← Back to Glossary

HTTP vs HTTPS

by Iwan Price-Evans on Web technology • May 23, 2022

HTTP and HTTPS are what you see at the beginning of all website URLs on the public internet. Both HTTP and HTTPS are protocols for fetching files such as HTML or images across the internet. HTTPS traffic is secured by encryption while HTTP traffic is not secure.

What Is The Difference Between HTTP And HTTPS?

What is HTTP?

HTTP, or HyperText Transfer Protocol, is the protocol that underpins the exchange of data on the Web. It's a client-server protocol which, in practice, means that a client such as a web browser can request website files from a web-server.

When visiting a site using a web browser, all of the necessary files needed to display the web page are requested from the server. The browser requests a document and all of its parts, text, images, videos, layout information, and scripts that add functionality to the page.

The protocol enables messages to be exchanged between the browser and the server. A browser will send request messages to the server and the server will reply with response messages. These messages are the basis of how web browsing works.

What is HTTPS?

When the internet was in its early stages HTTP was the default protocol for exchanging messages. However, HTTP is not secure and so it's possible for the information being exchanged between the browser and the server to be intercepted.

When using standard HTTP to submit data across the internet the data is sent in plain text making it vulnerable. A hacker, that could be anywhere on the internet, can listen in as that data is being transferred and steal or modify the information. This type of interception is known as a "Man In The Middle" attack. HTTPS was created to solve this problem.

HTTPS, or Secure HyperText Transfer Protocol, is HTTP with a security feature, making it more resilient to cybersecurity threats. This security feature is called SSL (Secure Socket Layer).

How Do HTTPS And SSL Work?

SSL was first created by Netscape and published in 1995. It was redesigned in 1996 and again in 1999. SSL encrypts HTTP data ensuring the security of all the data being transferred between browsers and servers.

It is impossible to read data being transferred using HTTPS. The protocol does this by using encryption algorithms to encrypt, or scramble, the data before the transfer. The data is then unencrypted or unscrambled when it's received at the other end.

SSL encryption is another term commonly used to refer to HTTPS. SSL has now been replaced by TLS and so you may see it referred to as SSL/TLS.

Learn more about SSL.

Do I Really Need HTTPS?

HTTPS is now the standard protocol used by websites on the internet. In recent years, website owners have been encouraged to use HTTPS by tech giants like Google. Google changed its search results to prioritize websites that use HTTPS over HTTP, meaning that HTTPS websites will feature higher in their search rankings.