When you open a website in web browser you might have noticed the website URL starts from either http or https. HTTPS is used in banking websites, social networking sites and all those websites which involve your personal information while many other websites still uses http. But do you know what exactly the difference between the two is? Both of these protocols allow you to get your requested information from intended web server but they are still different in a sense that one of the protocols is more secure than the other. After reading this article you will have a clear idea of both of them.
At first I will explain you deeply about both the protocols and in the end you will get to know about the differences. So, let’s get started.
What is HTTP?
HTTP stands for “Hypertext Transfer Protocol”. It is the set of rules and standards which allows an exchange of information between the web browser and web server. The exchanging information is in the form of “hypertext”; according to Wikipedia hypertext is the text displayed on a computer display or other electronic devices with references (hyperlinks) to other text that the reader can immediately access. In simpler terms, hypertext is the document which contains links to other documents. Let me give you an example and it will be more clear; when you type any keyword in the search bar of web browser your web browser shows you multiple hyperlinks and by clicking on one of them you move to another document, this is what hypertext means. Now, let’s understand how HTTP allows exchanging of hypertext over World Wide Web.
When the web server gets a request from the client or web browser it processes the request and sends the requested web pages using HTTP. HTTP is an application layer protocol which means it is built at top of TCP (Transmission Control Protocol). Both OSI model and TCP/IP model have application layer because it allows exchanging of information from application layer of one host to the application layer of other remote host.
HTTP is a stateless protocol which means it do not remembers the previous transaction when it is processing the current transaction. In other way, we can say that it process each transaction as an independent transaction. When your browser sends a request to the web server the server processes the request and sends back the response without knowing that the request was coming from the same client and because of this reason HTTP is also considered as connectionless protocol. When web client sends the request then web server sends the response and then connection is disconnected. It means that both of them are aware of each other only till the current request. Compare it with POP3, a stateful protocol; as soon as you type for authentic user id immediately it asks you for password because it remembers the previous command which is user id.
HTTP sends information in form of plain text and that is the reason why it is unsafe to use for exchanging confidential information like bank account details, user id passwords, etc. Any data which is not meant to be shared with the third party at any cost is known as confidential information and sending such information is even more risky if you do not use any encrypting techniques. You might be thinking what I mean by encryption. So let me give you an overview. When sensitive information is to be sent over a communication network it should be encrypted or encoded using encryption mechanism so in case if any malicious user tries to access the information he/she will not be able to decrypt or decode the information easily.
Because of all the above shortcomings HTTPS was introduced. It is more enhanced version of HTTP and it is specially used for exchanging confidential information. Let’s get deep understanding of HTTPS too.
Also Read – What is URL?
What is HTTPS?
HTTPS stands for “Hyper text Transfer Protocol Secure”. HTTPS is similar to HTTP and only difference is the extra “s”. It is known to be more secure than HTTP because it provides several advanced features which HTTP does not provide. As per explanation given by developers.google.com in its documentation, HTTPS is an internet communication protocol that protects the integrity and confidentiality of data between the user’s computer and the site. In layman’s terms, it protects your sensitive data from malicious users who wants to listen to the private conversation and also protects it from getting corrupted or modified during transmission over communication network.
HTTPS uses TLS (Transport Layer Security) which provides confidentiality, integrity and authentication mechanism which makes it more secure than HTTP. As I have discussed above, confidentiality and integrity are the features that ensures the exchanging information should be securely transmitted over the communication network. Authentication is another key feature of TLS which ensures the communication is taking place between the intended users.
Also Read – Search Engine vs Web Browser
Difference between HTTP and HTTPS
Now, you are well aware about HTTP and HTTPS, have a look at their differences too.
- HTTPS uses cryptographic protocols such as TLS and/or SSL which makes the communication more secure over the web.
- HTTP is a stateless protocol whereas HTTPS is a stateful protocol; HTTPS ensures that at first secure connection will be established between the web browser and web server and then they exchanges hypertext over the communication network. The connection is closed only when two parties do not want to communicate further. Now you know, why HTTPS is considered as a connection oriented protocol while HTTP is a connectionless protocol.
Main differences are highlighted below in the tabular form. Have a look at that too.
|If information is exchanged through HTTP then URL begins with http://
|If information is exchanged through HTTPS then URL begins with https://
|It uses port number 80 for communication.
|Https uses port number 443 for communication.
|It is unsecure for transferring sensitive data.
|It is secure for transferring sensitive information as it uses SSL and/or TLS cryptographic protocols.
|It works at Application Layer of the OSI model.
|It works at Transport Layer of the OSI model.
|Http sends plain text to the receiver.
|It first encrypts the data using cryptographic algorithm and then sends the data to receiver.
|HTTP does not require any certificates.
|HTTPS requires SSL certificates.
|It is connectionless protocol.
|It is connection oriented protocol.
|It is stateless protocol.
|It is stateful protocol.
HTTP is an application layer protocol and HTTPS is the transport layer protocol of OSI model. Both the protocols are used to exchange hypertext over the World Wide Web. HTTP is considered a secure protocol for sending sensitive information over the web so HTTPS is used when data is confidential and needed to be sent over a secure network. HTTPS uses cryptographic protocols which provide confidentiality, integrity and authenticity.
Any thoughts on how online transactions take places securely?