We all benefit from the ex­traordin­ary variety of websites on the internet. En­ter­tain­ment, in­form­a­tion, in­spir­a­tion, services, and more are available in seemingly endless supply. Un­for­tu­nately, not all websites are benign. Just like in the real world, there are shady busi­nesspeople, criminals, and organised crime. For example, online banking users might be lured to a fake website so that their access in­form­a­tion can be stolen. As another example, someone might install a public WLAN hotspot to secretly intercept com­mu­nic­a­tion taking place.

Initially, all data traffic on the World Wide Web was handled openly in plain text and could be easily hacked. The HTTP protocol deals with the com­mu­nic­a­tion between the client (i.e. the web browser) and the web server without en­cryp­tion. This makes criminal activ­it­ies such as spying on metadata and man-in-the-middle attacks easier.

HTTPS was developed to make the web more secure. Here you will learn what HTTPS is and how it works.

Cheap domain names – buy yours now
  • Free website pro­tec­tion with SSL Wildcard included
  • Free private re­gis­tra­tion for greater privacy
  • Free Domain Connect for easy DNS setup

What is HTTPS?

HTTPS stands for ‘Hypertext Transfer Protocol Secure’ . The transfer protocol is the language in which the web client – usually the browser – and the web server com­mu­nic­ate with each other. HTTPS is the version of the transfer protocol that uses encrypted com­mu­nic­a­tion.

The purpose of HTTPS

HTTPS performs two functions:

It encrypts the com­mu­nic­a­tion between the web client and web server. This is intended to prevent an un­au­thor­ised third party from in­ter­cept­ing the com­mu­nic­a­tion, such as by mon­it­or­ing WLAN network traffic.

The web server is au­then­tic­ated by sending a cer­ti­fic­ate to the web client at the start of the com­mu­nic­a­tion. This certifies that the domain is trust­worthy. This measure helps to combat scams coming from fake websites.

The dif­fer­ence between HTTP and HTTPS

How are HTTP and HTTPS different? The simple answer is that, tech­nic­ally speaking, they are not different at all. The protocol itself (i.e. the syntax) is identical between the two versions.

The dif­fer­ence is that HTTPS uses a par­tic­u­lar transport protocol called SSL/TLS. It is not the protocol itself but rather the transfer method that is secured. This can be il­lus­trated through the following analogy:

  • Two people are talking to each other over the phone.
  • They are using a shared language to com­mu­nic­ate with each other, i.e. HTTP.
  • The telephone con­nec­tion for their con­ver­sa­tion in HTTP is unsecured. If they were to com­mu­nic­ate using HTTPS, it would be more secure pre­vent­ing anyone from listening in.

The following table sum­mar­ises the most important dif­fer­ences from the user’s per­spect­ive:

HTTP HTTPS
Transfer Un­en­cryp­ted Encrypted
Cer­ti­fic­ate No Yes
Port number 80 443
URL address http:// https://

All current web browsers warn the user if they are trying to access a website using the HTTP protocol.

Image: Table with screenshots of the address bar for Chrome, Firefox, Opera, and Edge
In­dic­a­tion of the security standard used in the address bars for different browsers.

If you click on the icons on the left in the address bar, you will receive ad­di­tion­al in­form­a­tion:

Image: Screenshot of the information box that appears after clicking on the icon
Clicking on the icon opens an in­form­a­tion box.

Depending on the browser and security settings used, the software may refuse to open an unsecured website or display a warning instead of the website.

How does HTTPS work?

HTTP itself is not re­spons­ible for security. The un­der­ly­ing transport protocol is. So, what is the dif­fer­ence?

The HTTP protocol only controls how the content being exchanged between web clients and web servers must be struc­tured. The transport protocol, on the other hand, controls how data streams are trans­ferred between computers. For example, it ensures that no data packets are lost. The standard transfer protocol is called TCP (the Trans­mis­sion Control Protocol). This is used by HTTP.

There is an extension to this transport protocol that encrypts data streams. This extension is called TLS (pre­vi­ously SSL). Any com­mu­nic­a­tion sent using this transport protocol is encrypted so that only the actual recipient (i.e. the web browser or web server) can read the trans­ferred content.

If the URL given is preceded by https://, the web browser auto­mat­ic­ally adds the port number 443 to it. This number tells the receiving computer that it should com­mu­nic­ate using TLS/SSL.

Why HTTPS en­cryp­tion is important

The ability of hackers to spy on and ma­nip­u­late websites is growing. It is, therefore, important to encrypt data streams – es­pe­cially in publicly ac­cess­ible networks, such as public Wi-Fi hotspots.

HTTPS is the new standard. Websites without HTTPS are now flagged or even blocked by current web browsers. What’s more, HTTPS probably has a positive effect on a website’s Google ranking, although Google has not yet ex­pli­citly confirmed this.

The European General Data Pro­tec­tion Reg­u­la­tion (GDPR) stip­u­lates that websites must be kept up to date with the latest security standard – and that currently means HTTPS.

Tip

In our follow-up article, you will learn how to convert your website to HTTPS.

Go to Main Menu