What is the Difference Between HTTP & HTTPS?
Have you ever noticed that some websites have an address that starts with HTTP://, while others start with HTTPS://? This page is all about explaining the basics of HTTP, how it works, and what that extra S means. We'll cover why it's important for consumers and people visiting websites, and also for the people that own and operate websites, too.
HTTP stands for HyperText Transfer Protocol.
It's the protocol that is used by the world wide web to transmit information all around the world, from our computers, on our phones, and has been in use since all the way back in 1990.
It's how servers and browsers communicate to one another. Don't confuse it with HTML, which stands for HyperText Markup Language, which is the actual (most basic) coding language that defines how a website will look and act once you arrive there, because it's the HTTP that helps you get to the website in the first place.
Your webbrowser, on the basic level, is essentially an HTTP client. You have an email client for handling email, you may use a dedicated client for reading RSS feeds or even newsgroups back in the day, and along that same path of functionality is the web browser and HTTP. It's not something we ever really have to think about on a day to day basis, but it's something most of us use dozens, or even hundreds of times a day. When you open a browser, click a link, or type in a URL… you're taking advantage of the HTTP to connect you to the websites you want to see.
So, what does it mean when there's that extra S at the end?
The major problem with HTTP is that it's not encrypted, and not secure. This was fine for simple things like browsing the web and looking up sports scores or whatever, but when we started using the internet frequently for more important things like private chats and messages, or doing on-line banking, or any type of online shopping, obviously we started dealing with more sensitive data and needed a way to make it much more safe and secure, even for people who aren't security experts and aren't going to take extra steps to protect themselves or their data. If it's any extra steps, there's a lot of users who aren't going to do it. The internet needed a way for website owners to make extra security and protection automatic for their visitors…
That little S in HTTPS actually stands for “secure“, it's an encrypted version of the protocol ensuring that bad actors can't pick up on data that's transmitted over secure websites.
This makes it safer to do online banking, and all of the rest of the things we do online, since the data isn't just floating around out there in the open, it's encrypted and secure. You should be very weary of sites that require memberships, payments, or any sensitive or private information that aren't using HTTPS.
The Importance of HTTPS and the Difference Between HTTP
As a consumer, it's definitely something to look for. It inspires trust, it's more safe and secure, and once again – you want to see it when you're trusting a site with any kind of private or sensitive information whatsoever.
What about for webmasters and people who run their own websites?
Recently, Google announced that they were going to be favoring websites using HTTPS in their search engine, which sent many people scrambling to switch their sites over. It's a bit of a to-do, but generally speaking it's not a bad idea. It requires a site to have an SSL certificate, and those can be obtained anywhere from free, or for a few bucks a month, or for hundreds of dollars – just depending on a number of factors.
These days, it's really the bare minimum level of protection that websites should afford their visitors. It's not just for eCommerce stores or banks anymore, it's becoming more and more common among all types of sites, even strictly informational sites that aren't collecting any information from the visitor whatsoever.
Moving forward, most websites will be using HTTPS in favor of HTTP, and we can only imagine that another protocol will eventually come along that will be even more secure. Website owners who take the time and effort to enact HTTPS are more likely to be more successful in a variety of metrics, according to various studies and surveys, including one in which the vast majority of shoppers would even abandon a purchase from a website that used HTTP instead of HTTPS.
If you're a developer or a webmaster, you might not imagine that the average person is all that savvy about the difference between HTTP and HTTPS, but they don't have to be because web browsers are more and more commonly adding warnings…
Have you ever had a security warning from a browser when you were on an insecure site? The most common and popular browsers will prominently let visitors know when a site/page is SECURE, and in turn they'll also display messages warning against sites that aren't secure. Could you imagine getting a message saying a site is NOT secure, and still following through with a purchase, let alone feeling comfortable browsing around at all?
For a variety of reasons, it's strongly recommended to use HTTPS for any new projects you're starting out, and it's also not a bad idea to switch over older websites, too. It's not just a matter of trying to “future-proof” your site, but also “now-proofing” it, too.
Customers and visitors want to see it, search engines want to see it, browsers want to see it, and website owners also stand to benefit, perhaps the most, from having a secure site – so it's really a no-brainer that we're going to see HTTPS being implemented at an increasing rate.