loading speed is fast. | Page loading speed is slower than HTTP |
| Does not improve search ranking | Improve search ranking |
| It is application layer protocol. | It is transport layer protocol. |
