HTTP stands for Hypertext Transfer Protocol

When you enter http:// in your address bar in front of the domain, it tells the browser to connect over
HTTP. HTTP uses TCP (Transmission Control Protocol), generally over port 80, to send and receive
data packets over the web.

To put it simply it is a protocol that’s used by a client and server which allows you to communicate
with other websites. The client sends a request message to an HTTP server (after the TCP handshake)
which hosts a website, the server then replies with the response message. The response message
contains completion status information, such as HTTP/1.1 200 OK. If there is a problem with an
HTTP request there is a list of status codes which inform your browser so that you can better
troubleshoot what the problem might be. The way the user-agent handles the response depends upon
the code and the response header fields.

For example, a 404 Not Found error means the the content either does not exist or has been moved. Or
another common example is a 502 Bad Gateway error which could mean that the domain name is not
resolving to the correct IP or it does not resolve to any IP.

HTTPS stands for Hypertext Transfer Protocol Secure (also referred to as HTTP over TLS or
HTTP over SSL). When you enter https:// in your address bar in front of the domain, it tells the
browser to connect over HTTPS.

Generally sites running over HTTPS will have a redirect in place so even if you type in http:// it will
redirect to deliver over a secured connection. HTTPS also uses TCP (Transmission Control Protocol)
to send and receive data packets, but it does so over port 443, within a connection encrypted by
Transport Layer Security (TLS).

HTTPS transmits its data security using an encrypted connection. Basically it uses a public key which
is then decrypted on the recipient side. The public key is deployed on the server, and included in what
you know as an SSL certificate. The certificates are cryptographically signed by a Certificate
Authority (CA), and each browser has a list of CAs it implicitly trusts. Any certificate signed by a CA
in the trusted list is given a green padlock lock in the browser’s address bar, because it’s proven to be
“trusted” and belongs to that domain. Companies like Let’s Encrypt have now made the process of
issuing SSL certificates free.

Never enter your credit card details on websites that run over HTTP. The main purpose of using
HTTPS is for security and privacy reasons. When the data is encrypted this means nothing is passing
in plain text. A lot of people might question whether they need to bother with HTTPS on smaller sites,
like a blog, but remember even your login page should be encrypted.

Difference Between HTTP And HTTPS

1. HTTP URL in your browser’s address bar is http:// and the HTTPS URL is https://.
2. HTTP is unsecured while HTTPS is secured.
3. HTTP sends data over port 80 while HTTPS uses port 443.
4. HTTP operates at application layer, while HTTPS operates at transport layer.
5. No SSL certificates are required for HTTP, with HTTPS it is required that you have
an SSL certificate and it is signed by a CA.
6. HTTP doesn’t require domain validation, where as HTTPS requires at least domain
validation and certain certificates even require legal document validation.
7. No encryption in HTTP, with HTTPS the data is encrypted before sending.
Scanned by CamScanner
Scanned by CamScanner